Microsoft.Security securityConnectors 2023-10-01-preview
Article 01/12/2024
1 contributor
Feedback
In this article
Bicep resource definition
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityConnectors@2023-10-01-preview' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
kind: 'string'
etag: 'string'
properties: {
environmentData: {
environmentType: 'string'
// For remaining properties, see EnvironmentData objects
}
environmentName: 'string'
hierarchyIdentifier: 'string'
offerings: [
{
offeringType: 'string'
// For remaining properties, see CloudOffering objects
}
]
}
}
EnvironmentData objects
Set the environmentType property to specify the type of object.
For AwsAccount , use:
environmentType: 'AwsAccount'
organizationalData: {
organizationMembershipType: 'string'
// For remaining properties, see AwsOrganizationalData objects
}
regions: [
'string'
]
scanInterval: int
For AzureDevOpsScope , use:
environmentType: 'AzureDevOpsScope'
For GcpProject , use:
environmentType: 'GcpProject'
organizationalData: {
organizationMembershipType: 'string'
// For remaining properties, see GcpOrganizationalData objects
}
projectDetails: {
projectId: 'string'
projectNumber: 'string'
}
scanInterval: int
For GithubScope , use:
environmentType: 'GithubScope'
For GitlabScope , use:
environmentType: 'GitlabScope'
AwsOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
organizationMembershipType: 'Member'
parentHierarchyId: 'string'
For Organization , use:
organizationMembershipType: 'Organization'
excludedAccountIds: [
'string'
]
stacksetName: 'string'
GcpOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
organizationMembershipType: 'Member'
managementProjectNumber: 'string'
parentHierarchyId: 'string'
For Organization , use:
organizationMembershipType: 'Organization'
excludedProjectNumbers: [
'string'
]
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
offeringType: 'CspmMonitorAws'
nativeCloudConnection: {
cloudRoleArn: 'string'
}
For CspmMonitorAzureDevOps , use:
offeringType: 'CspmMonitorAzureDevOps'
For CspmMonitorGcp , use:
offeringType: 'CspmMonitorGcp'
nativeCloudConnection: {
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
For CspmMonitorGithub , use:
offeringType: 'CspmMonitorGithub'
For CspmMonitorGitLab , use:
offeringType: 'CspmMonitorGitLab'
For DefenderCspmAws , use:
offeringType: 'DefenderCspmAws'
ciem: {
ciemDiscovery: {
cloudRoleArn: 'string'
}
ciemOidc: {
azureActiveDirectoryAppName: 'string'
cloudRoleArn: 'string'
}
}
databasesDspm: {
cloudRoleArn: 'string'
enabled: bool
}
dataSensitivityDiscovery: {
cloudRoleArn: 'string'
enabled: bool
}
mdcContainersAgentlessDiscoveryK8s: {
cloudRoleArn: 'string'
enabled: bool
}
mdcContainersImageAssessment: {
cloudRoleArn: 'string'
enabled: bool
}
vmScanners: {
configuration: {
cloudRoleArn: 'string'
exclusionTags: {
{customized property}: 'string'
}
scanningMode: 'Default'
}
enabled: bool
}
For DefenderCspmGcp , use:
offeringType: 'DefenderCspmGcp'
ciemDiscovery: {
azureActiveDirectoryAppName: 'string'
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
dataSensitivityDiscovery: {
enabled: bool
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
mdcContainersAgentlessDiscoveryK8s: {
enabled: bool
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
mdcContainersImageAssessment: {
enabled: bool
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
vmScanners: {
configuration: {
exclusionTags: {
{customized property}: 'string'
}
scanningMode: 'Default'
}
enabled: bool
}
For DefenderForContainersAws , use:
offeringType: 'DefenderForContainersAws'
autoProvisioning: bool
cloudWatchToKinesis: {
cloudRoleArn: 'string'
}
containerVulnerabilityAssessment: {
cloudRoleArn: 'string'
}
containerVulnerabilityAssessmentTask: {
cloudRoleArn: 'string'
}
enableContainerVulnerabilityAssessment: bool
kinesisToS3: {
cloudRoleArn: 'string'
}
kubeAuditRetentionTime: int
kubernetesScubaReader: {
cloudRoleArn: 'string'
}
kubernetesService: {
cloudRoleArn: 'string'
}
mdcContainersAgentlessDiscoveryK8s: {
cloudRoleArn: 'string'
enabled: bool
}
mdcContainersImageAssessment: {
cloudRoleArn: 'string'
enabled: bool
}
scubaExternalId: 'string'
For DefenderForContainersGcp , use:
offeringType: 'DefenderForContainersGcp'
auditLogsAutoProvisioningFlag: bool
dataPipelineNativeCloudConnection: {
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
defenderAgentAutoProvisioningFlag: bool
mdcContainersAgentlessDiscoveryK8s: {
enabled: bool
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
mdcContainersImageAssessment: {
enabled: bool
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
nativeCloudConnection: {
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
policyAgentAutoProvisioningFlag: bool
For DefenderForDatabasesAws , use:
offeringType: 'DefenderForDatabasesAws'
arcAutoProvisioning: {
cloudRoleArn: 'string'
configuration: {
privateLinkScope: 'string'
proxy: 'string'
}
enabled: bool
}
databasesDspm: {
cloudRoleArn: 'string'
enabled: bool
}
rds: {
cloudRoleArn: 'string'
enabled: bool
}
For DefenderForDatabasesGcp , use:
offeringType: 'DefenderForDatabasesGcp'
arcAutoProvisioning: {
configuration: {
privateLinkScope: 'string'
proxy: 'string'
}
enabled: bool
}
defenderForDatabasesArcAutoProvisioning: {
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
For DefenderForDevOpsAzureDevOps , use:
offeringType: 'DefenderForDevOpsAzureDevOps'
For DefenderForDevOpsGithub , use:
offeringType: 'DefenderForDevOpsGithub'
For DefenderForDevOpsGitLab , use:
offeringType: 'DefenderForDevOpsGitLab'
For DefenderForServersAws , use:
offeringType: 'DefenderForServersAws'
arcAutoProvisioning: {
cloudRoleArn: 'string'
configuration: {
privateLinkScope: 'string'
proxy: 'string'
}
enabled: bool
}
defenderForServers: {
cloudRoleArn: 'string'
}
mdeAutoProvisioning: {
configuration: any()
enabled: bool
}
subPlan: {
type: 'string'
}
vaAutoProvisioning: {
configuration: {
type: 'string'
}
enabled: bool
}
vmScanners: {
configuration: {
cloudRoleArn: 'string'
exclusionTags: {
{customized property}: 'string'
}
scanningMode: 'Default'
}
enabled: bool
}
For DefenderForServersGcp , use:
offeringType: 'DefenderForServersGcp'
arcAutoProvisioning: {
configuration: {
privateLinkScope: 'string'
proxy: 'string'
}
enabled: bool
}
defenderForServers: {
serviceAccountEmailAddress: 'string'
workloadIdentityProviderId: 'string'
}
mdeAutoProvisioning: {
configuration: any()
enabled: bool
}
subPlan: {
type: 'string'
}
vaAutoProvisioning: {
configuration: {
type: 'string'
}
enabled: bool
}
vmScanners: {
configuration: {
exclusionTags: {
{customized property}: 'string'
}
scanningMode: 'Default'
}
enabled: bool
}
For InformationProtectionAws , use:
offeringType: 'InformationProtectionAws'
informationProtection: {
cloudRoleArn: 'string'
}
Property values
securityConnectors
Name
Description
Value
name
The resource name
string (required)
location
Location where the resource is stored
string
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values. See Tags in templates
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
environmentData
The security connector environment data.
EnvironmentData
environmentName
The multi cloud resource's cloud name.
'AWS' 'Azure' 'AzureDevOps' 'GCP' 'GitLab' 'Github'
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
EnvironmentData
AwsEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'AwsAccount' (required)
organizationalData
The AWS account's organizational data
AwsOrganizationalData
regions
list of regions to scan
string[]
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
AwsOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
AwsOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' (required)
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
AwsOrganizationalDataMaster
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Organization' (required)
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string
AzureDevOpsScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'AzureDevOpsScope' (required)
GcpProjectEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GcpProject' (required)
organizationalData
The Gcp project's organizational data
GcpOrganizationalData
projectDetails
The Gcp project's details
GcpProjectDetails
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
GcpOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
GcpOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' (required)
managementProjectNumber
The GCP management project number from organizational onboarding
string
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the project's parent
string
GcpOrganizationalDataOrganization
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Organization' (required)
excludedProjectNumbers
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
serviceAccountEmailAddress
The service account email address which represents the organization level permissions container.
string
workloadIdentityProviderId
The GCP workload identity provider id which represents the permissions required to auto provision security connectors
string
GcpProjectDetails
Name
Description
Value
projectId
The GCP Project id
string
projectNumber
The unique GCP Project number
string
GithubScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GithubScope' (required)
GitlabScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GitlabScope' (required)
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
CspmMonitorAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorAzureDevOps' (required)
CspmMonitorGcpOffering
CspmMonitorGcpOfferingNativeCloudConnection
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for the offering
string
CspmMonitorGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorGithub' (required)
CspmMonitorGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorGitLab' (required)
DefenderCspmAwsOffering
DefenderCspmAwsOfferingCiem
DefenderCspmAwsOfferingCiemDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for CIEM discovery
string
DefenderCspmAwsOfferingCiemOidc
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against AWS
string
cloudRoleArn
The cloud role ARN in AWS for CIEM oidc connection
string
DefenderCspmAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases DSPM protection enabled
bool
DefenderCspmAwsOfferingDataSensitivityDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
DefenderCspmAwsOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderCspmAwsOfferingMdcContainersImageAssessment
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderCspmAwsOfferingVmScanners
DefenderCspmAwsOfferingVmScannersConfiguration
DefenderCspmAwsOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderCspmGcpOffering
DefenderCspmGcpOfferingCiemDiscovery
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against GCP workload identity federation
string
serviceAccountEmailAddress
The service account email address in GCP for CIEM discovery offering
string
workloadIdentityProviderId
The GCP workload identity provider id for CIEM discovery offering
string
DefenderCspmGcpOfferingDataSensitivityDiscovery
Name
Description
Value
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersImageAssessment
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingVmScanners
DefenderCspmGcpOfferingVmScannersConfiguration
DefenderCspmGcpOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by Kinesis to transfer data into S3
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for reading data
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for provisioning resources
string
DefenderForContainersAwsOfferingMdcContainersAgentle...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderForContainersAwsOfferingMdcContainersImageAs...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderForContainersGcpOffering
DefenderForContainersGcpOfferingDataPipelineNativeCl...
Name
Description
Value
serviceAccountEmailAddress
The data collection service account email address in GCP for this offering
string
workloadIdentityProviderId
The data collection GCP workload identity provider id for this offering
string
DefenderForContainersGcpOfferingMdcContainersAgentle...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingMdcContainersImageAs...
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingNativeCloudConnectio...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderFoDatabasesAwsOffering
DefenderFoDatabasesAwsOfferingArcAutoProvisioning
DefenderFoDatabasesAwsOfferingArcAutoProvisioningCon...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderFoDatabasesAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases data security posture management (DSPM) protection enabled
bool
DefenderFoDatabasesAwsOfferingRds
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is RDS protection enabled
bool
DefenderForDatabasesGcpOffering
DefenderForDatabasesGcpOfferingArcAutoProvisioning
DefenderForDatabasesGcpOfferingArcAutoProvisioningCo...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderForDatabasesGcpOfferingDefenderForDatabasesA...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderForDevOpsAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsAzureDevOps' (required)
DefenderForDevOpsGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsGithub' (required)
DefenderForDevOpsGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsGitLab' (required)
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
For Bicep, you can use the any() function.
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersAwsOfferingSubPlan
Name
Description
Value
type
The available sub plans
'P1' 'P2'
DefenderForServersAwsOfferingVaAutoProvisioning
DefenderForServersAwsOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
'Qualys' 'TVM'
DefenderForServersAwsOfferingVmScanners
DefenderForServersAwsOfferingVmScannersConfiguration
DefenderForServersAwsOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
DefenderForServersGcpOffering
DefenderForServersGcpOfferingArcAutoProvisioning
DefenderForServersGcpOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersGcpOfferingDefenderForServers
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForServersGcpOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
For Bicep, you can use the any() function.
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersGcpOfferingSubPlan
Name
Description
Value
type
The available sub plans
'P1' 'P2'
DefenderForServersGcpOfferingVaAutoProvisioning
DefenderForServersGcpOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
'Qualys' 'TVM'
DefenderForServersGcpOfferingVmScanners
DefenderForServersGcpOfferingVmScannersConfiguration
DefenderForServersGcpOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
ARM template resource definition
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityConnectors",
"apiVersion": "2023-10-01-preview",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"kind": "string",
"etag": "string",
"properties": {
"environmentData": {
"environmentType": "string"
// For remaining properties, see EnvironmentData objects
},
"environmentName": "string",
"hierarchyIdentifier": "string",
"offerings": [
{
"offeringType": "string"
// For remaining properties, see CloudOffering objects
}
]
}
}
EnvironmentData objects
Set the environmentType property to specify the type of object.
For AwsAccount , use:
"environmentType": "AwsAccount",
"organizationalData": {
"organizationMembershipType": "string"
// For remaining properties, see AwsOrganizationalData objects
},
"regions": [ "string" ],
"scanInterval": "int"
For AzureDevOpsScope , use:
"environmentType": "AzureDevOpsScope"
For GcpProject , use:
"environmentType": "GcpProject",
"organizationalData": {
"organizationMembershipType": "string"
// For remaining properties, see GcpOrganizationalData objects
},
"projectDetails": {
"projectId": "string",
"projectNumber": "string"
},
"scanInterval": "int"
For GithubScope , use:
"environmentType": "GithubScope"
For GitlabScope , use:
"environmentType": "GitlabScope"
AwsOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
"organizationMembershipType": "Member",
"parentHierarchyId": "string"
For Organization , use:
"organizationMembershipType": "Organization",
"excludedAccountIds": [ "string" ],
"stacksetName": "string"
GcpOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
"organizationMembershipType": "Member",
"managementProjectNumber": "string",
"parentHierarchyId": "string"
For Organization , use:
"organizationMembershipType": "Organization",
"excludedProjectNumbers": [ "string" ],
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
"offeringType": "CspmMonitorAws",
"nativeCloudConnection": {
"cloudRoleArn": "string"
}
For CspmMonitorAzureDevOps , use:
"offeringType": "CspmMonitorAzureDevOps"
For CspmMonitorGcp , use:
"offeringType": "CspmMonitorGcp",
"nativeCloudConnection": {
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
}
For CspmMonitorGithub , use:
"offeringType": "CspmMonitorGithub"
For CspmMonitorGitLab , use:
"offeringType": "CspmMonitorGitLab"
For DefenderCspmAws , use:
"offeringType": "DefenderCspmAws",
"ciem": {
"ciemDiscovery": {
"cloudRoleArn": "string"
},
"ciemOidc": {
"azureActiveDirectoryAppName": "string",
"cloudRoleArn": "string"
}
},
"databasesDspm": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"dataSensitivityDiscovery": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"mdcContainersAgentlessDiscoveryK8s": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"mdcContainersImageAssessment": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"vmScanners": {
"configuration": {
"cloudRoleArn": "string",
"exclusionTags": {
"{customized property}": "string"
},
"scanningMode": "Default"
},
"enabled": "bool"
}
For DefenderCspmGcp , use:
"offeringType": "DefenderCspmGcp",
"ciemDiscovery": {
"azureActiveDirectoryAppName": "string",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"dataSensitivityDiscovery": {
"enabled": "bool",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": "bool",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"mdcContainersImageAssessment": {
"enabled": "bool",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"vmScanners": {
"configuration": {
"exclusionTags": {
"{customized property}": "string"
},
"scanningMode": "Default"
},
"enabled": "bool"
}
For DefenderForContainersAws , use:
"offeringType": "DefenderForContainersAws",
"autoProvisioning": "bool",
"cloudWatchToKinesis": {
"cloudRoleArn": "string"
},
"containerVulnerabilityAssessment": {
"cloudRoleArn": "string"
},
"containerVulnerabilityAssessmentTask": {
"cloudRoleArn": "string"
},
"enableContainerVulnerabilityAssessment": "bool",
"kinesisToS3": {
"cloudRoleArn": "string"
},
"kubeAuditRetentionTime": "int",
"kubernetesScubaReader": {
"cloudRoleArn": "string"
},
"kubernetesService": {
"cloudRoleArn": "string"
},
"mdcContainersAgentlessDiscoveryK8s": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"mdcContainersImageAssessment": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"scubaExternalId": "string"
For DefenderForContainersGcp , use:
"offeringType": "DefenderForContainersGcp",
"auditLogsAutoProvisioningFlag": "bool",
"dataPipelineNativeCloudConnection": {
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"defenderAgentAutoProvisioningFlag": "bool",
"mdcContainersAgentlessDiscoveryK8s": {
"enabled": "bool",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"mdcContainersImageAssessment": {
"enabled": "bool",
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"nativeCloudConnection": {
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"policyAgentAutoProvisioningFlag": "bool"
For DefenderForDatabasesAws , use:
"offeringType": "DefenderForDatabasesAws",
"arcAutoProvisioning": {
"cloudRoleArn": "string",
"configuration": {
"privateLinkScope": "string",
"proxy": "string"
},
"enabled": "bool"
},
"databasesDspm": {
"cloudRoleArn": "string",
"enabled": "bool"
},
"rds": {
"cloudRoleArn": "string",
"enabled": "bool"
}
For DefenderForDatabasesGcp , use:
"offeringType": "DefenderForDatabasesGcp",
"arcAutoProvisioning": {
"configuration": {
"privateLinkScope": "string",
"proxy": "string"
},
"enabled": "bool"
},
"defenderForDatabasesArcAutoProvisioning": {
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
}
For DefenderForDevOpsAzureDevOps , use:
"offeringType": "DefenderForDevOpsAzureDevOps"
For DefenderForDevOpsGithub , use:
"offeringType": "DefenderForDevOpsGithub"
For DefenderForDevOpsGitLab , use:
"offeringType": "DefenderForDevOpsGitLab"
For DefenderForServersAws , use:
"offeringType": "DefenderForServersAws",
"arcAutoProvisioning": {
"cloudRoleArn": "string",
"configuration": {
"privateLinkScope": "string",
"proxy": "string"
},
"enabled": "bool"
},
"defenderForServers": {
"cloudRoleArn": "string"
},
"mdeAutoProvisioning": {
"configuration": {},
"enabled": "bool"
},
"subPlan": {
"type": "string"
},
"vaAutoProvisioning": {
"configuration": {
"type": "string"
},
"enabled": "bool"
},
"vmScanners": {
"configuration": {
"cloudRoleArn": "string",
"exclusionTags": {
"{customized property}": "string"
},
"scanningMode": "Default"
},
"enabled": "bool"
}
For DefenderForServersGcp , use:
"offeringType": "DefenderForServersGcp",
"arcAutoProvisioning": {
"configuration": {
"privateLinkScope": "string",
"proxy": "string"
},
"enabled": "bool"
},
"defenderForServers": {
"serviceAccountEmailAddress": "string",
"workloadIdentityProviderId": "string"
},
"mdeAutoProvisioning": {
"configuration": {},
"enabled": "bool"
},
"subPlan": {
"type": "string"
},
"vaAutoProvisioning": {
"configuration": {
"type": "string"
},
"enabled": "bool"
},
"vmScanners": {
"configuration": {
"exclusionTags": {
"{customized property}": "string"
},
"scanningMode": "Default"
},
"enabled": "bool"
}
For InformationProtectionAws , use:
"offeringType": "InformationProtectionAws",
"informationProtection": {
"cloudRoleArn": "string"
}
Property values
securityConnectors
Name
Description
Value
type
The resource type
'Microsoft.Security/securityConnectors'
apiVersion
The resource api version
'2023-10-01-preview'
name
The resource name
string (required)
location
Location where the resource is stored
string
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values. See Tags in templates
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
environmentData
The security connector environment data.
EnvironmentData
environmentName
The multi cloud resource's cloud name.
'AWS' 'Azure' 'AzureDevOps' 'GCP' 'GitLab' 'Github'
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
EnvironmentData
AwsEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'AwsAccount' (required)
organizationalData
The AWS account's organizational data
AwsOrganizationalData
regions
list of regions to scan
string[]
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
AwsOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
AwsOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' (required)
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
AwsOrganizationalDataMaster
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Organization' (required)
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string
AzureDevOpsScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'AzureDevOpsScope' (required)
GcpProjectEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GcpProject' (required)
organizationalData
The Gcp project's organizational data
GcpOrganizationalData
projectDetails
The Gcp project's details
GcpProjectDetails
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
GcpOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
GcpOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Member' (required)
managementProjectNumber
The GCP management project number from organizational onboarding
string
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the project's parent
string
GcpOrganizationalDataOrganization
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
'Organization' (required)
excludedProjectNumbers
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
serviceAccountEmailAddress
The service account email address which represents the organization level permissions container.
string
workloadIdentityProviderId
The GCP workload identity provider id which represents the permissions required to auto provision security connectors
string
GcpProjectDetails
Name
Description
Value
projectId
The GCP Project id
string
projectNumber
The unique GCP Project number
string
GithubScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GithubScope' (required)
GitlabScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
'GitlabScope' (required)
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
CspmMonitorAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorAzureDevOps' (required)
CspmMonitorGcpOffering
CspmMonitorGcpOfferingNativeCloudConnection
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for the offering
string
CspmMonitorGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorGithub' (required)
CspmMonitorGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
'CspmMonitorGitLab' (required)
DefenderCspmAwsOffering
DefenderCspmAwsOfferingCiem
DefenderCspmAwsOfferingCiemDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for CIEM discovery
string
DefenderCspmAwsOfferingCiemOidc
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against AWS
string
cloudRoleArn
The cloud role ARN in AWS for CIEM oidc connection
string
DefenderCspmAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases DSPM protection enabled
bool
DefenderCspmAwsOfferingDataSensitivityDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
DefenderCspmAwsOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderCspmAwsOfferingMdcContainersImageAssessment
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderCspmAwsOfferingVmScanners
DefenderCspmAwsOfferingVmScannersConfiguration
DefenderCspmAwsOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderCspmGcpOffering
DefenderCspmGcpOfferingCiemDiscovery
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against GCP workload identity federation
string
serviceAccountEmailAddress
The service account email address in GCP for CIEM discovery offering
string
workloadIdentityProviderId
The GCP workload identity provider id for CIEM discovery offering
string
DefenderCspmGcpOfferingDataSensitivityDiscovery
Name
Description
Value
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersImageAssessment
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingVmScanners
DefenderCspmGcpOfferingVmScannersConfiguration
DefenderCspmGcpOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by Kinesis to transfer data into S3
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for reading data
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for provisioning resources
string
DefenderForContainersAwsOfferingMdcContainersAgentle...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderForContainersAwsOfferingMdcContainersImageAs...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderForContainersGcpOffering
DefenderForContainersGcpOfferingDataPipelineNativeCl...
Name
Description
Value
serviceAccountEmailAddress
The data collection service account email address in GCP for this offering
string
workloadIdentityProviderId
The data collection GCP workload identity provider id for this offering
string
DefenderForContainersGcpOfferingMdcContainersAgentle...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingMdcContainersImageAs...
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingNativeCloudConnectio...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderFoDatabasesAwsOffering
DefenderFoDatabasesAwsOfferingArcAutoProvisioning
DefenderFoDatabasesAwsOfferingArcAutoProvisioningCon...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderFoDatabasesAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases data security posture management (DSPM) protection enabled
bool
DefenderFoDatabasesAwsOfferingRds
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is RDS protection enabled
bool
DefenderForDatabasesGcpOffering
DefenderForDatabasesGcpOfferingArcAutoProvisioning
DefenderForDatabasesGcpOfferingArcAutoProvisioningCo...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderForDatabasesGcpOfferingDefenderForDatabasesA...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderForDevOpsAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsAzureDevOps' (required)
DefenderForDevOpsGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsGithub' (required)
DefenderForDevOpsGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
'DefenderForDevOpsGitLab' (required)
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersAwsOfferingSubPlan
Name
Description
Value
type
The available sub plans
'P1' 'P2'
DefenderForServersAwsOfferingVaAutoProvisioning
DefenderForServersAwsOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
'Qualys' 'TVM'
DefenderForServersAwsOfferingVmScanners
DefenderForServersAwsOfferingVmScannersConfiguration
DefenderForServersAwsOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
DefenderForServersGcpOffering
DefenderForServersGcpOfferingArcAutoProvisioning
DefenderForServersGcpOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersGcpOfferingDefenderForServers
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForServersGcpOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersGcpOfferingSubPlan
Name
Description
Value
type
The available sub plans
'P1' 'P2'
DefenderForServersGcpOfferingVaAutoProvisioning
DefenderForServersGcpOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
'Qualys' 'TVM'
DefenderForServersGcpOfferingVmScanners
DefenderForServersGcpOfferingVmScannersConfiguration
DefenderForServersGcpOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
The securityConnectors resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Security/securityConnectors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityConnectors@2023-10-01-preview"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
environmentData = {
environmentType = "string"
// For remaining properties, see EnvironmentData objects
}
environmentName = "string"
hierarchyIdentifier = "string"
offerings = [
{
offeringType = "string"
// For remaining properties, see CloudOffering objects
}
]
}
kind = "string"
etag = "string"
})
}
EnvironmentData objects
Set the environmentType property to specify the type of object.
For AwsAccount , use:
environmentType = "AwsAccount"
organizationalData = {
organizationMembershipType = "string"
// For remaining properties, see AwsOrganizationalData objects
}
regions = [
"string"
]
scanInterval = int
For AzureDevOpsScope , use:
environmentType = "AzureDevOpsScope"
For GcpProject , use:
environmentType = "GcpProject"
organizationalData = {
organizationMembershipType = "string"
// For remaining properties, see GcpOrganizationalData objects
}
projectDetails = {
projectId = "string"
projectNumber = "string"
}
scanInterval = int
For GithubScope , use:
environmentType = "GithubScope"
For GitlabScope , use:
environmentType = "GitlabScope"
AwsOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
organizationMembershipType = "Member"
parentHierarchyId = "string"
For Organization , use:
organizationMembershipType = "Organization"
excludedAccountIds = [
"string"
]
stacksetName = "string"
GcpOrganizationalData objects
Set the organizationMembershipType property to specify the type of object.
For Member , use:
organizationMembershipType = "Member"
managementProjectNumber = "string"
parentHierarchyId = "string"
For Organization , use:
organizationMembershipType = "Organization"
excludedProjectNumbers = [
"string"
]
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
CloudOffering objects
Set the offeringType property to specify the type of object.
For CspmMonitorAws , use:
offeringType = "CspmMonitorAws"
nativeCloudConnection = {
cloudRoleArn = "string"
}
For CspmMonitorAzureDevOps , use:
offeringType = "CspmMonitorAzureDevOps"
For CspmMonitorGcp , use:
offeringType = "CspmMonitorGcp"
nativeCloudConnection = {
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
For CspmMonitorGithub , use:
offeringType = "CspmMonitorGithub"
For CspmMonitorGitLab , use:
offeringType = "CspmMonitorGitLab"
For DefenderCspmAws , use:
offeringType = "DefenderCspmAws"
ciem = {
ciemDiscovery = {
cloudRoleArn = "string"
}
ciemOidc = {
azureActiveDirectoryAppName = "string"
cloudRoleArn = "string"
}
}
databasesDspm = {
cloudRoleArn = "string"
enabled = bool
}
dataSensitivityDiscovery = {
cloudRoleArn = "string"
enabled = bool
}
mdcContainersAgentlessDiscoveryK8s = {
cloudRoleArn = "string"
enabled = bool
}
mdcContainersImageAssessment = {
cloudRoleArn = "string"
enabled = bool
}
vmScanners = {
configuration = {
cloudRoleArn = "string"
exclusionTags = {
{customized property} = "string"
}
scanningMode = "Default"
}
enabled = bool
}
For DefenderCspmGcp , use:
offeringType = "DefenderCspmGcp"
ciemDiscovery = {
azureActiveDirectoryAppName = "string"
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
dataSensitivityDiscovery = {
enabled = bool
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
mdcContainersAgentlessDiscoveryK8s = {
enabled = bool
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
mdcContainersImageAssessment = {
enabled = bool
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
vmScanners = {
configuration = {
exclusionTags = {
{customized property} = "string"
}
scanningMode = "Default"
}
enabled = bool
}
For DefenderForContainersAws , use:
offeringType = "DefenderForContainersAws"
autoProvisioning = bool
cloudWatchToKinesis = {
cloudRoleArn = "string"
}
containerVulnerabilityAssessment = {
cloudRoleArn = "string"
}
containerVulnerabilityAssessmentTask = {
cloudRoleArn = "string"
}
enableContainerVulnerabilityAssessment = bool
kinesisToS3 = {
cloudRoleArn = "string"
}
kubeAuditRetentionTime = int
kubernetesScubaReader = {
cloudRoleArn = "string"
}
kubernetesService = {
cloudRoleArn = "string"
}
mdcContainersAgentlessDiscoveryK8s = {
cloudRoleArn = "string"
enabled = bool
}
mdcContainersImageAssessment = {
cloudRoleArn = "string"
enabled = bool
}
scubaExternalId = "string"
For DefenderForContainersGcp , use:
offeringType = "DefenderForContainersGcp"
auditLogsAutoProvisioningFlag = bool
dataPipelineNativeCloudConnection = {
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
defenderAgentAutoProvisioningFlag = bool
mdcContainersAgentlessDiscoveryK8s = {
enabled = bool
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
mdcContainersImageAssessment = {
enabled = bool
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
nativeCloudConnection = {
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
policyAgentAutoProvisioningFlag = bool
For DefenderForDatabasesAws , use:
offeringType = "DefenderForDatabasesAws"
arcAutoProvisioning = {
cloudRoleArn = "string"
configuration = {
privateLinkScope = "string"
proxy = "string"
}
enabled = bool
}
databasesDspm = {
cloudRoleArn = "string"
enabled = bool
}
rds = {
cloudRoleArn = "string"
enabled = bool
}
For DefenderForDatabasesGcp , use:
offeringType = "DefenderForDatabasesGcp"
arcAutoProvisioning = {
configuration = {
privateLinkScope = "string"
proxy = "string"
}
enabled = bool
}
defenderForDatabasesArcAutoProvisioning = {
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
For DefenderForDevOpsAzureDevOps , use:
offeringType = "DefenderForDevOpsAzureDevOps"
For DefenderForDevOpsGithub , use:
offeringType = "DefenderForDevOpsGithub"
For DefenderForDevOpsGitLab , use:
offeringType = "DefenderForDevOpsGitLab"
For DefenderForServersAws , use:
offeringType = "DefenderForServersAws"
arcAutoProvisioning = {
cloudRoleArn = "string"
configuration = {
privateLinkScope = "string"
proxy = "string"
}
enabled = bool
}
defenderForServers = {
cloudRoleArn = "string"
}
mdeAutoProvisioning = {
enabled = bool
}
subPlan = {
type = "string"
}
vaAutoProvisioning = {
configuration = {
type = "string"
}
enabled = bool
}
vmScanners = {
configuration = {
cloudRoleArn = "string"
exclusionTags = {
{customized property} = "string"
}
scanningMode = "Default"
}
enabled = bool
}
For DefenderForServersGcp , use:
offeringType = "DefenderForServersGcp"
arcAutoProvisioning = {
configuration = {
privateLinkScope = "string"
proxy = "string"
}
enabled = bool
}
defenderForServers = {
serviceAccountEmailAddress = "string"
workloadIdentityProviderId = "string"
}
mdeAutoProvisioning = {
enabled = bool
}
subPlan = {
type = "string"
}
vaAutoProvisioning = {
configuration = {
type = "string"
}
enabled = bool
}
vmScanners = {
configuration = {
exclusionTags = {
{customized property} = "string"
}
scanningMode = "Default"
}
enabled = bool
}
For InformationProtectionAws , use:
offeringType = "InformationProtectionAws"
informationProtection = {
cloudRoleArn = "string"
}
Property values
securityConnectors
Name
Description
Value
type
The resource type
"Microsoft.Security/securityConnectors@2023-10-01-preview"
name
The resource name
string (required)
location
Location where the resource is stored
string
parent_id
To deploy to a resource group, use the ID of that resource group.
string (required)
tags
A list of key value pairs that describe the resource.
Dictionary of tag names and values.
kind
Kind of the resource
string
etag
Entity tag is used for comparing two or more entities from the same requested resource.
string
properties
Security connector data
SecurityConnectorProperties
SecurityConnectorProperties
Name
Description
Value
environmentData
The security connector environment data.
EnvironmentData
environmentName
The multi cloud resource's cloud name.
"AWS" "Azure" "AzureDevOps" "GCP" "GitLab" "Github"
hierarchyIdentifier
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
string
offerings
A collection of offerings for the security connector.
CloudOffering []
EnvironmentData
AwsEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
"AwsAccount" (required)
organizationalData
The AWS account's organizational data
AwsOrganizationalData
regions
list of regions to scan
string[]
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
AwsOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
AwsOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
"Member" (required)
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the account's parent
string
AwsOrganizationalDataMaster
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
"Organization" (required)
excludedAccountIds
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
stacksetName
If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset
string
AzureDevOpsScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
"AzureDevOpsScope" (required)
GcpProjectEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
"GcpProject" (required)
organizationalData
The Gcp project's organizational data
GcpOrganizationalData
projectDetails
The Gcp project's details
GcpProjectDetails
scanInterval
Scan interval in hours (value should be between 1-hour to 24-hours)
int
GcpOrganizationalData
Name
Description
Value
organizationMembershipType
Set the object type
Member Organization (required)
GcpOrganizationalDataMember
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
"Member" (required)
managementProjectNumber
The GCP management project number from organizational onboarding
string
parentHierarchyId
If the multi cloud account is not of membership type organization, this will be the ID of the project's parent
string
GcpOrganizationalDataOrganization
Name
Description
Value
organizationMembershipType
The multi cloud account's membership type in the organization
"Organization" (required)
excludedProjectNumbers
If the multi cloud account is of membership type organization, list of accounts excluded from offering
string[]
serviceAccountEmailAddress
The service account email address which represents the organization level permissions container.
string
workloadIdentityProviderId
The GCP workload identity provider id which represents the permissions required to auto provision security connectors
string
GcpProjectDetails
Name
Description
Value
projectId
The GCP Project id
string
projectNumber
The unique GCP Project number
string
GithubScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
"GithubScope" (required)
GitlabScopeEnvironmentData
Name
Description
Value
environmentType
The type of the environment data.
"GitlabScope" (required)
CloudOffering
CspmMonitorAwsOffering
CspmMonitorAwsOfferingNativeCloudConnection
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
CspmMonitorAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
"CspmMonitorAzureDevOps" (required)
CspmMonitorGcpOffering
CspmMonitorGcpOfferingNativeCloudConnection
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for the offering
string
CspmMonitorGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
"CspmMonitorGithub" (required)
CspmMonitorGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
"CspmMonitorGitLab" (required)
DefenderCspmAwsOffering
DefenderCspmAwsOfferingCiem
DefenderCspmAwsOfferingCiemDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for CIEM discovery
string
DefenderCspmAwsOfferingCiemOidc
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against AWS
string
cloudRoleArn
The cloud role ARN in AWS for CIEM oidc connection
string
DefenderCspmAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases DSPM protection enabled
bool
DefenderCspmAwsOfferingDataSensitivityDiscovery
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
DefenderCspmAwsOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderCspmAwsOfferingMdcContainersImageAssessment
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderCspmAwsOfferingVmScanners
DefenderCspmAwsOfferingVmScannersConfiguration
DefenderCspmAwsOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderCspmGcpOffering
DefenderCspmGcpOfferingCiemDiscovery
Name
Description
Value
azureActiveDirectoryAppName
the azure active directory app name used of authenticating against GCP workload identity federation
string
serviceAccountEmailAddress
The service account email address in GCP for CIEM discovery offering
string
workloadIdentityProviderId
The GCP workload identity provider id for CIEM discovery offering
string
DefenderCspmGcpOfferingDataSensitivityDiscovery
Name
Description
Value
enabled
Is Microsoft Defender Data Sensitivity discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersAgentlessDiscove...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingMdcContainersImageAssessment
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderCspmGcpOfferingVmScanners
DefenderCspmGcpOfferingVmScannersConfiguration
DefenderCspmGcpOfferingVmScannersConfigurationExclus...
Name
Description
Value
{customized property}
string
DefenderForContainersAwsOffering
DefenderForContainersAwsOfferingCloudWatchToKinesis
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingContainerVulnerabili...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForContainersAwsOfferingKinesisToS3
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS used by Kinesis to transfer data into S3
string
DefenderForContainersAwsOfferingKubernetesScubaReade...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for reading data
string
DefenderForContainersAwsOfferingKubernetesService
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature used for provisioning resources
string
DefenderForContainersAwsOfferingMdcContainersAgentle...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container agentless discovery K8s enabled
bool
DefenderForContainersAwsOfferingMdcContainersImageAs...
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is Microsoft Defender container image assessment enabled
bool
DefenderForContainersGcpOffering
DefenderForContainersGcpOfferingDataPipelineNativeCl...
Name
Description
Value
serviceAccountEmailAddress
The data collection service account email address in GCP for this offering
string
workloadIdentityProviderId
The data collection GCP workload identity provider id for this offering
string
DefenderForContainersGcpOfferingMdcContainersAgentle...
Name
Description
Value
enabled
Is Microsoft Defender container agentless discovery enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingMdcContainersImageAs...
Name
Description
Value
enabled
Is Microsoft Defender container image assessment enabled
bool
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForContainersGcpOfferingNativeCloudConnectio...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderFoDatabasesAwsOffering
DefenderFoDatabasesAwsOfferingArcAutoProvisioning
DefenderFoDatabasesAwsOfferingArcAutoProvisioningCon...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderFoDatabasesAwsOfferingDatabasesDspm
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is databases data security posture management (DSPM) protection enabled
bool
DefenderFoDatabasesAwsOfferingRds
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
enabled
Is RDS protection enabled
bool
DefenderForDatabasesGcpOffering
DefenderForDatabasesGcpOfferingArcAutoProvisioning
DefenderForDatabasesGcpOfferingArcAutoProvisioningCo...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional http proxy endpoint to use for the Arc agent
string
DefenderForDatabasesGcpOfferingDefenderForDatabasesA...
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this offering
string
workloadIdentityProviderId
The GCP workload identity provider id for this offering
string
DefenderForDevOpsAzureDevOpsOffering
Name
Description
Value
offeringType
The type of the security offering.
"DefenderForDevOpsAzureDevOps" (required)
DefenderForDevOpsGithubOffering
Name
Description
Value
offeringType
The type of the security offering.
"DefenderForDevOpsGithub" (required)
DefenderForDevOpsGitLabOffering
Name
Description
Value
offeringType
The type of the security offering.
"DefenderForDevOpsGitLab" (required)
DefenderForServersAwsOffering
DefenderForServersAwsOfferingArcAutoProvisioning
DefenderForServersAwsOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersAwsOfferingDefenderForServers
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string
DefenderForServersAwsOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersAwsOfferingSubPlan
Name
Description
Value
type
The available sub plans
"P1" "P2"
DefenderForServersAwsOfferingVaAutoProvisioning
DefenderForServersAwsOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
"Qualys" "TVM"
DefenderForServersAwsOfferingVmScanners
DefenderForServersAwsOfferingVmScannersConfiguration
DefenderForServersAwsOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
DefenderForServersGcpOffering
DefenderForServersGcpOfferingArcAutoProvisioning
DefenderForServersGcpOfferingArcAutoProvisioningConf...
Name
Description
Value
privateLinkScope
Optional Arc private link scope resource id to link the Arc agent
string
proxy
Optional HTTP proxy endpoint to use for the Arc agent
string
DefenderForServersGcpOfferingDefenderForServers
Name
Description
Value
serviceAccountEmailAddress
The service account email address in GCP for this feature
string
workloadIdentityProviderId
The workload identity provider id in GCP for this feature
string
DefenderForServersGcpOfferingMdeAutoProvisioning
Name
Description
Value
configuration
configuration for Microsoft Defender for Endpoint autoprovisioning
enabled
Is Microsoft Defender for Endpoint auto provisioning enabled
bool
DefenderForServersGcpOfferingSubPlan
Name
Description
Value
type
The available sub plans
"P1" "P2"
DefenderForServersGcpOfferingVaAutoProvisioning
DefenderForServersGcpOfferingVaAutoProvisioningConfi...
Name
Description
Value
type
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
"Qualys" "TVM"
DefenderForServersGcpOfferingVmScanners
DefenderForServersGcpOfferingVmScannersConfiguration
DefenderForServersGcpOfferingVmScannersConfiguration...
Name
Description
Value
{customized property}
string
Name
Description
Value
cloudRoleArn
The cloud role ARN in AWS for this feature
string