Data Connectors - Create Or Update

Creates or updates the data connector.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}?api-version=2024-03-01

URI Parameters

Name In Required Type Description
dataConnectorId
path True

string

Connector ID

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

The ID of the target subscription.

workspaceName
path True

string

The name of the workspace.

Regex pattern: ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$

api-version
query True

string

The API version to use for this operation.

Request Body

The request body can be one of the following:

Name Description
AADDataConnector

Represents AAD (Azure Active Directory) data connector.

AATPDataConnector

Represents AATP (Azure Advanced Threat Protection) data connector.

ASCDataConnector

Represents ASC (Azure Security Center) data connector.

AwsCloudTrailDataConnector

Represents Amazon Web Services CloudTrail data connector.

MCASDataConnector

Represents MCAS (Microsoft Cloud App Security) data connector.

MDATPDataConnector

Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

OfficeDataConnector

Represents office data connector.

TIDataConnector

Represents threat intelligence data connector.

AADDataConnector

Represents AAD (Azure Active Directory) data connector.

Name Required Type Description
kind True string:

AzureActiveDirectory

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

AATPDataConnector

Represents AATP (Azure Advanced Threat Protection) data connector.

Name Required Type Description
kind True string:

AzureAdvancedThreatProtection

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

ASCDataConnector

Represents ASC (Azure Security Center) data connector.

Name Required Type Description
kind True string:

AzureSecurityCenter

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.subscriptionId

string

The subscription id to connect to, and get the data from.

AwsCloudTrailDataConnector

Represents Amazon Web Services CloudTrail data connector.

Name Required Type Description
kind True string:

AmazonWebServicesCloudTrail

The data connector kind

etag

string

Etag of the azure resource

properties.awsRoleArn

string

The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.

properties.dataTypes

AwsCloudTrailDataConnectorDataTypes

The available data types for the connector.

MCASDataConnector

Represents MCAS (Microsoft Cloud App Security) data connector.

Name Required Type Description
kind True string:

MicrosoftCloudAppSecurity

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

MCASDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

MDATPDataConnector

Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

Name Required Type Description
kind True string:

MicrosoftDefenderAdvancedThreatProtection

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

OfficeDataConnector

Represents office data connector.

Name Required Type Description
kind True string:

Office365

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

OfficeDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

TIDataConnector

Represents threat intelligence data connector.

Name Required Type Description
kind True string:

ThreatIntelligence

The data connector kind

etag

string

Etag of the azure resource

properties.dataTypes

TIDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

properties.tipLookbackPeriod

string

The lookback period for the feed to be imported.

Responses

Name Type Description
200 OK DataConnector:

OK, Operation successfully completed

201 Created DataConnector:

Created

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Creates or updates an Office365 data connector.
Creates or updates an Threat Intelligence Platform data connector.

Creates or updates an Office365 data connector.

Sample request

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-03-01

{
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}

Sample response

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}
{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "Office365",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
    "dataTypes": {
      "sharePoint": {
        "state": "Enabled"
      },
      "exchange": {
        "state": "Enabled"
      },
      "teams": {
        "state": "Enabled"
      }
    }
  }
}

Creates or updates an Threat Intelligence Platform data connector.

Sample request

PUT https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5?api-version=2024-03-01

{
  "kind": "ThreatIntelligence",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}

Sample response

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "ThreatIntelligence",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}
{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
  "type": "Microsoft.SecurityInsights/dataConnectors",
  "kind": "ThreatIntelligence",
  "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
  "properties": {
    "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
    "tipLookbackPeriod": "2020-01-01T13:00:30.123Z",
    "dataTypes": {
      "indicators": {
        "state": "Enabled"
      }
    }
  }
}

Definitions

Name Description
AADDataConnector

Represents AAD (Azure Active Directory) data connector.

AATPDataConnector

Represents AATP (Azure Advanced Threat Protection) data connector.

AlertsDataTypeOfDataConnector

Alerts data type for data connectors.

ASCDataConnector

Represents ASC (Azure Security Center) data connector.

AwsCloudTrailDataConnector

Represents Amazon Web Services CloudTrail data connector.

AwsCloudTrailDataConnectorDataTypes

The available data types for Amazon Web Services CloudTrail data connector.

CloudError

Error response structure.

CloudErrorBody

Error details.

createdByType

The type of identity that created the resource.

DataConnectorDataTypeCommon

Common field for data type in data connectors.

DataConnectorKind

The kind of the data connector

DataTypeState

Describe whether this data type connection is enabled or not.

Exchange

Exchange data type connection.

Indicators

Data type for indicators connection.

Logs

Logs data type.

MCASDataConnector

Represents MCAS (Microsoft Cloud App Security) data connector.

MCASDataConnectorDataTypes

The available data types for MCAS (Microsoft Cloud App Security) data connector.

MDATPDataConnector

Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

OfficeDataConnector

Represents office data connector.

OfficeDataConnectorDataTypes

The available data types for office data connector.

SharePoint

SharePoint data type connection.

systemData

Metadata pertaining to creation and last modification of the resource.

Teams

Teams data type connection.

TIDataConnector

Represents threat intelligence data connector.

TIDataConnectorDataTypes

The available data types for TI (Threat Intelligence) data connector.

AADDataConnector

Represents AAD (Azure Active Directory) data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

AzureActiveDirectory

The data connector kind

name

string

The name of the resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AATPDataConnector

Represents AATP (Azure Advanced Threat Protection) data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

AzureAdvancedThreatProtection

The data connector kind

name

string

The name of the resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AlertsDataTypeOfDataConnector

Alerts data type for data connectors.

Name Type Description
alerts

DataConnectorDataTypeCommon

Alerts data type connection.

ASCDataConnector

Represents ASC (Azure Security Center) data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

AzureSecurityCenter

The data connector kind

name

string

The name of the resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.subscriptionId

string

The subscription id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AwsCloudTrailDataConnector

Represents Amazon Web Services CloudTrail data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

AmazonWebServicesCloudTrail

The data connector kind

name

string

The name of the resource

properties.awsRoleArn

string

The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.

properties.dataTypes

AwsCloudTrailDataConnectorDataTypes

The available data types for the connector.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AwsCloudTrailDataConnectorDataTypes

The available data types for Amazon Web Services CloudTrail data connector.

Name Type Description
logs

Logs

Logs data type.

CloudError

Error response structure.

Name Type Description
error

CloudErrorBody

Error data

CloudErrorBody

Error details.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

DataConnectorDataTypeCommon

Common field for data type in data connectors.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

DataConnectorKind

The kind of the data connector

Name Type Description
AmazonWebServicesCloudTrail

string

AzureActiveDirectory

string

AzureAdvancedThreatProtection

string

AzureSecurityCenter

string

MicrosoftCloudAppSecurity

string

MicrosoftDefenderAdvancedThreatProtection

string

Office365

string

ThreatIntelligence

string

DataTypeState

Describe whether this data type connection is enabled or not.

Name Type Description
Disabled

string

Enabled

string

Exchange

Exchange data type connection.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

Indicators

Data type for indicators connection.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

Logs

Logs data type.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

MCASDataConnector

Represents MCAS (Microsoft Cloud App Security) data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

MicrosoftCloudAppSecurity

The data connector kind

name

string

The name of the resource

properties.dataTypes

MCASDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

MCASDataConnectorDataTypes

The available data types for MCAS (Microsoft Cloud App Security) data connector.

Name Type Description
alerts

DataConnectorDataTypeCommon

Alerts data type connection.

discoveryLogs

DataConnectorDataTypeCommon

Discovery log data type connection.

MDATPDataConnector

Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

MicrosoftDefenderAdvancedThreatProtection

The data connector kind

name

string

The name of the resource

properties.dataTypes

AlertsDataTypeOfDataConnector

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

OfficeDataConnector

Represents office data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

Office365

The data connector kind

name

string

The name of the resource

properties.dataTypes

OfficeDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

OfficeDataConnectorDataTypes

The available data types for office data connector.

Name Type Description
exchange

Exchange

Exchange data type connection.

sharePoint

SharePoint

SharePoint data type connection.

teams

Teams

Teams data type connection.

SharePoint

SharePoint data type connection.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

Teams

Teams data type connection.

Name Type Description
state

DataTypeState

Describe whether this data type connection is enabled or not.

TIDataConnector

Represents threat intelligence data connector.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

kind string:

ThreatIntelligence

The data connector kind

name

string

The name of the resource

properties.dataTypes

TIDataConnectorDataTypes

The available data types for the connector.

properties.tenantId

string

The tenant id to connect to, and get the data from.

properties.tipLookbackPeriod

string

The lookback period for the feed to be imported.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

TIDataConnectorDataTypes

The available data types for TI (Threat Intelligence) data connector.

Name Type Description
indicators

Indicators

Data type for indicators connection.