az security security-connector
This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Manage cloud security posture management (CSPM) and cloud workload protection (CWP) across multicloud resources.
Commands
Name | Description | Type | Status |
---|---|---|---|
az security security-connector create |
Create a security connector. |
Core | Preview |
az security security-connector delete |
Delete a security connector. |
Core | Preview |
az security security-connector devops |
DevOps configuration and operations. |
Core | Preview |
az security security-connector devops azuredevopsorg |
AzureDevOps Organizations. |
Core | Preview |
az security security-connector devops azuredevopsorg create |
Create monitored Azure DevOps organization details. |
Core | Preview |
az security security-connector devops azuredevopsorg list |
List Azure DevOps organizations onboarded to the connector. |
Core | Preview |
az security security-connector devops azuredevopsorg project |
Azure DevOps projects. |
Core | Preview |
az security security-connector devops azuredevopsorg project create |
Create a monitored Azure DevOps project resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project list |
List Azure DevOps projects onboarded to the connector. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo |
Azure DevOps repositories. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo create |
Create a monitored Azure DevOps repository resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo list |
List Azure DevOps repositories onboarded to the connector. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo show |
Get a monitored Azure DevOps repository resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo update |
Update a monitored Azure DevOps repository resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project repo wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
az security security-connector devops azuredevopsorg project show |
Get a monitored Azure DevOps project resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project update |
Update a monitored Azure DevOps project resource. |
Core | Preview |
az security security-connector devops azuredevopsorg project wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
az security security-connector devops azuredevopsorg show |
Get a monitored Azure DevOps organization resource. |
Core | Preview |
az security security-connector devops azuredevopsorg update |
Update monitored Azure DevOps organization details. |
Core | Preview |
az security security-connector devops azuredevopsorg wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
az security security-connector devops create |
Create a DevOps Configuration. |
Core | Experimental |
az security security-connector devops delete |
Delete a DevOps Connector. |
Core | Preview |
az security security-connector devops githubowner |
GitHub Owners. |
Core | Preview |
az security security-connector devops githubowner list |
List a list of GitHub owners onboarded to the connector. |
Core | Preview |
az security security-connector devops githubowner repo |
GitHub repositories. |
Core | Preview |
az security security-connector devops githubowner repo list |
List GitHub repositories onboarded to the connector. |
Core | Preview |
az security security-connector devops githubowner repo show |
Get a monitored GitHub repository. |
Core | Preview |
az security security-connector devops githubowner show |
Get a monitored GitHub owner. |
Core | Preview |
az security security-connector devops gitlabgroup |
GitLab Groups. |
Core | Preview |
az security security-connector devops gitlabgroup list |
List GitLab groups onboarded to the connector. |
Core | Preview |
az security security-connector devops gitlabgroup list-subgroups |
Gets nested subgroups of given GitLab Group which are onboarded to the connector. |
Core | Preview |
az security security-connector devops gitlabgroup project |
GitLab Projects (Repositories). |
Core | Preview |
az security security-connector devops gitlabgroup project list |
List GitLab projects that are directly owned by given group and onboarded to the connector. |
Core | Preview |
az security security-connector devops gitlabgroup project show |
Get a monitored GitLab Project resource for a given fully-qualified group name and project name. |
Core | Preview |
az security security-connector devops gitlabgroup show |
Get a monitored GitLab Group resource for a given fully-qualified name. |
Core | Preview |
az security security-connector devops list-available-azuredevopsorgs |
Returns a list of all Azure DevOps organizations accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
az security security-connector devops list-available-githubowners |
Returns a list of all GitHub owners accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
az security security-connector devops list-available-gitlabgroups |
Returns a list of all GitLab groups accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
az security security-connector devops show |
Get a DevOps Configuration. |
Core | Preview |
az security security-connector devops update |
Update a DevOps Configuration. |
Core | Experimental |
az security security-connector devops wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
az security security-connector list |
List all the security connectors in the specified subscription. |
Core | Preview |
az security security-connector show |
Get details of a specific security connector. |
Core | Preview |
az security security-connector update |
Update a security connector. |
Core | Preview |
az security security-connector create
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create a security connector.
az security security-connector create --name
--resource-group
[--environment-data]
[--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
[--hierarchy-identifier]
[--location]
[--offerings]
[--tags]
Examples
Onboard AWS Environment with CspmMonitor Offering
az security security-connectors create --location EastUS --name awsConnector --resource-group myResourceGroup --hierarchy-identifier 123456789555 --environment-name AWS --offerings [0].cspm-monitor-aws.native_cloud_connection.cloudRoleArn='arn:aws:iam::123456789555:role/CspmMonitorAws' --environment-data aws-account.scan-interval=24 aws-account.organizational-data.organization.stackset-name=myStackName aws-account.organizational-data.organization.excluded-account-ids="['100000000000', '100000000001']"
Onboard GCP Environment with CspmMonitor and DefenderCSPM Offerings
az security security-connectors create --location EastUS --name gcpConnector --resource-group myResourceGroup --hierarchy-identifier 123456555 --environment-name GCP --environment-data gcp-project.scan-interval=12 gcp-project.project-details.project-id=mdc-mgmt-proj-123456555 gcp-project.project-details.project-number=123456555 gcp-project.organizational-data.organization.service-account-email-address="mdc-onboarding-sa@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" gcp-project.organizational-data.organization.workload-identity-provider-id=auto-provisioner gcp-project.organizational-data.organization.excluded-project-numbers=[] --offerings [0].cspm-monitor-gcp.native-cloud-connection.service-account-email-address="microsoft-defender-cspm@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [0].cspm-monitor-gcp.native-cloud-connection.workload-identity-provider-id=cspm [1].defender-cspm-gcp.vm-scanners.enabled=true [1].defender-cspm-gcp.vm-scanners.configuration.scanning-mode=Default [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.enabled=true [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.service-account-email-address="mdc-containers-k8s-operator@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.azure-active-directory-app-name=mciem-gcp-oidc-app [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.workload-identity-provider-id=ciem-discovery [1].defender-cspm-gcp.ciem-discovery.service-account-email-address="microsoft-defender-ciem@mdc-mgmt-proj-123456555.iam.gserviceaccount.com"
Onboard AzureDevOps Environment
az security security-connectors create --location CentralUS --name adoConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d98 --environment-name AzureDevOps --environment-data azuredevops-scope='{}' --offerings [0].cspm-monitor-azuredevops='{}'
Onboard GitHub Environment
az security security-connectors create --location CentralUS --name githubConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d95 --environment-name GitHub --environment-data github-scope='{}' --offerings [0].cspm-monitor-github='{}'
Onboard GitLab Environment
az security security-connectors create --location CentralUS --name gitlabConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d93 --environment-name GitLab --environment-data gitlab-scope='{}' --offerings [0].cspm-monitor-gitlab='{}'
Required Parameters
The security connector name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The multi cloud resource's cloud name.
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector, GUID in case DevOps connector).
Location where the resource is stored.
A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az security security-connector delete
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete a security connector.
az security security-connector delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--yes]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The security connector name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az security security-connector list
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List all the security connectors in the specified subscription.
az security security-connector list [--max-items]
[--next-token]
[--resource-group]
Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token
argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az security security-connector show
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get details of a specific security connector.
az security security-connector show [--ids]
[--name]
[--resource-group]
[--subscription]
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The security connector name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az security security-connector update
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a security connector.
az security security-connector update [--add]
[--environment-data]
[--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--location]
[--name]
[--offerings]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>
.
The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The multi cloud resource's cloud name.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Location where the resource is stored.
The security connector name.
A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove>
OR --remove propertyToRemove
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>
.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI