Security Connectors - Update

Reference

Service:: Defender for Cloud

API Version:: 2023-10-01-preview

Updates a security connector

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}?api-version=2023-10-01-preview

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: `^[-\w\._]+$`
securityConnectorName	path	True	string	The security connector name.
subscriptionId	path	True	string	Azure subscription ID Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API version for the operation

Request Body

Name	Type	Description
etag	string	Entity tag is used for comparing two or more entities from the same requested resource.
kind	string	Kind of the resource
location	string	Location where the resource is stored
properties.environmentData	EnvironmentData: AwsEnvironmentData GcpProjectEnvironmentData GithubScopeEnvironmentData AzureDevOpsScopeEnvironmentData GitlabScopeEnvironmentData	The security connector environment data.
properties.environmentName	cloudName	The multi cloud resource's cloud name.
properties.hierarchyIdentifier	string	The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector).
properties.offerings	cloudOffering[]: cspmMonitorAwsOffering[] defenderForContainersAwsOffering[] defenderForServersAwsOffering[] defenderFoDatabasesAwsOffering[] informationProtectionAwsOffering[] cspmMonitorGcpOffering[] defenderForServersGcpOffering[] defenderForDatabasesGcpOffering[] defenderForContainersGcpOffering[] cspmMonitorGithubOffering[] cspmMonitorAzureDevOpsOffering[] defenderCspmAwsOffering[] defenderCspmGcpOffering[] defenderForDevOpsGithubOffering[] defenderForDevOpsAzureDevOpsOffering[] cspmMonitorGitLabOffering[] defenderForDevOpsGitLabOffering[]	A collection of offerings for the security connector.
tags	object	A list of key value pairs that describe the resource.

Responses

Name	Type	Description
200 OK	SecurityConnector	OK
Other Status Codes	CloudError	Error response that describes why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Update a security connector

Sample Request

PATCH https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName?api-version=2023-10-01-preview

{
  "location": "Central US",
  "etag": "etag value (must be supplied for update)",
  "tags": {},
  "properties": {
    "hierarchyIdentifier": "exampleHierarchyId",
    "environmentData": {
      "environmentType": "AwsAccount"
    },
    "environmentName": "AWS",
    "offerings": [
      {
        "offeringType": "CspmMonitorAws",
        "nativeCloudConnection": {
          "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
        }
      }
    ]
  }
}


import com.azure.resourcemanager.security.models.AwsEnvironmentData;
import com.azure.resourcemanager.security.models.CloudName;
import com.azure.resourcemanager.security.models.CspmMonitorAwsOffering;
import com.azure.resourcemanager.security.models.CspmMonitorAwsOfferingNativeCloudConnection;
import com.azure.resourcemanager.security.models.SecurityConnector;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for SecurityConnectors Update.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2023-10-01-preview/examples/SecurityConnectors
     * /PatchSecurityConnector_example.json
     */
    /**
     * Sample code: Update a security connector.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void updateASecurityConnector(com.azure.resourcemanager.security.SecurityManager manager) {
        SecurityConnector resource = manager.securityConnectors().getByResourceGroupWithResponse("exampleResourceGroup",
            "exampleSecurityConnectorName", com.azure.core.util.Context.NONE).getValue();
        resource.update().withTags(mapOf()).withHierarchyIdentifier("exampleHierarchyId")
            .withEnvironmentName(CloudName.AWS)
            .withOfferings(Arrays.asList(
                new CspmMonitorAwsOffering().withNativeCloudConnection(new CspmMonitorAwsOfferingNativeCloudConnection()
                    .withCloudRoleArn("arn:aws:iam::00000000:role/ASCMonitor"))))
            .withEnvironmentData(new AwsEnvironmentData()).apply();
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/preview/2023-10-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json
func ExampleConnectorsClient_Update() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewConnectorsClient().Update(ctx, "exampleResourceGroup", "exampleSecurityConnectorName", armsecurity.Connector{
		Location: to.Ptr("Central US"),
		Etag:     to.Ptr("etag value (must be supplied for update)"),
		Tags:     map[string]*string{},
		Properties: &armsecurity.ConnectorProperties{
			EnvironmentData: &armsecurity.AwsEnvironmentData{
				EnvironmentType: to.Ptr(armsecurity.EnvironmentTypeAwsAccount),
			},
			EnvironmentName:     to.Ptr(armsecurity.CloudNameAWS),
			HierarchyIdentifier: to.Ptr("exampleHierarchyId"),
			Offerings: []armsecurity.CloudOfferingClassification{
				&armsecurity.CspmMonitorAwsOffering{
					OfferingType: to.Ptr(armsecurity.OfferingTypeCspmMonitorAws),
					NativeCloudConnection: &armsecurity.CspmMonitorAwsOfferingNativeCloudConnection{
						CloudRoleArn: to.Ptr("arn:aws:iam::00000000:role/ASCMonitor"),
					},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Connector = armsecurity.Connector{
	// 	Location: to.Ptr("Central US"),
	// 	Etag: to.Ptr("etag value"),
	// 	Kind: to.Ptr(""),
	// 	Name: to.Ptr("exampleSecurityConnectorName"),
	// 	Type: to.Ptr("Microsoft.Security/securityConnectors"),
	// 	ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName"),
	// 	Tags: map[string]*string{
	// 	},
	// 	Properties: &armsecurity.ConnectorProperties{
	// 		EnvironmentData: &armsecurity.AwsEnvironmentData{
	// 			EnvironmentType: to.Ptr(armsecurity.EnvironmentTypeAwsAccount),
	// 		},
	// 		EnvironmentName: to.Ptr(armsecurity.CloudNameAWS),
	// 		HierarchyIdentifier: to.Ptr("exampleHierarchyId"),
	// 		Offerings: []armsecurity.CloudOfferingClassification{
	// 			&armsecurity.CspmMonitorAwsOffering{
	// 				OfferingType: to.Ptr(armsecurity.OfferingTypeCspmMonitorAws),
	// 				NativeCloudConnection: &armsecurity.CspmMonitorAwsOfferingNativeCloudConnection{
	// 					CloudRoleArn: to.Ptr("arn:aws:iam::00000000:role/ASCMonitor"),
	// 				},
	// 		}},
	// 	},
	// 	SystemData: &armsecurity.SystemData{
	// 		CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-08-31T13:47:50.328Z"); return t}()),
	// 		CreatedBy: to.Ptr("user@contoso.com"),
	// 		CreatedByType: to.Ptr(armsecurity.CreatedByTypeUser),
	// 		LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-08-31T13:47:50.328Z"); return t}()),
	// 		LastModifiedBy: to.Ptr("user@contoso.com"),
	// 		LastModifiedByType: to.Ptr(armsecurity.CreatedByTypeUser),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2023-10-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json
// this example is just showing the usage of "SecurityConnectors_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityConnectorResource created on azure
// for more information of creating SecurityConnectorResource, please refer to the document of SecurityConnectorResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string securityConnectorName = "exampleSecurityConnectorName";
ResourceIdentifier securityConnectorResourceId = SecurityConnectorResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, securityConnectorName);
SecurityConnectorResource securityConnector = client.GetSecurityConnectorResource(securityConnectorResourceId);

// invoke the operation
SecurityConnectorData data = new SecurityConnectorData(new AzureLocation("Central US"))
{
    HierarchyIdentifier = "exampleHierarchyId",
    EnvironmentName = SecurityCenterCloudName.Aws,
    Offerings =
    {
    new CspmMonitorAwsOffering()
    {
    CloudRoleArn = "arn:aws:iam::00000000:role/ASCMonitor",
    }
    },
    EnvironmentData = new AwsEnvironment(),
    ETag = new ETag("etag value (must be supplied for update)"),
    Tags =
    {
    },
};
SecurityConnectorResource result = await securityConnector.UpdateAsync(data);

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityConnectorData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName",
  "name": "exampleSecurityConnectorName",
  "type": "Microsoft.Security/securityConnectors",
  "location": "Central US",
  "kind": "",
  "etag": "etag value",
  "tags": {},
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "hierarchyIdentifier": "exampleHierarchyId",
    "environmentData": {
      "environmentType": "AwsAccount"
    },
    "environmentName": "AWS",
    "offerings": [
      {
        "offeringType": "CspmMonitorAws",
        "nativeCloudConnection": {
          "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor"
        }
      }
    ]
  }
}

Definitions

Name	Description
ArcAutoProvisioning	The ARC autoprovisioning configuration
arcAutoProvisioning.Configuration	Configuration for servers Arc auto provisioning
AwsEnvironmentData	The AWS connector environment data
AwsOrganizationalDataMaster	The AWS organization data for the master account
AwsOrganizationalDataMember	The AWS organization data for the member account
AzureDevOpsScopeEnvironmentData	The AzureDevOps scope connector's environment data
Ciem	Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations
CiemDiscovery	GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations
CiemOidc	Defender CSPM CIEM AWS OIDC (open id connect) configuration
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
cloudName	The multi cloud resource's cloud name.
CloudWatchToKinesis	The cloudwatch to kinesis connection configuration
Configuration	configuration for Microsoft Defender for Server VM scanning
ContainerVulnerabilityAssessment	The container vulnerability assessment configuration
ContainerVulnerabilityAssessmentTask	The container vulnerability assessment task configuration
createdByType	The type of identity that created the resource.
cspmMonitorAwsOffering	The CSPM monitoring for AWS offering
cspmMonitorAzureDevOpsOffering	The CSPM monitoring for AzureDevOps offering
cspmMonitorGcpOffering	The CSPM monitoring for GCP offering
cspmMonitorGithubOffering	The CSPM monitoring for github offering
cspmMonitorGitLabOffering	The CSPM (Cloud security posture management) monitoring for gitlab offering
DatabasesDspm	The databases data security posture management (DSPM) configuration
DataPipelineNativeCloudConnection	The native cloud connection configuration
DataSensitivityDiscovery	The Microsoft Defender Data Sensitivity discovery configuration
defenderCspmAwsOffering	The CSPM P1 for AWS offering
defenderCspmGcpOffering	The CSPM P1 for GCP offering
defenderFoDatabasesAwsOffering	The Defender for Databases AWS offering
defenderForContainersAwsOffering	The Defender for Containers AWS offering
defenderForContainersGcpOffering	The containers GCP offering
DefenderForDatabasesArcAutoProvisioning	The native cloud connection configuration
defenderForDatabasesGcpOffering	The Defender for Databases GCP offering configurations
defenderForDevOpsAzureDevOpsOffering	The Defender for DevOps for Azure DevOps offering
defenderForDevOpsGithubOffering	The Defender for DevOps for Github offering
defenderForDevOpsGitLabOffering	The Defender for DevOps for Gitlab offering
DefenderForServers	The Defender for servers connection configuration
defenderForServersAwsOffering	The Defender for Servers AWS offering
defenderForServersGcpOffering	The Defender for Servers GCP offering configurations
ErrorAdditionalInfo	The resource management error additional info.
GcpOrganizationalDataMember	The gcpOrganization data for the member account
GcpOrganizationalDataOrganization	The gcpOrganization data for the parent account
GcpProjectDetails	The details about the project represented by the security connector
GcpProjectEnvironmentData	The GCP project connector environment data
GithubScopeEnvironmentData	The github scope connector's environment data
GitlabScopeEnvironmentData	The GitLab scope connector's environment data
InformationProtection	The native cloud connection configuration
informationProtectionAwsOffering	The information protection for AWS offering
KinesisToS3	The kinesis to s3 connection configuration
KubernetesScubaReader	The kubernetes to scuba connection configuration
KubernetesService	The kubernetes service connection configuration
MdcContainersAgentlessDiscoveryK8s	The Microsoft Defender container agentless discovery K8s configuration
MdcContainersImageAssessment	The Microsoft Defender container image assessment configuration
MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
mdeAutoProvisioning.Configuration	configuration for Microsoft Defender for Endpoint autoprovisioning
NativeCloudConnection	The native cloud connection configuration
Rds	The RDS configuration
scanningMode	The scanning mode for the VM scan.
SecurityConnector	The security connector resource.
SubPlan	configuration for the servers offering subPlan
subPlan	The available sub plans
systemData	Metadata pertaining to creation and last modification of the resource.
type	The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'
VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration
vaAutoProvisioning.Configuration	configuration for Vulnerability Assessment autoprovisioning
VmScanners	The Microsoft Defender for Server VM scanning configuration

ArcAutoProvisioning

The ARC autoprovisioning configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
configuration	arcAutoProvisioning.Configuration	Configuration for servers Arc auto provisioning
enabled	boolean	Is arc auto provisioning enabled

arcAutoProvisioning.Configuration

Configuration for servers Arc auto provisioning

Name	Type	Description
privateLinkScope	string	Optional Arc private link scope resource id to link the Arc agent
proxy	string	Optional HTTP proxy endpoint to use for the Arc agent

AwsEnvironmentData

The AWS connector environment data

Name	Type	Description
accountName	string	The AWS account name
environmentType	string: AwsAccount	The type of the environment data.
organizationalData	AwsOrganizationalData: AwsOrganizationalDataMaster AwsOrganizationalDataMember	The AWS account's organizational data
regions	string[]	list of regions to scan
scanInterval	integer	Scan interval in hours (value should be between 1-hour to 24-hours)

AwsOrganizationalDataMaster

The AWS organization data for the master account

Name	Type	Description
excludedAccountIds	string[]	If the multi cloud account is of membership type organization, list of accounts excluded from offering
organizationMembershipType	string: Organization	The multi cloud account's membership type in the organization
stacksetName	string	If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset

AwsOrganizationalDataMember

The AWS organization data for the member account

Name	Type	Description
organizationMembershipType	string: Member	The multi cloud account's membership type in the organization
parentHierarchyId	string	If the multi cloud account is not of membership type organization, this will be the ID of the account's parent

AzureDevOpsScopeEnvironmentData

The AzureDevOps scope connector's environment data

Name	Type	Description
environmentType	string: AzureDevOpsScope	The type of the environment data.

Ciem

Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations

Name	Type	Description
ciemDiscovery	CiemDiscovery	Defender CSPM CIEM discovery configuration
ciemOidc	CiemOidc	Defender CSPM CIEM AWS OIDC (open id connect) configuration

CiemDiscovery

GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations

Name	Type	Description
azureActiveDirectoryAppName	string	the azure active directory app name used of authenticating against GCP workload identity federation
serviceAccountEmailAddress	string	The service account email address in GCP for CIEM discovery offering
workloadIdentityProviderId	string	The GCP workload identity provider id for CIEM discovery offering

CiemOidc

Defender CSPM CIEM AWS OIDC (open id connect) configuration

Name	Type	Description
azureActiveDirectoryAppName	string	the azure active directory app name used of authenticating against AWS
cloudRoleArn	string	The cloud role ARN in AWS for CIEM oidc connection

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

cloudName

The multi cloud resource's cloud name.

Name	Type	Description
AWS	string
Azure	string
AzureDevOps	string
GCP	string
GitLab	string
Github	string

CloudWatchToKinesis

The cloudwatch to kinesis connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis

Configuration

configuration for Microsoft Defender for Server VM scanning

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
exclusionTags	object	VM tags that indicates that VM should not be scanned
scanningMode	scanningMode	The scanning mode for the VM scan.

ContainerVulnerabilityAssessment

The container vulnerability assessment configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

ContainerVulnerabilityAssessmentTask

The container vulnerability assessment task configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

cspmMonitorAwsOffering

The CSPM monitoring for AWS offering

Name	Type	Description
description	string	The offering description.
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: CspmMonitorAws	The type of the security offering.

cspmMonitorAzureDevOpsOffering

The CSPM monitoring for AzureDevOps offering

Name	Type	Description
description	string	The offering description.
offeringType	string: CspmMonitorAzureDevOps	The type of the security offering.

cspmMonitorGcpOffering

The CSPM monitoring for GCP offering

Name	Type	Description
description	string	The offering description.
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: CspmMonitorGcp	The type of the security offering.

cspmMonitorGithubOffering

The CSPM monitoring for github offering

Name	Type	Description
description	string	The offering description.
offeringType	string: CspmMonitorGithub	The type of the security offering.

cspmMonitorGitLabOffering

The CSPM (Cloud security posture management) monitoring for gitlab offering

Name	Type	Description
description	string	The offering description.
offeringType	string: CspmMonitorGitLab	The type of the security offering.

DatabasesDspm

The databases data security posture management (DSPM) configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
enabled	boolean	Is databases data security posture management (DSPM) protection enabled

DataPipelineNativeCloudConnection

The native cloud connection configuration

Name	Type	Description
serviceAccountEmailAddress	string	The data collection service account email address in GCP for this offering
workloadIdentityProviderId	string	The data collection GCP workload identity provider id for this offering

DataSensitivityDiscovery

The Microsoft Defender Data Sensitivity discovery configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
enabled	boolean	Is Microsoft Defender Data Sensitivity discovery enabled

defenderCspmAwsOffering

The CSPM P1 for AWS offering

Name	Type	Description
ciem	Ciem	Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations
dataSensitivityDiscovery	DataSensitivityDiscovery	The Microsoft Defender Data Sensitivity discovery configuration
databasesDspm	DatabasesDspm	The databases DSPM configuration
description	string	The offering description.
mdcContainersAgentlessDiscoveryK8s	MdcContainersAgentlessDiscoveryK8s	The Microsoft Defender container agentless discovery K8s configuration
mdcContainersImageAssessment	MdcContainersImageAssessment	The Microsoft Defender container image assessment configuration
offeringType	string: DefenderCspmAws	The type of the security offering.
vmScanners	VmScanners	The Microsoft Defender for Server VM scanning configuration

defenderCspmGcpOffering

The CSPM P1 for GCP offering

Name	Type	Description
ciemDiscovery	CiemDiscovery	GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations
dataSensitivityDiscovery	DataSensitivityDiscovery	The Microsoft Defender Data Sensitivity discovery configuration
description	string	The offering description.
mdcContainersAgentlessDiscoveryK8s	MdcContainersAgentlessDiscoveryK8s	The Microsoft Defender Container agentless discovery configuration
mdcContainersImageAssessment	MdcContainersImageAssessment	The Microsoft Defender Container image assessment configuration
offeringType	string: DefenderCspmGcp	The type of the security offering.
vmScanners	VmScanners	The Microsoft Defender for Server VM scanning configuration

defenderFoDatabasesAwsOffering

The Defender for Databases AWS offering

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
databasesDspm	DatabasesDspm	The databases data security posture management (DSPM) configuration
description	string	The offering description.
offeringType	string: DefenderForDatabasesAws	The type of the security offering.
rds	Rds	The RDS configuration

defenderForContainersAwsOffering

The Defender for Containers AWS offering

Name	Type	Description
autoProvisioning	boolean	Is audit logs pipeline auto provisioning enabled
cloudWatchToKinesis	CloudWatchToKinesis	The cloudwatch to kinesis connection configuration
containerVulnerabilityAssessment	ContainerVulnerabilityAssessment	The container vulnerability assessment configuration
containerVulnerabilityAssessmentTask	ContainerVulnerabilityAssessmentTask	The container vulnerability assessment task configuration
description	string	The offering description.
enableContainerVulnerabilityAssessment	boolean	Enable container vulnerability assessment feature
kinesisToS3	KinesisToS3	The kinesis to s3 connection configuration
kubeAuditRetentionTime	integer	The retention time in days of kube audit logs set on the CloudWatch log group
kubernetesScubaReader	KubernetesScubaReader	The kubernetes to scuba connection configuration
kubernetesService	KubernetesService	The kubernetes service connection configuration
mdcContainersAgentlessDiscoveryK8s	MdcContainersAgentlessDiscoveryK8s	The Microsoft Defender container agentless discovery K8s configuration
mdcContainersImageAssessment	MdcContainersImageAssessment	The Microsoft Defender container image assessment configuration
offeringType	string: DefenderForContainersAws	The type of the security offering.
scubaExternalId	string	The externalId used by the data reader to prevent the confused deputy attack

defenderForContainersGcpOffering

The containers GCP offering

Name	Type	Description
auditLogsAutoProvisioningFlag	boolean	Is audit logs data collection enabled
dataPipelineNativeCloudConnection	DataPipelineNativeCloudConnection	The native cloud connection configuration
defenderAgentAutoProvisioningFlag	boolean	Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled
description	string	The offering description.
mdcContainersAgentlessDiscoveryK8s	MdcContainersAgentlessDiscoveryK8s	The Microsoft Defender Container agentless discovery configuration
mdcContainersImageAssessment	MdcContainersImageAssessment	The Microsoft Defender Container image assessment configuration
nativeCloudConnection	NativeCloudConnection	The native cloud connection configuration
offeringType	string: DefenderForContainersGcp	The type of the security offering.
policyAgentAutoProvisioningFlag	boolean	Is Policy Kubernetes agent auto provisioning enabled

DefenderForDatabasesArcAutoProvisioning

The native cloud connection configuration

Name	Type	Description
serviceAccountEmailAddress	string	The service account email address in GCP for this offering
workloadIdentityProviderId	string	The GCP workload identity provider id for this offering

defenderForDatabasesGcpOffering

The Defender for Databases GCP offering configurations

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
defenderForDatabasesArcAutoProvisioning	DefenderForDatabasesArcAutoProvisioning	The native cloud connection configuration
description	string	The offering description.
offeringType	string: DefenderForDatabasesGcp	The type of the security offering.

defenderForDevOpsAzureDevOpsOffering

The Defender for DevOps for Azure DevOps offering

Name	Type	Description
description	string	The offering description.
offeringType	string: DefenderForDevOpsAzureDevOps	The type of the security offering.

defenderForDevOpsGithubOffering

The Defender for DevOps for Github offering

Name	Type	Description
description	string	The offering description.
offeringType	string: DefenderForDevOpsGithub	The type of the security offering.

defenderForDevOpsGitLabOffering

The Defender for DevOps for Gitlab offering

Name	Type	Description
description	string	The offering description.
offeringType	string: DefenderForDevOpsGitLab	The type of the security offering.

DefenderForServers

The Defender for servers connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

defenderForServersAwsOffering

The Defender for Servers AWS offering

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
defenderForServers	DefenderForServers	The Defender for servers connection configuration
description	string	The offering description.
mdeAutoProvisioning	MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
offeringType	string: DefenderForServersAws	The type of the security offering.
subPlan	SubPlan	configuration for the servers offering subPlan
vaAutoProvisioning	VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration
vmScanners	VmScanners	The Microsoft Defender for Server VM scanning configuration

defenderForServersGcpOffering

The Defender for Servers GCP offering configurations

Name	Type	Description
arcAutoProvisioning	ArcAutoProvisioning	The ARC autoprovisioning configuration
defenderForServers	DefenderForServers	The Defender for servers connection configuration
description	string	The offering description.
mdeAutoProvisioning	MdeAutoProvisioning	The Microsoft Defender for Endpoint autoprovisioning configuration
offeringType	string: DefenderForServersGcp	The type of the security offering.
subPlan	SubPlan	configuration for the servers offering subPlan
vaAutoProvisioning	VaAutoProvisioning	The Vulnerability Assessment autoprovisioning configuration
vmScanners	VmScanners	The Microsoft Defender for Server VM scanning configuration

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

GcpOrganizationalDataMember

The gcpOrganization data for the member account

Name	Type	Description
managementProjectNumber	string	The GCP management project number from organizational onboarding
organizationMembershipType	string: Member	The multi cloud account's membership type in the organization
parentHierarchyId	string	If the multi cloud account is not of membership type organization, this will be the ID of the project's parent

GcpOrganizationalDataOrganization

The gcpOrganization data for the parent account

Name	Type	Description
excludedProjectNumbers	string[]	If the multi cloud account is of membership type organization, list of accounts excluded from offering
organizationMembershipType	string: Organization	The multi cloud account's membership type in the organization
organizationName	string	GCP organization name
serviceAccountEmailAddress	string	The service account email address which represents the organization level permissions container.
workloadIdentityProviderId	string	The GCP workload identity provider id which represents the permissions required to auto provision security connectors

GcpProjectDetails

The details about the project represented by the security connector

Name	Type	Description
projectId	string	The GCP Project id
projectName	string	GCP project name
projectNumber	string	The unique GCP Project number
workloadIdentityPoolId	string	The GCP workload identity federation pool id

GcpProjectEnvironmentData

The GCP project connector environment data

Name	Type	Description
environmentType	string: GcpProject	The type of the environment data.
organizationalData	GcpOrganizationalData: GcpOrganizationalDataMember GcpOrganizationalDataOrganization	The Gcp project's organizational data
projectDetails	GcpProjectDetails	The Gcp project's details
scanInterval	integer	Scan interval in hours (value should be between 1-hour to 24-hours)

GithubScopeEnvironmentData

The github scope connector's environment data

Name	Type	Description
environmentType	string: GithubScope	The type of the environment data.

GitlabScopeEnvironmentData

The GitLab scope connector's environment data

Name	Type	Description
environmentType	string: GitlabScope	The type of the environment data.

InformationProtection

The native cloud connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

informationProtectionAwsOffering

The information protection for AWS offering

Name	Type	Description
description	string	The offering description.
informationProtection	InformationProtection	The native cloud connection configuration
offeringType	string: InformationProtectionAws	The type of the security offering.

KinesisToS3

The kinesis to s3 connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS used by Kinesis to transfer data into S3

KubernetesScubaReader

The kubernetes to scuba connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature used for reading data

KubernetesService

The kubernetes service connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature used for provisioning resources

MdcContainersAgentlessDiscoveryK8s

The Microsoft Defender container agentless discovery K8s configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
enabled	boolean	Is Microsoft Defender container agentless discovery K8s enabled

MdcContainersImageAssessment

The Microsoft Defender container image assessment configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
enabled	boolean	Is Microsoft Defender container image assessment enabled

MdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration

Name	Type	Description
configuration	mdeAutoProvisioning.Configuration	configuration for Microsoft Defender for Endpoint autoprovisioning
enabled	boolean	Is Microsoft Defender for Endpoint auto provisioning enabled

mdeAutoProvisioning.Configuration

configuration for Microsoft Defender for Endpoint autoprovisioning

NativeCloudConnection

The native cloud connection configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature

Rds

The RDS configuration

Name	Type	Description
cloudRoleArn	string	The cloud role ARN in AWS for this feature
enabled	boolean	Is RDS protection enabled

scanningMode

The scanning mode for the VM scan.

Name	Type	Description
Default	string