Microsoft.SecurityInsights dataConnectors 2021-03-01-preview

Bicep resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview' = {
  name: 'string'
  kind: 'string'
  scope: resourceSymbolicName
  etag: 'string'
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind: 'AmazonWebServicesCloudTrail'
  properties: {
    dataTypes: {
      logs: {
        state: 'string'
      }
    }
  }

For AzureActiveDirectory, use:

  kind: 'AzureActiveDirectory'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureAdvancedThreatProtection, use:

  kind: 'AzureAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For AzureSecurityCenter, use:

  kind: 'AzureSecurityCenter'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    subscriptionId: 'string'
  }

For Dynamics365, use:

  kind: 'Dynamics365'
  properties: {
    dataTypes: {
      dynamics365CdsActivities: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For GenericUI, use:

  kind: 'GenericUI'
  properties: {
    connectorUiConfig: {
      availability: {
        isPreview: bool
        status: '1'
      }
      connectivityCriteria: [
        {
          type: 'IsConnectedQuery'
          value: [
            'string'
          ]
        }
      ]
      customImage: 'string'
      dataTypes: [
        {
          lastDataReceivedQuery: 'string'
          name: 'string'
        }
      ]
      descriptionMarkdown: 'string'
      graphQueries: [
        {
          baseQuery: 'string'
          legend: 'string'
          metricName: 'string'
        }
      ]
      graphQueriesTableName: 'string'
      instructionSteps: [
        {
          description: 'string'
          instructions: [
            {
              parameters: any()
              type: 'string'
            }
          ]
          title: 'string'
        }
      ]
      permissions: {
        customs: [
          {
            description: 'string'
            name: 'string'
          }
        ]
        resourceProvider: [
          {
            permissionsDisplayText: 'string'
            provider: 'string'
            providerDisplayName: 'string'
            requiredPermissions: {
              action: bool
              delete: bool
              read: bool
              write: bool
            }
            scope: 'string'
          }
        ]
      }
      publisher: 'string'
      sampleQueries: [
        {
          description: 'string'
          query: 'string'
        }
      ]
      title: 'string'
    }
  }

For MicrosoftCloudAppSecurity, use:

  kind: 'MicrosoftCloudAppSecurity'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
      discoveryLogs: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind: 'MicrosoftDefenderAdvancedThreatProtection'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftThreatIntelligence, use:

  kind: 'MicrosoftThreatIntelligence'
  properties: {
    dataTypes: {
      bingSafetyPhishingURL: {
        lookbackPeriod: 'string'
        state: 'string'
      }
      microsoftEmergingThreatFeed: {
        lookbackPeriod: 'string'
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For MicrosoftThreatProtection, use:

  kind: 'MicrosoftThreatProtection'
  properties: {
    dataTypes: {
      incidents: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For Office365, use:

  kind: 'Office365'
  properties: {
    dataTypes: {
      exchange: {
        state: 'string'
      }
      sharePoint: {
        state: 'string'
      }
      teams: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For OfficeATP, use:

  kind: 'OfficeATP'
  properties: {
    dataTypes: {
      alerts: {
        state: 'string'
      }
    }
    tenantId: 'string'
  }

For ThreatIntelligence, use:

  kind: 'ThreatIntelligence'
  properties: {
    dataTypes: {
      indicators: {
        state: 'string'
      }
    }
    tenantId: 'string'
    tipLookbackPeriod: 'string'
  }

For ThreatIntelligenceTaxii, use:

  kind: 'ThreatIntelligenceTaxii'
  properties: {
    collectionId: 'string'
    dataTypes: {
      taxiiClient: {
        state: 'string'
      }
    }
    friendlyName: 'string'
    password: 'string'
    pollingFrequency: 'string'
    taxiiLookbackPeriod: 'string'
    taxiiServer: 'string'
    tenantId: 'string'
    userName: 'string'
    workspaceId: 'string'
  }

Property values

dataConnectors

Name	Description	Value
name	The resource name	string (required)
kind	Set the object type	AmazonWebServicesCloudTrail AzureActiveDirectory AzureAdvancedThreatProtection AzureSecurityCenter Dynamics365 GenericUI MicrosoftCloudAppSecurity MicrosoftDefenderAdvancedThreatProtection MicrosoftThreatIntelligence MicrosoftThreatProtection Office365 OfficeATP ThreatIntelligence ThreatIntelligenceTaxii (required)
scope	Use when creating an extension resource at a scope that is different than the deployment scope.	Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
etag	Etag of the azure resource	string

AwsCloudTrailDataConnector

Name	Description	Value
kind	The data connector kind	'AmazonWebServicesCloudTrail' (required)
properties	Amazon Web Services CloudTrail data connector properties.	AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name	Description	Value
logs	Logs data type.	AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

AADDataConnector

Name	Description	Value
kind	The data connector kind	'AzureActiveDirectory' (required)
properties	AAD (Azure Active Directory) data connector properties.	AADDataConnectorProperties

AADDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

AlertsDataTypeOfDataConnector

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

AatpDataConnector

Name	Description	Value
kind	The data connector kind	'AzureAdvancedThreatProtection' (required)
properties	AATP (Azure Advanced Threat Protection) data connector properties.	AatpDataConnectorProperties

AatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

ASCDataConnector

Name	Description	Value
kind	The data connector kind	'AzureSecurityCenter' (required)
properties	ASC (Azure Security Center) data connector properties.	ASCDataConnectorProperties

ASCDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
subscriptionId	The subscription id to connect to, and get the data from.	string

Dynamics365DataConnector

Name	Description	Value
kind	The data connector kind	'Dynamics365' (required)
properties	Dynamics365 data connector properties.	Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	Dynamics365DataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

Dynamics365DataConnectorDataTypes

Name	Description	Value
dynamics365CdsActivities	Common Data Service data type connection.	Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

CodelessUiDataConnector

Name	Description	Value
kind	The data connector kind	'GenericUI' (required)
properties	Codeless UI data connector properties	CodelessParameters

CodelessParameters

Name	Description	Value
connectorUiConfig	Config to describe the instructions blade	CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name	Description	Value
availability	Connector Availability Status	Availability (required)
connectivityCriteria	Define the way the connector check connectivity	CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage	An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery	string
dataTypes	Data types to check for last data received	CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown	Connector description	string (required)
graphQueries	The graph query to show the current data status	CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName	Name of the table the connector will insert the data to	string (required)
instructionSteps	Instruction steps to enable the connector	CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions	Permissions required for the connector	Permissions (required)
publisher	Connector publisher name	string (required)
sampleQueries	The sample queries for the connector	CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title	Connector blade title	string (required)

Availability

Name	Description	Value
isPreview	Set connector as preview	bool
status	The connector Availability Status	'1'

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name	Description	Value
type	type of connectivity	'IsConnectedQuery'
value	Queries for checking connectivity	string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name	Description	Value
lastDataReceivedQuery	Query for indicate last data received	string
name	Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder	string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name	Description	Value
baseQuery	The base query for the graph	string
legend	The legend for the graph	string
metricName	the metric that the query is checking	string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name	Description	Value
description	Instruction step description	string
instructions	Instruction step details	InstructionStepsInstructionsItem[]
title	Instruction step title	string

InstructionStepsInstructionsItem

Name	Description	Value
parameters	The parameters for the setting	For Bicep, you can use the any() function.
type	The kind of the setting	'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required)

Permissions

Name	Description	Value
customs	Customs permissions required for the connector	PermissionsCustomsItem[]
resourceProvider	Resource provider permissions required for the connector	PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name	Description	Value
description	Customs permissions description	string
name	Customs permissions name	string

PermissionsResourceProviderItem

Name	Description	Value
permissionsDisplayText	Permission description text	string
provider	Provider name	'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' 'microsoft.aadiam/diagnosticSettings'
providerDisplayName	Permission provider display name	string
requiredPermissions	Required permissions for the connector	RequiredPermissions
scope	Permission provider scope	'ResourceGroup' 'Subscription' 'Workspace'

RequiredPermissions

Name	Description	Value
action	action permission	bool
delete	delete permission	bool
read	read permission	bool
write	write permission	bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name	Description	Value
description	The sample query description	string
query	the sample query	string

McasDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftCloudAppSecurity' (required)
properties	MCAS (Microsoft Cloud App Security) data connector properties.	McasDataConnectorProperties

McasDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	McasDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

McasDataConnectorDataTypes

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)
discoveryLogs	Discovery log data type connection.	DataConnectorDataTypeCommon

MdatpDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftDefenderAdvancedThreatProtection' (required)
properties	MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.	MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftThreatIntelligence' (required)
properties	Microsoft Threat Intelligence data connector properties.	MstiDataConnectorProperties

MstiDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MstiDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnectorDataTypes

Name	Description	Value
bingSafetyPhishingURL	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

MTPDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftThreatProtection' (required)
properties	MTP (Microsoft Threat Protection) data connector properties.	MTPDataConnectorProperties

MTPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MTPDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MTPDataConnectorDataTypes

Name	Description	Value
incidents	Data type for Microsoft Threat Protection Platforms data connector.	MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnector

Name	Description	Value
kind	The data connector kind	'Office365' (required)
properties	Office data connector properties.	OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	OfficeDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

OfficeDataConnectorDataTypes

Name	Description	Value
exchange	Exchange data type connection.	OfficeDataConnectorDataTypesExchange (required)
sharePoint	SharePoint data type connection.	OfficeDataConnectorDataTypesSharePoint (required)
teams	Teams data type connection.	OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnectorDataTypesSharePoint

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnectorDataTypesTeams

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeATPDataConnector

Name	Description	Value
kind	The data connector kind	'OfficeATP' (required)
properties	OfficeATP (Office 365 Advanced Threat Protection) data connector properties.	OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

TIDataConnector

Name	Description	Value
kind	The data connector kind	'ThreatIntelligence' (required)
properties	TI (Threat Intelligence) data connector properties.	TIDataConnectorProperties

TIDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	TIDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)
tipLookbackPeriod	The lookback period for the feed to be imported.	string

TIDataConnectorDataTypes

Name	Description	Value
indicators	Data type for indicators connection.	TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

TiTaxiiDataConnector

Name	Description	Value
kind	The data connector kind	'ThreatIntelligenceTaxii' (required)
properties	Threat intelligence TAXII data connector properties.	TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name	Description	Value
collectionId	The collection id of the TAXII server.	string
dataTypes	The available data types for Threat Intelligence TAXII data connector.	TiTaxiiDataConnectorDataTypes (required)
friendlyName	The friendly name for the TAXII server.	string
password	The password for the TAXII server.	string
pollingFrequency	The polling frequency for the TAXII server.	'OnceADay' 'OnceAMinute' 'OnceAnHour' (required)
taxiiLookbackPeriod	The lookback period for the TAXII server.	string
taxiiServer	The API root for the TAXII server.	string
tenantId	The tenant id to connect to, and get the data from.	string (required)
userName	The userName for the TAXII server.	string
workspaceId	The workspace id.	string

TiTaxiiDataConnectorDataTypes

Name	Description	Value
taxiiClient	Data type for TAXII connector.	TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

ARM template resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following JSON to your template.

{
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "apiVersion": "2021-03-01-preview",
  "name": "string",
  "kind": "string",
  "scope": "string",
  "etag": "string",
  // For remaining properties, see dataConnectors objects
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  "kind": "AmazonWebServicesCloudTrail",
  "properties": {
    "dataTypes": {
      "logs": {
        "state": "string"
      }
    }
  }

For AzureActiveDirectory, use:

  "kind": "AzureActiveDirectory",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureAdvancedThreatProtection, use:

  "kind": "AzureAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For AzureSecurityCenter, use:

  "kind": "AzureSecurityCenter",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "subscriptionId": "string"
  }

For Dynamics365, use:

  "kind": "Dynamics365",
  "properties": {
    "dataTypes": {
      "dynamics365CdsActivities": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For GenericUI, use:

  "kind": "GenericUI",
  "properties": {
    "connectorUiConfig": {
      "availability": {
        "isPreview": "bool",
        "status": "1"
      },
      "connectivityCriteria": [
        {
          "type": "IsConnectedQuery",
          "value": [ "string" ]
        }
      ],
      "customImage": "string",
      "dataTypes": [
        {
          "lastDataReceivedQuery": "string",
          "name": "string"
        }
      ],
      "descriptionMarkdown": "string",
      "graphQueries": [
        {
          "baseQuery": "string",
          "legend": "string",
          "metricName": "string"
        }
      ],
      "graphQueriesTableName": "string",
      "instructionSteps": [
        {
          "description": "string",
          "instructions": [
            {
              "parameters": {},
              "type": "string"
            }
          ],
          "title": "string"
        }
      ],
      "permissions": {
        "customs": [
          {
            "description": "string",
            "name": "string"
          }
        ],
        "resourceProvider": [
          {
            "permissionsDisplayText": "string",
            "provider": "string",
            "providerDisplayName": "string",
            "requiredPermissions": {
              "action": "bool",
              "delete": "bool",
              "read": "bool",
              "write": "bool"
            },
            "scope": "string"
          }
        ]
      },
      "publisher": "string",
      "sampleQueries": [
        {
          "description": "string",
          "query": "string"
        }
      ],
      "title": "string"
    }
  }

For MicrosoftCloudAppSecurity, use:

  "kind": "MicrosoftCloudAppSecurity",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      },
      "discoveryLogs": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  "kind": "MicrosoftDefenderAdvancedThreatProtection",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftThreatIntelligence, use:

  "kind": "MicrosoftThreatIntelligence",
  "properties": {
    "dataTypes": {
      "bingSafetyPhishingURL": {
        "lookbackPeriod": "string",
        "state": "string"
      },
      "microsoftEmergingThreatFeed": {
        "lookbackPeriod": "string",
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For MicrosoftThreatProtection, use:

  "kind": "MicrosoftThreatProtection",
  "properties": {
    "dataTypes": {
      "incidents": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For Office365, use:

  "kind": "Office365",
  "properties": {
    "dataTypes": {
      "exchange": {
        "state": "string"
      },
      "sharePoint": {
        "state": "string"
      },
      "teams": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For OfficeATP, use:

  "kind": "OfficeATP",
  "properties": {
    "dataTypes": {
      "alerts": {
        "state": "string"
      }
    },
    "tenantId": "string"
  }

For ThreatIntelligence, use:

  "kind": "ThreatIntelligence",
  "properties": {
    "dataTypes": {
      "indicators": {
        "state": "string"
      }
    },
    "tenantId": "string",
    "tipLookbackPeriod": "string"
  }

For ThreatIntelligenceTaxii, use:

  "kind": "ThreatIntelligenceTaxii",
  "properties": {
    "collectionId": "string",
    "dataTypes": {
      "taxiiClient": {
        "state": "string"
      }
    },
    "friendlyName": "string",
    "password": "string",
    "pollingFrequency": "string",
    "taxiiLookbackPeriod": "string",
    "taxiiServer": "string",
    "tenantId": "string",
    "userName": "string",
    "workspaceId": "string"
  }

Property values

dataConnectors

Name	Description	Value
type	The resource type	'Microsoft.SecurityInsights/dataConnectors'
apiVersion	The resource api version	'2021-03-01-preview'
name	The resource name	string (required)
kind	Set the object type	AmazonWebServicesCloudTrail AzureActiveDirectory AzureAdvancedThreatProtection AzureSecurityCenter Dynamics365 GenericUI MicrosoftCloudAppSecurity MicrosoftDefenderAdvancedThreatProtection MicrosoftThreatIntelligence MicrosoftThreatProtection Office365 OfficeATP ThreatIntelligence ThreatIntelligenceTaxii (required)
scope	Use when creating an extension resource at a scope that is different than the deployment scope.	Target resource For JSON, set the value to the full name of the resource to apply the extension resource to.
etag	Etag of the azure resource	string

AwsCloudTrailDataConnector

Name	Description	Value
kind	The data connector kind	'AmazonWebServicesCloudTrail' (required)
properties	Amazon Web Services CloudTrail data connector properties.	AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name	Description	Value
logs	Logs data type.	AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

AADDataConnector

Name	Description	Value
kind	The data connector kind	'AzureActiveDirectory' (required)
properties	AAD (Azure Active Directory) data connector properties.	AADDataConnectorProperties

AADDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

AlertsDataTypeOfDataConnector

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

AatpDataConnector

Name	Description	Value
kind	The data connector kind	'AzureAdvancedThreatProtection' (required)
properties	AATP (Azure Advanced Threat Protection) data connector properties.	AatpDataConnectorProperties

AatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

ASCDataConnector

Name	Description	Value
kind	The data connector kind	'AzureSecurityCenter' (required)
properties	ASC (Azure Security Center) data connector properties.	ASCDataConnectorProperties

ASCDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
subscriptionId	The subscription id to connect to, and get the data from.	string

Dynamics365DataConnector

Name	Description	Value
kind	The data connector kind	'Dynamics365' (required)
properties	Dynamics365 data connector properties.	Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	Dynamics365DataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

Dynamics365DataConnectorDataTypes

Name	Description	Value
dynamics365CdsActivities	Common Data Service data type connection.	Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

CodelessUiDataConnector

Name	Description	Value
kind	The data connector kind	'GenericUI' (required)
properties	Codeless UI data connector properties	CodelessParameters

CodelessParameters

Name	Description	Value
connectorUiConfig	Config to describe the instructions blade	CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name	Description	Value
availability	Connector Availability Status	Availability (required)
connectivityCriteria	Define the way the connector check connectivity	CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage	An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery	string
dataTypes	Data types to check for last data received	CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown	Connector description	string (required)
graphQueries	The graph query to show the current data status	CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName	Name of the table the connector will insert the data to	string (required)
instructionSteps	Instruction steps to enable the connector	CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions	Permissions required for the connector	Permissions (required)
publisher	Connector publisher name	string (required)
sampleQueries	The sample queries for the connector	CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title	Connector blade title	string (required)

Availability

Name	Description	Value
isPreview	Set connector as preview	bool
status	The connector Availability Status	'1'

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name	Description	Value
type	type of connectivity	'IsConnectedQuery'
value	Queries for checking connectivity	string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name	Description	Value
lastDataReceivedQuery	Query for indicate last data received	string
name	Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder	string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name	Description	Value
baseQuery	The base query for the graph	string
legend	The legend for the graph	string
metricName	the metric that the query is checking	string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name	Description	Value
description	Instruction step description	string
instructions	Instruction step details	InstructionStepsInstructionsItem[]
title	Instruction step title	string

InstructionStepsInstructionsItem

Name	Description	Value
parameters	The parameters for the setting
type	The kind of the setting	'CopyableLabel' 'InfoMessage' 'InstructionStepsGroup' (required)

Permissions

Name	Description	Value
customs	Customs permissions required for the connector	PermissionsCustomsItem[]
resourceProvider	Resource provider permissions required for the connector	PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name	Description	Value
description	Customs permissions description	string
name	Customs permissions name	string

PermissionsResourceProviderItem

Name	Description	Value
permissionsDisplayText	Permission description text	string
provider	Provider name	'Microsoft.Authorization/policyAssignments' 'Microsoft.OperationalInsights/solutions' 'Microsoft.OperationalInsights/workspaces' 'Microsoft.OperationalInsights/workspaces/datasources' 'Microsoft.OperationalInsights/workspaces/sharedKeys' 'microsoft.aadiam/diagnosticSettings'
providerDisplayName	Permission provider display name	string
requiredPermissions	Required permissions for the connector	RequiredPermissions
scope	Permission provider scope	'ResourceGroup' 'Subscription' 'Workspace'

RequiredPermissions

Name	Description	Value
action	action permission	bool
delete	delete permission	bool
read	read permission	bool
write	write permission	bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name	Description	Value
description	The sample query description	string
query	the sample query	string

McasDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftCloudAppSecurity' (required)
properties	MCAS (Microsoft Cloud App Security) data connector properties.	McasDataConnectorProperties

McasDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	McasDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

McasDataConnectorDataTypes

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)
discoveryLogs	Discovery log data type connection.	DataConnectorDataTypeCommon

MdatpDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftDefenderAdvancedThreatProtection' (required)
properties	MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.	MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftThreatIntelligence' (required)
properties	Microsoft Threat Intelligence data connector properties.	MstiDataConnectorProperties

MstiDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MstiDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnectorDataTypes

Name	Description	Value
bingSafetyPhishingURL	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

MTPDataConnector

Name	Description	Value
kind	The data connector kind	'MicrosoftThreatProtection' (required)
properties	MTP (Microsoft Threat Protection) data connector properties.	MTPDataConnectorProperties

MTPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MTPDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MTPDataConnectorDataTypes

Name	Description	Value
incidents	Data type for Microsoft Threat Protection Platforms data connector.	MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnector

Name	Description	Value
kind	The data connector kind	'Office365' (required)
properties	Office data connector properties.	OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	OfficeDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

OfficeDataConnectorDataTypes

Name	Description	Value
exchange	Exchange data type connection.	OfficeDataConnectorDataTypesExchange (required)
sharePoint	SharePoint data type connection.	OfficeDataConnectorDataTypesSharePoint (required)
teams	Teams data type connection.	OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnectorDataTypesSharePoint

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeDataConnectorDataTypesTeams

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

OfficeATPDataConnector

Name	Description	Value
kind	The data connector kind	'OfficeATP' (required)
properties	OfficeATP (Office 365 Advanced Threat Protection) data connector properties.	OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

TIDataConnector

Name	Description	Value
kind	The data connector kind	'ThreatIntelligence' (required)
properties	TI (Threat Intelligence) data connector properties.	TIDataConnectorProperties

TIDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	TIDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)
tipLookbackPeriod	The lookback period for the feed to be imported.	string

TIDataConnectorDataTypes

Name	Description	Value
indicators	Data type for indicators connection.	TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

TiTaxiiDataConnector

Name	Description	Value
kind	The data connector kind	'ThreatIntelligenceTaxii' (required)
properties	Threat intelligence TAXII data connector properties.	TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name	Description	Value
collectionId	The collection id of the TAXII server.	string
dataTypes	The available data types for Threat Intelligence TAXII data connector.	TiTaxiiDataConnectorDataTypes (required)
friendlyName	The friendly name for the TAXII server.	string
password	The password for the TAXII server.	string
pollingFrequency	The polling frequency for the TAXII server.	'OnceADay' 'OnceAMinute' 'OnceAnHour' (required)
taxiiLookbackPeriod	The lookback period for the TAXII server.	string
taxiiServer	The API root for the TAXII server.	string
tenantId	The tenant id to connect to, and get the data from.	string (required)
userName	The userName for the TAXII server.	string
workspaceId	The workspace id.	string

TiTaxiiDataConnectorDataTypes

Name	Description	Value
taxiiClient	Data type for TAXII connector.	TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	'Disabled' 'Enabled' (required)

Terraform (AzAPI provider) resource definition

The dataConnectors resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.SecurityInsights/dataConnectors resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview"
  name = "string"
  parent_id = "string"
  // For remaining properties, see dataConnectors objects
  body = jsonencode({
    kind = "string"
    etag = "string"
  })
}

dataConnectors objects

Set the kind property to specify the type of object.

For AmazonWebServicesCloudTrail, use:

  kind = "AmazonWebServicesCloudTrail"
  properties = {
    dataTypes = {
      logs = {
        state = "string"
      }
    }
  }

For AzureActiveDirectory, use:

  kind = "AzureActiveDirectory"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureAdvancedThreatProtection, use:

  kind = "AzureAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For AzureSecurityCenter, use:

  kind = "AzureSecurityCenter"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    subscriptionId = "string"
  }

For Dynamics365, use:

  kind = "Dynamics365"
  properties = {
    dataTypes = {
      dynamics365CdsActivities = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For GenericUI, use:

  kind = "GenericUI"
  properties = {
    connectorUiConfig = {
      availability = {
        isPreview = bool
        status = "1"
      }
      connectivityCriteria = [
        {
          type = "IsConnectedQuery"
          value = [
            "string"
          ]
        }
      ]
      customImage = "string"
      dataTypes = [
        {
          lastDataReceivedQuery = "string"
          name = "string"
        }
      ]
      descriptionMarkdown = "string"
      graphQueries = [
        {
          baseQuery = "string"
          legend = "string"
          metricName = "string"
        }
      ]
      graphQueriesTableName = "string"
      instructionSteps = [
        {
          description = "string"
          instructions = [
            {
              type = "string"
            }
          ]
          title = "string"
        }
      ]
      permissions = {
        customs = [
          {
            description = "string"
            name = "string"
          }
        ]
        resourceProvider = [
          {
            permissionsDisplayText = "string"
            provider = "string"
            providerDisplayName = "string"
            requiredPermissions = {
              action = bool
              delete = bool
              read = bool
              write = bool
            }
            scope = "string"
          }
        ]
      }
      publisher = "string"
      sampleQueries = [
        {
          description = "string"
          query = "string"
        }
      ]
      title = "string"
    }
  }

For MicrosoftCloudAppSecurity, use:

  kind = "MicrosoftCloudAppSecurity"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
      discoveryLogs = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftDefenderAdvancedThreatProtection, use:

  kind = "MicrosoftDefenderAdvancedThreatProtection"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftThreatIntelligence, use:

  kind = "MicrosoftThreatIntelligence"
  properties = {
    dataTypes = {
      bingSafetyPhishingURL = {
        lookbackPeriod = "string"
        state = "string"
      }
      microsoftEmergingThreatFeed = {
        lookbackPeriod = "string"
        state = "string"
      }
    }
    tenantId = "string"
  }

For MicrosoftThreatProtection, use:

  kind = "MicrosoftThreatProtection"
  properties = {
    dataTypes = {
      incidents = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For Office365, use:

  kind = "Office365"
  properties = {
    dataTypes = {
      exchange = {
        state = "string"
      }
      sharePoint = {
        state = "string"
      }
      teams = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For OfficeATP, use:

  kind = "OfficeATP"
  properties = {
    dataTypes = {
      alerts = {
        state = "string"
      }
    }
    tenantId = "string"
  }

For ThreatIntelligence, use:

  kind = "ThreatIntelligence"
  properties = {
    dataTypes = {
      indicators = {
        state = "string"
      }
    }
    tenantId = "string"
    tipLookbackPeriod = "string"
  }

For ThreatIntelligenceTaxii, use:

  kind = "ThreatIntelligenceTaxii"
  properties = {
    collectionId = "string"
    dataTypes = {
      taxiiClient = {
        state = "string"
      }
    }
    friendlyName = "string"
    password = "string"
    pollingFrequency = "string"
    taxiiLookbackPeriod = "string"
    taxiiServer = "string"
    tenantId = "string"
    userName = "string"
    workspaceId = "string"
  }

Property values

dataConnectors

Name	Description	Value
type	The resource type	"Microsoft.SecurityInsights/dataConnectors@2021-03-01-preview"
name	The resource name	string (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
kind	Set the object type	AmazonWebServicesCloudTrail AzureActiveDirectory AzureAdvancedThreatProtection AzureSecurityCenter Dynamics365 GenericUI MicrosoftCloudAppSecurity MicrosoftDefenderAdvancedThreatProtection MicrosoftThreatIntelligence MicrosoftThreatProtection Office365 OfficeATP ThreatIntelligence ThreatIntelligenceTaxii (required)
etag	Etag of the azure resource	string

AwsCloudTrailDataConnector

Name	Description	Value
kind	The data connector kind	"AmazonWebServicesCloudTrail" (required)
properties	Amazon Web Services CloudTrail data connector properties.	AwsCloudTrailDataConnectorProperties

AwsCloudTrailDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AwsCloudTrailDataConnectorDataTypes (required)

AwsCloudTrailDataConnectorDataTypes

Name	Description	Value
logs	Logs data type.	AwsCloudTrailDataConnectorDataTypesLogs (required)

AwsCloudTrailDataConnectorDataTypesLogs

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

AADDataConnector

Name	Description	Value
kind	The data connector kind	"AzureActiveDirectory" (required)
properties	AAD (Azure Active Directory) data connector properties.	AADDataConnectorProperties

AADDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

AlertsDataTypeOfDataConnector

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)

DataConnectorDataTypeCommon

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

AatpDataConnector

Name	Description	Value
kind	The data connector kind	"AzureAdvancedThreatProtection" (required)
properties	AATP (Azure Advanced Threat Protection) data connector properties.	AatpDataConnectorProperties

AatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

ASCDataConnector

Name	Description	Value
kind	The data connector kind	"AzureSecurityCenter" (required)
properties	ASC (Azure Security Center) data connector properties.	ASCDataConnectorProperties

ASCDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
subscriptionId	The subscription id to connect to, and get the data from.	string

Dynamics365DataConnector

Name	Description	Value
kind	The data connector kind	"Dynamics365" (required)
properties	Dynamics365 data connector properties.	Dynamics365DataConnectorProperties

Dynamics365DataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	Dynamics365DataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

Dynamics365DataConnectorDataTypes

Name	Description	Value
dynamics365CdsActivities	Common Data Service data type connection.	Dynamics365DataConnectorDataTypesDynamics365CdsActiv... (required)

Dynamics365DataConnectorDataTypesDynamics365CdsActiv...

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

CodelessUiDataConnector

Name	Description	Value
kind	The data connector kind	"GenericUI" (required)
properties	Codeless UI data connector properties	CodelessParameters

CodelessParameters

Name	Description	Value
connectorUiConfig	Config to describe the instructions blade	CodelessUiConnectorConfigProperties

CodelessUiConnectorConfigProperties

Name	Description	Value
availability	Connector Availability Status	Availability (required)
connectivityCriteria	Define the way the connector check connectivity	CodelessUiConnectorConfigPropertiesConnectivityCrite...[] (required)
customImage	An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery	string
dataTypes	Data types to check for last data received	CodelessUiConnectorConfigPropertiesDataTypesItem[] (required)
descriptionMarkdown	Connector description	string (required)
graphQueries	The graph query to show the current data status	CodelessUiConnectorConfigPropertiesGraphQueriesItem[] (required)
graphQueriesTableName	Name of the table the connector will insert the data to	string (required)
instructionSteps	Instruction steps to enable the connector	CodelessUiConnectorConfigPropertiesInstructionStepsI...[] (required)
permissions	Permissions required for the connector	Permissions (required)
publisher	Connector publisher name	string (required)
sampleQueries	The sample queries for the connector	CodelessUiConnectorConfigPropertiesSampleQueriesItem[] (required)
title	Connector blade title	string (required)

Availability

Name	Description	Value
isPreview	Set connector as preview	bool
status	The connector Availability Status	"1"

CodelessUiConnectorConfigPropertiesConnectivityCrite...

Name	Description	Value
type	type of connectivity	"IsConnectedQuery"
value	Queries for checking connectivity	string[]

CodelessUiConnectorConfigPropertiesDataTypesItem

Name	Description	Value
lastDataReceivedQuery	Query for indicate last data received	string
name	Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder	string

CodelessUiConnectorConfigPropertiesGraphQueriesItem

Name	Description	Value
baseQuery	The base query for the graph	string
legend	The legend for the graph	string
metricName	the metric that the query is checking	string

CodelessUiConnectorConfigPropertiesInstructionStepsI...

Name	Description	Value
description	Instruction step description	string
instructions	Instruction step details	InstructionStepsInstructionsItem[]
title	Instruction step title	string

InstructionStepsInstructionsItem

Name	Description	Value
parameters	The parameters for the setting
type	The kind of the setting	"CopyableLabel" "InfoMessage" "InstructionStepsGroup" (required)

Permissions

Name	Description	Value
customs	Customs permissions required for the connector	PermissionsCustomsItem[]
resourceProvider	Resource provider permissions required for the connector	PermissionsResourceProviderItem[]

PermissionsCustomsItem

Name	Description	Value
description	Customs permissions description	string
name	Customs permissions name	string

PermissionsResourceProviderItem

Name	Description	Value
permissionsDisplayText	Permission description text	string
provider	Provider name	"Microsoft.Authorization/policyAssignments" "Microsoft.OperationalInsights/solutions" "Microsoft.OperationalInsights/workspaces" "Microsoft.OperationalInsights/workspaces/datasources" "Microsoft.OperationalInsights/workspaces/sharedKeys" "microsoft.aadiam/diagnosticSettings"
providerDisplayName	Permission provider display name	string
requiredPermissions	Required permissions for the connector	RequiredPermissions
scope	Permission provider scope	"ResourceGroup" "Subscription" "Workspace"

RequiredPermissions

Name	Description	Value
action	action permission	bool
delete	delete permission	bool
read	read permission	bool
write	write permission	bool

CodelessUiConnectorConfigPropertiesSampleQueriesItem

Name	Description	Value
description	The sample query description	string
query	the sample query	string

McasDataConnector

Name	Description	Value
kind	The data connector kind	"MicrosoftCloudAppSecurity" (required)
properties	MCAS (Microsoft Cloud App Security) data connector properties.	McasDataConnectorProperties

McasDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	McasDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

McasDataConnectorDataTypes

Name	Description	Value
alerts	Alerts data type connection.	DataConnectorDataTypeCommon (required)
discoveryLogs	Discovery log data type connection.	DataConnectorDataTypeCommon

MdatpDataConnector

Name	Description	Value
kind	The data connector kind	"MicrosoftDefenderAdvancedThreatProtection" (required)
properties	MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.	MdatpDataConnectorProperties

MdatpDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnector

Name	Description	Value
kind	The data connector kind	"MicrosoftThreatIntelligence" (required)
properties	Microsoft Threat Intelligence data connector properties.	MstiDataConnectorProperties

MstiDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MstiDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MstiDataConnectorDataTypes

Name	Description	Value
bingSafetyPhishingURL	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesBingSafetyPhishingURL (required)
microsoftEmergingThreatFeed	Data type for Microsoft Threat Intelligence Platforms data connector.	MstiDataConnectorDataTypesMicrosoftEmergingThreatFee... (required)

MstiDataConnectorDataTypesBingSafetyPhishingURL

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

MstiDataConnectorDataTypesMicrosoftEmergingThreatFee...

Name	Description	Value
lookbackPeriod	lookback period	string (required)
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

MTPDataConnector

Name	Description	Value
kind	The data connector kind	"MicrosoftThreatProtection" (required)
properties	MTP (Microsoft Threat Protection) data connector properties.	MTPDataConnectorProperties

MTPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	MTPDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

MTPDataConnectorDataTypes

Name	Description	Value
incidents	Data type for Microsoft Threat Protection Platforms data connector.	MTPDataConnectorDataTypesIncidents (required)

MTPDataConnectorDataTypesIncidents

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

OfficeDataConnector

Name	Description	Value
kind	The data connector kind	"Office365" (required)
properties	Office data connector properties.	OfficeDataConnectorProperties

OfficeDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	OfficeDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)

OfficeDataConnectorDataTypes

Name	Description	Value
exchange	Exchange data type connection.	OfficeDataConnectorDataTypesExchange (required)
sharePoint	SharePoint data type connection.	OfficeDataConnectorDataTypesSharePoint (required)
teams	Teams data type connection.	OfficeDataConnectorDataTypesTeams (required)

OfficeDataConnectorDataTypesExchange

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

OfficeDataConnectorDataTypesSharePoint

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

OfficeDataConnectorDataTypesTeams

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

OfficeATPDataConnector

Name	Description	Value
kind	The data connector kind	"OfficeATP" (required)
properties	OfficeATP (Office 365 Advanced Threat Protection) data connector properties.	OfficeATPDataConnectorProperties

OfficeATPDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	AlertsDataTypeOfDataConnector
tenantId	The tenant id to connect to, and get the data from.	string (required)

TIDataConnector

Name	Description	Value
kind	The data connector kind	"ThreatIntelligence" (required)
properties	TI (Threat Intelligence) data connector properties.	TIDataConnectorProperties

TIDataConnectorProperties

Name	Description	Value
dataTypes	The available data types for the connector.	TIDataConnectorDataTypes (required)
tenantId	The tenant id to connect to, and get the data from.	string (required)
tipLookbackPeriod	The lookback period for the feed to be imported.	string

TIDataConnectorDataTypes

Name	Description	Value
indicators	Data type for indicators connection.	TIDataConnectorDataTypesIndicators (required)

TIDataConnectorDataTypesIndicators

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)

TiTaxiiDataConnector

Name	Description	Value
kind	The data connector kind	"ThreatIntelligenceTaxii" (required)
properties	Threat intelligence TAXII data connector properties.	TiTaxiiDataConnectorProperties

TiTaxiiDataConnectorProperties

Name	Description	Value
collectionId	The collection id of the TAXII server.	string
dataTypes	The available data types for Threat Intelligence TAXII data connector.	TiTaxiiDataConnectorDataTypes (required)
friendlyName	The friendly name for the TAXII server.	string
password	The password for the TAXII server.	string
pollingFrequency	The polling frequency for the TAXII server.	"OnceADay" "OnceAMinute" "OnceAnHour" (required)
taxiiLookbackPeriod	The lookback period for the TAXII server.	string
taxiiServer	The API root for the TAXII server.	string
tenantId	The tenant id to connect to, and get the data from.	string (required)
userName	The userName for the TAXII server.	string
workspaceId	The workspace id.	string

TiTaxiiDataConnectorDataTypes

Name	Description	Value
taxiiClient	Data type for TAXII connector.	TiTaxiiDataConnectorDataTypesTaxiiClient (required)

TiTaxiiDataConnectorDataTypesTaxiiClient

Name	Description	Value
state	Describe whether this data type connection is enabled or not.	"Disabled" "Enabled" (required)