Data Connectors - Create Or Update
Creates or updates the data connector.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}?api-version=2024-03-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
data
|
path | True |
string |
Connector ID |
|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string |
The ID of the target subscription. |
|
workspace
|
path | True |
string |
The name of the workspace. Regex pattern: |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
The request body can be one of the following:
| Name | Description |
|---|---|
|
AADData |
Represents AAD (Azure Active Directory) data connector. |
|
AATPData |
Represents AATP (Azure Advanced Threat Protection) data connector. |
|
ASCData |
Represents ASC (Azure Security Center) data connector. |
|
Aws |
Represents Amazon Web Services CloudTrail data connector. |
|
MCASData |
Represents MCAS (Microsoft Cloud App Security) data connector. |
|
MDATPData |
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. |
|
Office |
Represents office data connector. |
|
TIData |
Represents threat intelligence data connector. |
AADDataConnector
Represents AAD (Azure Active Directory) data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Azure |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
AATPDataConnector
Represents AATP (Azure Advanced Threat Protection) data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Azure |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
ASCDataConnector
Represents ASC (Azure Security Center) data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Azure |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.subscriptionId |
string |
The subscription id to connect to, and get the data from. |
AwsCloudTrailDataConnector
Represents Amazon Web Services CloudTrail data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Amazon |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.awsRoleArn |
string |
The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. |
|
| properties.dataTypes |
The available data types for the connector. |
MCASDataConnector
Represents MCAS (Microsoft Cloud App Security) data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Microsoft |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
MDATPDataConnector
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Microsoft |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
OfficeDataConnector
Represents office data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Office365 |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
TIDataConnector
Represents threat intelligence data connector.
| Name | Required | Type | Description |
|---|---|---|---|
| kind | True |
string:
Threat |
The data connector kind |
| etag |
string |
Etag of the azure resource |
|
| properties.dataTypes |
The available data types for the connector. |
||
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
|
| properties.tipLookbackPeriod |
string |
The lookback period for the feed to be imported. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK | DataConnector: |
OK, Operation successfully completed |
| 201 Created | DataConnector: |
Created |
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
| Creates or updates an Office365 data connector. |
| Creates or updates an Threat Intelligence Platform data connector. |
Creates or updates an Office365 data connector.
Sample request
PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-03-01
{
"kind": "Office365",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
"dataTypes": {
"sharePoint": {
"state": "Enabled"
},
"exchange": {
"state": "Enabled"
},
"teams": {
"state": "Enabled"
}
}
}
}
Sample response
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "Office365",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
"dataTypes": {
"sharePoint": {
"state": "Enabled"
},
"exchange": {
"state": "Enabled"
},
"teams": {
"state": "Enabled"
}
}
}
}{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "Office365",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
"dataTypes": {
"sharePoint": {
"state": "Enabled"
},
"exchange": {
"state": "Enabled"
},
"teams": {
"state": "Enabled"
}
}
}
}Creates or updates an Threat Intelligence Platform data connector.
Sample request
PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-03-01
{
"kind": "ThreatIntelligence",
"properties": {
"tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
"tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
"dataTypes": {
"indicators": {
"state": "Enabled"
}
}
}
}
Sample response
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "ThreatIntelligence",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
"tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
"dataTypes": {
"indicators": {
"state": "Enabled"
}
}
}
}{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/dataConnectors",
"kind": "ThreatIntelligence",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
"tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
"dataTypes": {
"indicators": {
"state": "Enabled"
}
}
}
}Definitions
| Name | Description |
|---|---|
|
AADData |
Represents AAD (Azure Active Directory) data connector. |
|
AATPData |
Represents AATP (Azure Advanced Threat Protection) data connector. |
|
Alerts |
Alerts data type for data connectors. |
|
ASCData |
Represents ASC (Azure Security Center) data connector. |
|
Aws |
Represents Amazon Web Services CloudTrail data connector. |
|
Aws |
The available data types for Amazon Web Services CloudTrail data connector. |
|
Cloud |
Error response structure. |
|
Cloud |
Error details. |
|
created |
The type of identity that created the resource. |
|
Data |
Common field for data type in data connectors. |
|
Data |
The kind of the data connector |
|
Data |
Describe whether this data type connection is enabled or not. |
| Exchange |
Exchange data type connection. |
| Indicators |
Data type for indicators connection. |
| Logs |
Logs data type. |
|
MCASData |
Represents MCAS (Microsoft Cloud App Security) data connector. |
|
MCASData |
The available data types for MCAS (Microsoft Cloud App Security) data connector. |
|
MDATPData |
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. |
|
Office |
Represents office data connector. |
|
Office |
The available data types for office data connector. |
|
Share |
SharePoint data type connection. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
| Teams |
Teams data type connection. |
|
TIData |
Represents threat intelligence data connector. |
|
TIData |
The available data types for TI (Threat Intelligence) data connector. |
AADDataConnector
Represents AAD (Azure Active Directory) data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Azure |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
AATPDataConnector
Represents AATP (Azure Advanced Threat Protection) data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Azure |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
AlertsDataTypeOfDataConnector
Alerts data type for data connectors.
| Name | Type | Description |
|---|---|---|
| alerts |
Alerts data type connection. |
ASCDataConnector
Represents ASC (Azure Security Center) data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Azure |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.subscriptionId |
string |
The subscription id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
AwsCloudTrailDataConnector
Represents Amazon Web Services CloudTrail data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Amazon |
The data connector kind |
| name |
string |
The name of the resource |
| properties.awsRoleArn |
string |
The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. |
| properties.dataTypes |
The available data types for the connector. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
AwsCloudTrailDataConnectorDataTypes
The available data types for Amazon Web Services CloudTrail data connector.
| Name | Type | Description |
|---|---|---|
| logs |
Logs data type. |
CloudError
Error response structure.
| Name | Type | Description |
|---|---|---|
| error |
Error data |
CloudErrorBody
Error details.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
createdByType
The type of identity that created the resource.
| Name | Type | Description |
|---|---|---|
| Application |
string |
|
| Key |
string |
|
| ManagedIdentity |
string |
|
| User |
string |
DataConnectorDataTypeCommon
Common field for data type in data connectors.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
DataConnectorKind
The kind of the data connector
| Name | Type | Description |
|---|---|---|
| AmazonWebServicesCloudTrail |
string |
|
| AzureActiveDirectory |
string |
|
| AzureAdvancedThreatProtection |
string |
|
| AzureSecurityCenter |
string |
|
| MicrosoftCloudAppSecurity |
string |
|
| MicrosoftDefenderAdvancedThreatProtection |
string |
|
| Office365 |
string |
|
| ThreatIntelligence |
string |
DataTypeState
Describe whether this data type connection is enabled or not.
| Name | Type | Description |
|---|---|---|
| Disabled |
string |
|
| Enabled |
string |
Exchange
Exchange data type connection.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
Indicators
Data type for indicators connection.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
Logs
Logs data type.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
MCASDataConnector
Represents MCAS (Microsoft Cloud App Security) data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Microsoft |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
MCASDataConnectorDataTypes
The available data types for MCAS (Microsoft Cloud App Security) data connector.
| Name | Type | Description |
|---|---|---|
| alerts |
Alerts data type connection. |
|
| discoveryLogs |
Discovery log data type connection. |
MDATPDataConnector
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Microsoft |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
OfficeDataConnector
Represents office data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Office365 |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
OfficeDataConnectorDataTypes
The available data types for office data connector.
| Name | Type | Description |
|---|---|---|
| exchange |
Exchange data type connection. |
|
| sharePoint |
SharePoint data type connection. |
|
| teams |
Teams data type connection. |
SharePoint
SharePoint data type connection.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |
Teams
Teams data type connection.
| Name | Type | Description |
|---|---|---|
| state |
Describe whether this data type connection is enabled or not. |
TIDataConnector
Represents threat intelligence data connector.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string:
Threat |
The data connector kind |
| name |
string |
The name of the resource |
| properties.dataTypes |
The available data types for the connector. |
|
| properties.tenantId |
string |
The tenant id to connect to, and get the data from. |
| properties.tipLookbackPeriod |
string |
The lookback period for the feed to be imported. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
TIDataConnectorDataTypes
The available data types for TI (Threat Intelligence) data connector.
| Name | Type | Description |
|---|---|---|
| indicators |
Data type for indicators connection. |