Security Connectors - List

Lists all the security connectors in the specified subscription. Use the 'nextLink' property in the response to get the next page of security connectors for the specified subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityConnectors?api-version=2021-12-01-preview

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version
query True
  • string

API version for the operation

Responses

Name Type Description
200 OK

OK

Other Status Codes

Error response that describes why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List all security connectors of a specified subscription

Sample Request

GET https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/providers/Microsoft.Security/securityConnectors?api-version=2021-12-01-preview

Sample Response

{
  "value": [
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup1/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws",
      "name": "exampleSecurityConnectorAws",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "AwsAccount"
        },
        "environmentName": "AWS",
        "offerings": [
          {
            "offeringType": "CspmMonitorAws",
            "nativeCloudConnection": {
              "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
            }
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup2/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization",
      "name": "exampleSecurityConnectorAwsOrganization",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "AwsAccount",
          "organizationalData": {
            "organizationMembershipType": "Organization",
            "stacksetName": "myStackSetName",
            "excludedAccountIds": [
              "excludedAccountIdExample"
            ]
          }
        },
        "environmentName": "AWS",
        "offerings": [
          {
            "offeringType": "CspmMonitorAws",
            "nativeCloudConnection": {
              "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
            }
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGithub",
      "name": "githubTest",
      "etag": "etag value",
      "type": "Microsoft.Security/securityconnectors",
      "location": "centralus",
      "kind": "",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/githubConnectors/exampleGithubConnector",
        "environmentName": "Github",
        "environmentData": {
          "environmentType": "GithubScope"
        },
        "offerings": [
          {
            "offeringType": "CspmMonitorGithub"
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp",
      "name": "exampleSecurityConnectorGcp",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "GcpProject",
          "projectDetails": {
            "projectNumber": "exampleHierarchyId",
            "projectId": "My-0GCP-Project",
            "workloadIdentityPoolId": "6c78da41157548d3b1d8b3c72effdf8c"
          }
        },
        "environmentName": "GCP",
        "offerings": [
          {
            "offeringType": "CspmMonitorGcp",
            "nativeCloudConnection": {
              "workloadIdentityProviderId": "My workload identity provider Id",
              "serviceAccountEmailAddress": "capm@projectName.com"
            }
          }
        ]
      }
    }
  ]
}

Definitions

ArcAutoProvisioning

The ARC autoprovisioning configuration

AWSEnvironmentData

The aws connector environment data

AwsOrganizationalDataMaster

The awsOrganization data for the master account

AwsOrganizationalDataMember

The awsOrganization data for the member account

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

cloudName

The multi cloud resource's cloud name.

CloudWatchToKinesis

The cloudwatch to kinesis connection configuration

Configuration

configuration for Vulnerability Assessment autoprovisioning

createdByType

The type of identity that created the resource.

cspmMonitorAwsOffering

The CSPM monitoring for AWS offering

cspmMonitorGcpOffering

The CSPM monitoring for GCP offering

cspmMonitorGithubOffering

The CSPM monitoring for github offering

DataPipelineNativeCloudConnection

The native cloud connection configuration

defenderForContainersAwsOffering

The Defender for Containers AWS offering

defenderForContainersGcpOffering

The containers GCP offering

DefenderForServers

The Defender for servers connection configuration

defenderForServersAwsOffering

The Defender for Servers AWS offering

defenderForServersGcpOffering

The Defender for Servers GCP offering configurations

ErrorAdditionalInfo

The resource management error additional info.

GcpOrganizationalDataMember

The gcpOrganization data for the member account

GcpOrganizationalDataOrganization

The gcpOrganization data for the parent account

GcpProjectDetails

The details about the project represented by the security connector

GcpProjectEnvironmentData

The GCP project connector environment data

GithubScopeEnvironmentData

The github scope connector's environment data

InformationProtection

The native cloud connection configuration

informationProtectionAwsOffering

The information protection for AWS offering

KinesisToS3

The kinesis to s3 connection configuration

KubernetesScubaReader

The kubernetes to scuba connection configuration

KubernetesService

The kubernetes service connection configuration

MdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

mdeAutoProvisioning.Configuration

configuration for Microsoft Defender for Endpoint autoprovisioning

NativeCloudConnection

The native cloud connection configuration

SecurityConnector

The security connector resource.

SecurityConnectorsList

List of security connectors response.

ServicePrincipalSecretMetadata

Metadata of Service Principal secret for autoprovisioning

SubPlan

configuration for the servers offering subPlan

subPlan

The available sub plans

systemData

Metadata pertaining to creation and last modification of the resource.

type

The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'

VaAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration

ArcAutoProvisioning

The ARC autoprovisioning configuration

Name Type Description
enabled
  • boolean

Is arc auto provisioning enabled

servicePrincipalSecretMetadata

Metadata of Service Principal secret for autoprovisioning

AWSEnvironmentData

The aws connector environment data

Name Type Description
environmentType string:
  • AwsAccount

The type of the environment data.

organizationalData AwsOrganizationalData:

The AWS account's organizational data

AwsOrganizationalDataMaster

The awsOrganization data for the master account

Name Type Description
excludedAccountIds
  • string[]

If the multi cloud account is of membership type organization, list of accounts excluded from offering

organizationMembershipType string:
  • Organization

The multi cloud account's membership type in the organization

stacksetName
  • string

If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset

AwsOrganizationalDataMember

The awsOrganization data for the member account

Name Type Description
organizationMembershipType string:
  • Member

The multi cloud account's membership type in the organization

parentHierarchyId
  • string

If the multi cloud account is not of membership type organization, this will be the ID of the account's parent

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

The error additional info.

error.code
  • string

The error code.

error.details

The error details.

error.message
  • string

The error message.

error.target
  • string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

The error additional info.

code
  • string

The error code.

details

The error details.

message
  • string

The error message.

target
  • string

The error target.

cloudName

The multi cloud resource's cloud name.

Name Type Description
AWS
  • string
Azure
  • string
GCP
  • string
Github
  • string

CloudWatchToKinesis

The cloudwatch to kinesis connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

Configuration

configuration for Vulnerability Assessment autoprovisioning

Name Type Description
type

The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'

createdByType

The type of identity that created the resource.

Name Type Description
Application
  • string
Key
  • string
ManagedIdentity
  • string
User
  • string

cspmMonitorAwsOffering

The CSPM monitoring for AWS offering

Name Type Description
description
  • string

The offering description.

nativeCloudConnection

The native cloud connection configuration

offeringType string:
  • CspmMonitorAws

The type of the security offering.

cspmMonitorGcpOffering

The CSPM monitoring for GCP offering

Name Type Description
description
  • string

The offering description.

nativeCloudConnection

The native cloud connection configuration

offeringType string:
  • CspmMonitorGcp

The type of the security offering.

cspmMonitorGithubOffering

The CSPM monitoring for github offering

Name Type Description
description
  • string

The offering description.

offeringType string:
  • CspmMonitorGithub

The type of the security offering.

DataPipelineNativeCloudConnection

The native cloud connection configuration

Name Type Description
serviceAccountEmailAddress
  • string

The data collection service account email address in GCP for this offering

workloadIdentityProviderId
  • string

The data collection GCP workload identity provider id for this offering

defenderForContainersAwsOffering

The Defender for Containers AWS offering

Name Type Description
cloudWatchToKinesis

The cloudwatch to kinesis connection configuration

description
  • string

The offering description.

kinesisToS3

The kinesis to s3 connection configuration

kubernetesScubaReader

The kubernetes to scuba connection configuration

kubernetesService

The kubernetes service connection configuration

offeringType string:
  • DefenderForContainersAws

The type of the security offering.

defenderForContainersGcpOffering

The containers GCP offering

Name Type Description
auditLogsAutoProvisioningFlag
  • boolean

Is audit logs data collection enabled

dataPipelineNativeCloudConnection

The native cloud connection configuration

defenderAgentAutoProvisioningFlag
  • boolean

Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled

description
  • string

The offering description.

nativeCloudConnection

The native cloud connection configuration

offeringType string:
  • DefenderForContainersGcp

The type of the security offering.

policyAgentAutoProvisioningFlag
  • boolean

Is Policy Kubernetes agent auto provisioning enabled

DefenderForServers

The Defender for servers connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

defenderForServersAwsOffering

The Defender for Servers AWS offering

Name Type Description
arcAutoProvisioning

The ARC autoprovisioning configuration

defenderForServers

The Defender for servers connection configuration

description
  • string

The offering description.

mdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

offeringType string:
  • DefenderForServersAws

The type of the security offering.

subPlan

configuration for the servers offering subPlan

vaAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration

defenderForServersGcpOffering

The Defender for Servers GCP offering configurations

Name Type Description
arcAutoProvisioning

The ARC autoprovisioning configuration

defenderForServers

The Defender for servers connection configuration

description
  • string

The offering description.

mdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

offeringType string:
  • DefenderForServersGcp

The type of the security offering.

subPlan

configuration for the servers offering subPlan

vaAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info
  • object

The additional info.

type
  • string

The additional info type.

GcpOrganizationalDataMember

The gcpOrganization data for the member account

Name Type Description
organizationMembershipType string:
  • Member

The multi cloud account's membership type in the organization

parentHierarchyId
  • string

If the multi cloud account is not of membership type organization, this will be the ID of the project's parent

GcpOrganizationalDataOrganization

The gcpOrganization data for the parent account

Name Type Description
excludedProjectNumbers
  • string[]

If the multi cloud account is of membership type organization, list of accounts excluded from offering

organizationMembershipType string:
  • Organization

The multi cloud account's membership type in the organization

serviceAccountEmailAddress
  • string

The service account email address which represents the organization level permissions container.

workloadIdentityProviderId
  • string

The GCP workload identity provider id which represents the permissions required to auto provision security connectors

GcpProjectDetails

The details about the project represented by the security connector

Name Type Description
projectId
  • string

The GCP Project id

projectNumber
  • string

The unique GCP Project number

workloadIdentityPoolId
  • string

The GCP workload identity federation pool id

GcpProjectEnvironmentData

The GCP project connector environment data

Name Type Description
environmentType string:
  • GcpProject

The type of the environment data.

organizationalData GcpOrganizationalData:

The Gcp project's organizational data

projectDetails

The Gcp project's details

GithubScopeEnvironmentData

The github scope connector's environment data

Name Type Description
environmentType string:
  • GithubScope

The type of the environment data.

InformationProtection

The native cloud connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

informationProtectionAwsOffering

The information protection for AWS offering

Name Type Description
description
  • string

The offering description.

informationProtection

The native cloud connection configuration

offeringType string:
  • InformationProtectionAws

The type of the security offering.

KinesisToS3

The kinesis to s3 connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

KubernetesScubaReader

The kubernetes to scuba connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

KubernetesService

The kubernetes service connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

MdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

Name Type Description
configuration

configuration for Microsoft Defender for Endpoint autoprovisioning

enabled
  • boolean

Is Microsoft Defender for Endpoint auto provisioning enabled

mdeAutoProvisioning.Configuration

configuration for Microsoft Defender for Endpoint autoprovisioning

NativeCloudConnection

The native cloud connection configuration

Name Type Description
cloudRoleArn
  • string

The cloud role ARN in AWS for this feature

SecurityConnector

The security connector resource.

Name Type Description
etag
  • string

Entity tag is used for comparing two or more entities from the same requested resource.

id
  • string

Resource Id

kind
  • string

Kind of the resource

location
  • string

Location where the resource is stored

name
  • string

Resource name

properties.environmentData EnvironmentData:

The security connector environment data.

properties.environmentName

The multi cloud resource's cloud name.

properties.hierarchyIdentifier
  • string

The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).

properties.offerings cloudOffering[]:

A collection of offerings for the security connector.

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

tags
  • object

A list of key value pairs that describe the resource.

type
  • string

Resource type

SecurityConnectorsList

List of security connectors response.

Name Type Description
nextLink
  • string

The URI to fetch the next page.

value

The list of security connectors under the given scope.

ServicePrincipalSecretMetadata

Metadata of Service Principal secret for autoprovisioning

Name Type Description
expiryDate
  • string

expiration date of service principal secret

parameterNameInStore
  • string

name of secret resource in parameter store

parameterStoreRegion
  • string

region of parameter store where secret is kept

SubPlan

configuration for the servers offering subPlan

Name Type Description
type

The available sub plans

subPlan

The available sub plans

Name Type Description
P1
  • string
P2
  • string

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt
  • string

The timestamp of resource creation (UTC).

createdBy
  • string

The identity that created the resource.

createdByType

The type of identity that created the resource.

lastModifiedAt
  • string

The timestamp of resource last modification (UTC)

lastModifiedBy
  • string

The identity that last modified the resource.

lastModifiedByType

The type of identity that last modified the resource.

type

The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'

Name Type Description
Qualys
  • string
TVM
  • string

VaAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration

Name Type Description
configuration

configuration for Vulnerability Assessment autoprovisioning

enabled
  • boolean

Is Vulnerability Assessment auto provisioning enabled