Security Connectors - List

Reference

Service:: Security Center

API Version:: 2021-12-01-preview

Lists all the security connectors in the specified subscription. Use the 'nextLink' property in the response to get the next page of security connectors for the specified subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityConnectors?api-version=2021-12-01-preview

URI Parameters

Name In Required Type Description

Name	In	Required	Type	Description
subscriptionId	path	True	string	Azure subscription ID Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API version for the operation

subscriptionId

path

True

string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version

query

True

string

API version for the operation

Responses

Name	Type	Description
200 OK	SecurityConnectorsList	OK
Other Status Codes	CloudError	Error response that describes why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List all security connectors of a specified subscription

Sample Request

HTTP

GET https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/providers/Microsoft.Security/securityConnectors?api-version=2021-12-01-preview

Sample Response

Status code:: 200

{
  "value": [
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup1/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws",
      "name": "exampleSecurityConnectorAws",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "AwsAccount"
        },
        "environmentName": "AWS",
        "offerings": [
          {
            "offeringType": "CspmMonitorAws",
            "nativeCloudConnection": {
              "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
            }
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup2/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization",
      "name": "exampleSecurityConnectorAwsOrganization",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "AwsAccount",
          "organizationalData": {
            "organizationMembershipType": "Organization",
            "stacksetName": "myStackSetName",
            "excludedAccountIds": [
              "excludedAccountIdExample"
            ]
          }
        },
        "environmentName": "AWS",
        "offerings": [
          {
            "offeringType": "CspmMonitorAws",
            "nativeCloudConnection": {
              "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
            }
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGithub",
      "name": "githubTest",
      "etag": "etag value",
      "type": "Microsoft.Security/securityconnectors",
      "location": "centralus",
      "kind": "",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/githubConnectors/exampleGithubConnector",
        "environmentName": "Github",
        "environmentData": {
          "environmentType": "GithubScope"
        },
        "offerings": [
          {
            "offeringType": "CspmMonitorGithub"
          }
        ]
      }
    },
    {
      "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp",
      "name": "exampleSecurityConnectorGcp",
      "type": "Microsoft.Security/securityConnectors",
      "etag": "etag value",
      "kind": "",
      "location": "Central US",
      "tags": {},
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-12-15T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-12-15T13:47:50.328Z"
      },
      "properties": {
        "hierarchyIdentifier": "exampleHierarchyId",
        "environmentData": {
          "environmentType": "GcpProject",
          "projectDetails": {
            "projectNumber": "exampleHierarchyId",
            "projectId": "My-0GCP-Project",
            "workloadIdentityPoolId": "6c78da41157548d3b1d8b3c72effdf8c"
          }
        },
        "environmentName": "GCP",
        "offerings": [
          {
            "offeringType": "CspmMonitorGcp",
            "nativeCloudConnection": {
              "workloadIdentityProviderId": "My workload identity provider Id",
              "serviceAccountEmailAddress": "capm@projectName.com"
            }
          }
        ]
      }
    }
  ]
}

Definitions

ArcAutoProvisioning	The ARC autoprovisioning configuration
AWSEnvironmentData	The aws connector environment data
AwsOrganizationalDataMaster	The awsOrganization data for the master account
AwsOrganizationalDataMember	The awsOrganization data for the member account
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
cloudName	The multi cloud resource's cloud name.
CloudWatchToKinesis	The cloudwatch to kinesis connection configuration
Configuration	configuration for Vulnerability Assessment autoprovisioning
createdByType	The type of identity that created the resource.
cspmMonitorAwsOffering	The CSPM monitoring for AWS offering
cspmMonitorGcpOffering	The CSPM monitoring for GCP offering
cspmMonitorGithubOffering	The CSPM monitoring for github offering
DataPipelineNativeCloudConnection	The native cloud connection configuration
defenderForContainersAwsOffering	The Defender for Containers AWS offering
defenderForContainersGcpOffering	The containers GCP offering
DefenderForServers	The Defender for servers connection configuration
defenderForServersAwsOffering	The Defender for Servers AWS offering
defenderForServersGcpOffering	The Defender for Servers GCP offering configurations
ErrorAdditionalInfo	The resource management error additional info.
GcpOrganizationalDataMember	The gcpOrganization data for the member account
GcpOrganizationalDataOrganization	The gcpOrganization data for the parent account
GcpProjectDetails	The details about the project represented by the security connector
GcpProjectEnvironmentData	The GCP project connector environment data
GithubScopeEnvironmentData	The github scope connector's environment data
InformationProtection	The native cloud connection configuration
informationProtectionAwsOffering	The information protection for AWS offering
KinesisToS3	The kinesis to s3 connection configuration
KubernetesScubaReader	The kubernetes to scuba connection configuration
KubernetesService	The kubernetes service connection configuration
MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
mdeAutoProvisioning.Configuration	configuration for Microsoft Defender for Endpoint autoprovisioning
NativeCloudConnection	The native cloud connection configuration
SecurityConnector	The security connector resource.
SecurityConnectorsList	List of security connectors response.
ServicePrincipalSecretMetadata	Metadata of Service Principal secret for autoprovisioning
SubPlan	configuration for the servers offering subPlan
subPlan	The available sub plans
systemData	Metadata pertaining to creation and last modification of the resource.
type	The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration

ArcAutoProvisioning

The ARC autoprovisioning configuration

Name	Type	Description
enabled	boolean	Is arc auto provisioning enabled
servicePrincipalSecretMetadata	ServicePrincipalSecretMetadata	Metadata of Service Principal secret for autoprovisioning

AWSEnvironmentData

The aws connector environment data

Name	Type	Description
environmentType	string: AwsAccount	The type of the environment data.
organizationalData	AwsOrganizationalData: AwsOrganizationalDataMaster AwsOrganizationalDataMember	The AWS account's organizational data

AwsOrganizationalDataMaster

The awsOrganization data for the master account

Name	Type	Description
excludedAccountIds	string[]	If the multi cloud account is of membership type organization, list of accounts excluded from offering
organizationMembershipType	string: Organization	The multi cloud account's membership type in the organization
stacksetName	string	If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset

AwsOrganizationalDataMember

The awsOrganization data for the member account

Name	Type	Description
organizationMembershipType	string: Member	The multi cloud account's membership type in the organization
parentHierarchyId	string	If the multi cloud account is not of membership type organization, this will be the ID of the account's parent

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

cloudName

The multi cloud resource's cloud name.

Name	Type	Description
AWS	string
Azure	string
GCP	string
Github	string

CloudWatchToKinesis

The cloudwatch to kinesis connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

Configuration

configuration for Vulnerability Assessment autoprovisioning

Name	Type	Description
type	type	The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

cspmMonitorAwsOffering

The CSPM monitoring for AWS offering

Name	Type	Description
description	string	The offering description.
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: CspmMonitorAws	The type of the security offering.

cspmMonitorGcpOffering

The CSPM monitoring for GCP offering

Name	Type	Description
description	string	The offering description.
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: CspmMonitorGcp	The type of the security offering.

cspmMonitorGithubOffering

The CSPM monitoring for github offering

Name	Type	Description
description	string	The offering description.
offeringType	string: CspmMonitorGithub	The type of the security offering.

DataPipelineNativeCloudConnection

The native cloud connection configuration

Name	Type	Description
serviceAccountEmailAddress	string	The data collection service account email address in GCP for this offering
workloadIdentityProviderId	string	The data collection GCP workload identity provider id for this offering

defenderForContainersAwsOffering

The Defender for Containers AWS offering

Name	Type	Description
cloudWatchToKinesis	CloudWatchToKinesis	The cloudwatch to kinesis connection configuration
description	string	The offering description.
kinesisToS3	KinesisToS3	The kinesis to s3 connection configuration
kubernetesScubaReader	KubernetesScubaReader	The kubernetes to scuba connection configuration
kubernetesService	KubernetesService	The kubernetes service connection configuration
offeringType	string: DefenderForContainersAws	The type of the security offering.

defenderForContainersGcpOffering

The containers GCP offering

Name	Type	Description
auditLogsAutoProvisioningFlag	boolean	Is audit logs data collection enabled
dataPipelineNativeCloudConnection	DataPipelineNativeCloudConnection	The native cloud connection configuration
defenderAgentAutoProvisioningFlag	boolean	Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled
description	string	The offering description.
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: DefenderForContainersGcp	The type of the security offering.
policyAgentAutoProvisioningFlag	boolean	Is Policy Kubernetes agent auto provisioning enabled

DefenderForServers

The Defender for servers connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

defenderForServersAwsOffering

The Defender for Servers AWS offering

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
defenderForServers	DefenderForServers	The Defender for servers connection configuration
description	string	The offering description.
mdeAutoProvisioning	MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
offeringType	string: DefenderForServersAws	The type of the security offering.
subPlan	SubPlan	configuration for the servers offering subPlan
vaAutoProvisioning	VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration

defenderForServersGcpOffering

The Defender for Servers GCP offering configurations

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
defenderForServers	DefenderForServers	The Defender for servers connection configuration
description	string	The offering description.
mdeAutoProvisioning	MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
offeringType	string: DefenderForServersGcp	The type of the security offering.
subPlan	SubPlan	configuration for the servers offering subPlan
vaAutoProvisioning	VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

GcpOrganizationalDataMember

The gcpOrganization data for the member account

Name	Type	Description
organizationMembershipType	string: Member	The multi cloud account's membership type in the organization
parentHierarchyId	string	If the multi cloud account is not of membership type organization, this will be the ID of the project's parent

GcpOrganizationalDataOrganization

The gcpOrganization data for the parent account

Name	Type	Description
excludedProjectNumbers	string[]	If the multi cloud account is of membership type organization, list of accounts excluded from offering
organizationMembershipType	string: Organization	The multi cloud account's membership type in the organization
serviceAccountEmailAddress	string	The service account email address which represents the organization level permissions container.
workloadIdentityProviderId	string	The GCP workload identity provider id which represents the permissions required to auto provision security connectors

GcpProjectDetails

The details about the project represented by the security connector

Name	Type	Description
projectId	string	The GCP Project id
projectNumber	string	The unique GCP Project number
workloadIdentityPoolId	string	The GCP workload identity federation pool id

GcpProjectEnvironmentData

The GCP project connector environment data

Name	Type	Description
environmentType	string: GcpProject	The type of the environment data.
organizationalData	GcpOrganizationalData: GcpOrganizationalDataMember GcpOrganizationalDataOrganization	The Gcp project's organizational data
projectDetails	GcpProjectDetails	The Gcp project's details

GithubScopeEnvironmentData

The github scope connector's environment data

Name	Type	Description
environmentType	string: GithubScope	The type of the environment data.

InformationProtection

The native cloud connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

informationProtectionAwsOffering

The information protection for AWS offering

Name	Type	Description
description	string	The offering description.
informationProtection	InformationProtection	The native cloud connection configuration
offeringType	string: InformationProtectionAws	The type of the security offering.

KinesisToS3

The kinesis to s3 connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

KubernetesScubaReader

The kubernetes to scuba connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

KubernetesService

The kubernetes service connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

MdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

Name	Type	Description
configuration	mdeAutoProvisioning.Configuration	configuration for Microsoft Defender for Endpoint autoprovisioning
enabled	boolean	Is Microsoft Defender for Endpoint auto provisioning enabled

mdeAutoProvisioning.Configuration

configuration for Microsoft Defender for Endpoint autoprovisioning

NativeCloudConnection

The native cloud connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

SecurityConnector

The security connector resource.

Name	Type	Description
etag	string	Entity tag is used for comparing two or more entities from the same requested resource.
id	string	Resource Id
kind	string	Kind of the resource
location	string	Location where the resource is stored
name	string	Resource name
properties.environmentData	EnvironmentData: AWSEnvironmentData GcpProjectEnvironmentData GithubScopeEnvironmentData	The security connector environment data.
properties.environmentName	cloudName	The multi cloud resource's cloud name.
properties.hierarchyIdentifier	string	The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
properties.offerings	cloudOffering[]: cspmMonitorAwsOffering[] cspmMonitorGcpOffering[] cspmMonitorGithubOffering[] defenderForContainersAwsOffering[] defenderForContainersGcpOffering[] defenderForServersAwsOffering[] defenderForServersGcpOffering[] informationProtectionAwsOffering[]	A collection of offerings for the security connector.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	A list of key value pairs that describe the resource.
type	string	Resource type

SecurityConnectorsList

List of security connectors response.

Name	Type	Description
nextLink	string	The URI to fetch the next page.
value	SecurityConnector[]	The list of security connectors under the given scope.

ServicePrincipalSecretMetadata

Metadata of Service Principal secret for autoprovisioning

Name	Type	Description
expiryDate	string	expiration date of service principal secret
parameterNameInStore	string	name of secret resource in parameter store
parameterStoreRegion	string	region of parameter store where secret is kept

SubPlan

configuration for the servers offering subPlan

Name	Type	Description
type	subPlan	The available sub plans

subPlan

The available sub plans

Name	Type	Description
P1	string
P2	string

systemData

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

type

The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'

Name	Type	Description
Qualys	string
TVM	string

VaAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration

Name	Type	Description
configuration	Configuration	configuration for Vulnerability Assessment autoprovisioning
enabled	boolean	Is Vulnerability Assessment auto provisioning enabled