שתף באמצעות


az security security-connector

This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage cloud security posture management (CSPM) and cloud workload protection (CWP) across multicloud resources.

Commands

Name Description Type Status
az security security-connector create

Create a security connector.

Core Preview
az security security-connector delete

Delete a security connector.

Core Preview
az security security-connector devops

DevOps configuration and operations.

Core Preview
az security security-connector devops azuredevopsorg

AzureDevOps Organizations.

Core Preview
az security security-connector devops azuredevopsorg create

Create monitored Azure DevOps organization details.

Core Preview
az security security-connector devops azuredevopsorg list

List Azure DevOps organizations onboarded to the connector.

Core Preview
az security security-connector devops azuredevopsorg project

Azure DevOps projects.

Core Preview
az security security-connector devops azuredevopsorg project create

Create a monitored Azure DevOps project resource.

Core Preview
az security security-connector devops azuredevopsorg project list

List Azure DevOps projects onboarded to the connector.

Core Preview
az security security-connector devops azuredevopsorg project repo

Azure DevOps repositories.

Core Preview
az security security-connector devops azuredevopsorg project repo create

Create a monitored Azure DevOps repository resource.

Core Preview
az security security-connector devops azuredevopsorg project repo list

List Azure DevOps repositories onboarded to the connector.

Core Preview
az security security-connector devops azuredevopsorg project repo show

Get a monitored Azure DevOps repository resource.

Core Preview
az security security-connector devops azuredevopsorg project repo update

Update a monitored Azure DevOps repository resource.

Core Preview
az security security-connector devops azuredevopsorg project repo wait

Place the CLI in a waiting state until a condition is met.

Core Preview
az security security-connector devops azuredevopsorg project show

Get a monitored Azure DevOps project resource.

Core Preview
az security security-connector devops azuredevopsorg project update

Update a monitored Azure DevOps project resource.

Core Preview
az security security-connector devops azuredevopsorg project wait

Place the CLI in a waiting state until a condition is met.

Core Preview
az security security-connector devops azuredevopsorg show

Get a monitored Azure DevOps organization resource.

Core Preview
az security security-connector devops azuredevopsorg update

Update monitored Azure DevOps organization details.

Core Preview
az security security-connector devops azuredevopsorg wait

Place the CLI in a waiting state until a condition is met.

Core Preview
az security security-connector devops create

Create a DevOps Configuration.

Core Experimental
az security security-connector devops delete

Delete a DevOps Connector.

Core Preview
az security security-connector devops githubowner

GitHub Owners.

Core Preview
az security security-connector devops githubowner list

List a list of GitHub owners onboarded to the connector.

Core Preview
az security security-connector devops githubowner repo

GitHub repositories.

Core Preview
az security security-connector devops githubowner repo list

List GitHub repositories onboarded to the connector.

Core Preview
az security security-connector devops githubowner repo show

Get a monitored GitHub repository.

Core Preview
az security security-connector devops githubowner show

Get a monitored GitHub owner.

Core Preview
az security security-connector devops gitlabgroup

GitLab Groups.

Core Preview
az security security-connector devops gitlabgroup list

List GitLab groups onboarded to the connector.

Core Preview
az security security-connector devops gitlabgroup list-subgroups

Gets nested subgroups of given GitLab Group which are onboarded to the connector.

Core Preview
az security security-connector devops gitlabgroup project

GitLab Projects (Repositories).

Core Preview
az security security-connector devops gitlabgroup project list

List GitLab projects that are directly owned by given group and onboarded to the connector.

Core Preview
az security security-connector devops gitlabgroup project show

Get a monitored GitLab Project resource for a given fully-qualified group name and project name.

Core Preview
az security security-connector devops gitlabgroup show

Get a monitored GitLab Group resource for a given fully-qualified name.

Core Preview
az security security-connector devops list-available-azuredevopsorgs

Returns a list of all Azure DevOps organizations accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity.

Core Preview
az security security-connector devops list-available-githubowners

Returns a list of all GitHub owners accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity.

Core Preview
az security security-connector devops list-available-gitlabgroups

Returns a list of all GitLab groups accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity.

Core Preview
az security security-connector devops show

Get a DevOps Configuration.

Core Preview
az security security-connector devops update

Update a DevOps Configuration.

Core Experimental
az security security-connector devops wait

Place the CLI in a waiting state until a condition is met.

Core Preview
az security security-connector list

List all the security connectors in the specified subscription.

Core Preview
az security security-connector show

Get details of a specific security connector.

Core Preview
az security security-connector update

Update a security connector.

Core Preview

az security security-connector create

Preview

Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a security connector.

az security security-connector create --name
                                      --resource-group
                                      [--environment-data]
                                      [--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
                                      [--hierarchy-identifier]
                                      [--location]
                                      [--offerings]
                                      [--tags]

Examples

Onboard AWS Environment with CspmMonitor Offering

az security security-connectors create --location EastUS --name awsConnector --resource-group myResourceGroup --hierarchy-identifier 123456789555 --environment-name AWS --offerings [0].cspm-monitor-aws.native_cloud_connection.cloudRoleArn='arn:aws:iam::123456789555:role/CspmMonitorAws' --environment-data aws-account.scan-interval=24 aws-account.organizational-data.organization.stackset-name=myStackName aws-account.organizational-data.organization.excluded-account-ids="['100000000000', '100000000001']"

Onboard GCP Environment with CspmMonitor and DefenderCSPM Offerings

az security security-connectors create --location EastUS --name gcpConnector --resource-group myResourceGroup --hierarchy-identifier 123456555 --environment-name GCP --environment-data gcp-project.scan-interval=12 gcp-project.project-details.project-id=mdc-mgmt-proj-123456555 gcp-project.project-details.project-number=123456555 gcp-project.organizational-data.organization.service-account-email-address="mdc-onboarding-sa@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" gcp-project.organizational-data.organization.workload-identity-provider-id=auto-provisioner gcp-project.organizational-data.organization.excluded-project-numbers=[] --offerings [0].cspm-monitor-gcp.native-cloud-connection.service-account-email-address="microsoft-defender-cspm@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [0].cspm-monitor-gcp.native-cloud-connection.workload-identity-provider-id=cspm [1].defender-cspm-gcp.vm-scanners.enabled=true [1].defender-cspm-gcp.vm-scanners.configuration.scanning-mode=Default [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.enabled=true [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.service-account-email-address="mdc-containers-k8s-operator@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.azure-active-directory-app-name=mciem-gcp-oidc-app [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.workload-identity-provider-id=ciem-discovery [1].defender-cspm-gcp.ciem-discovery.service-account-email-address="microsoft-defender-ciem@mdc-mgmt-proj-123456555.iam.gserviceaccount.com"

Onboard AzureDevOps Environment

az security security-connectors create --location CentralUS --name adoConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d98 --environment-name AzureDevOps --environment-data azuredevops-scope='{}' --offerings [0].cspm-monitor-azuredevops='{}'

Onboard GitHub Environment

az security security-connectors create --location CentralUS --name githubConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d95 --environment-name GitHub --environment-data github-scope='{}' --offerings [0].cspm-monitor-github='{}'

Onboard GitLab Environment

az security security-connectors create --location CentralUS --name gitlabConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d93 --environment-name GitLab --environment-data gitlab-scope='{}' --offerings [0].cspm-monitor-gitlab='{}'

Required Parameters

--name --security-connector-name -n

The security connector name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--environment-data

The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--environment-name

The multi cloud resource's cloud name.

Accepted values: AWS, Azure, AzureDevOps, GCP, GitLab, Github
--hierarchy-identifier

The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector, GUID in case DevOps connector).

--location -l

Location where the resource is stored.

--offerings

A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--tags

A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security security-connector delete

Preview

Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Delete a security connector.

az security security-connector delete [--ids]
                                      [--name]
                                      [--resource-group]
                                      [--subscription]
                                      [--yes]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --security-connector-name -n

The security connector name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security security-connector list

Preview

Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List all the security connectors in the specified subscription.

az security security-connector list [--max-items]
                                    [--next-token]
                                    [--resource-group]

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security security-connector show

Preview

Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get details of a specific security connector.

az security security-connector show [--ids]
                                    [--name]
                                    [--resource-group]
                                    [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --security-connector-name -n

The security connector name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security security-connector update

Preview

Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a security connector.

az security security-connector update [--add]
                                      [--environment-data]
                                      [--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
                                      [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                      [--ids]
                                      [--location]
                                      [--name]
                                      [--offerings]
                                      [--remove]
                                      [--resource-group]
                                      [--set]
                                      [--subscription]
                                      [--tags]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--environment-data

The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--environment-name

The multi cloud resource's cloud name.

Accepted values: AWS, Azure, AzureDevOps, GCP, GitLab, Github
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location where the resource is stored.

--name --security-connector-name -n

The security connector name.

--offerings

A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.