Top / Microsoft Azure / Azure Sentinel / Data Connector Azure Advanced Threat Protection

Azure Sentinel Data Connector Azure Advanced Threat Protection

This page shows how to write Terraform and Azure Resource Manager for Sentinel Data Connector Azure Advanced Threat Protection and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_sentinel_data_connector_azure_advanced_threat_protection (Terraform)

The Data Connector Azure Advanced Threat Protection in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_data_connector_azure_advanced_threat_protection. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Azure Advanced Threat Protection Data Connector. !> NOTE: This resource requires that Enterprise Mobility + Security E5 is enabled on the tenant being connected to.

>> from Terraform Registry

Microsoft.OperationalInsights/workspaces (Azure Resource Manager)

The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbooks.arm.template.statistics.detailed.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.statistics.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbook.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workbookSourceId": {
            "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
AWS_User_Activities.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.rag.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",

Parameters

  • apiVersion required - string
  • eTag optional - string

    The ETag of the workspace.

  • location required - string

    The geo-location where the resource lives

  • name required - string

    The name of the workspace.

  • properties required
      • features optional
          • additionalProperties optional - object

            Unmatched properties from the message are deserialized this collection

          • clusterResourceId optional - string

            Dedicated LA cluster resourceId that is linked to the workspaces.

          • disableLocalAuth optional - boolean

            Disable Non-AAD based Auth.

          • enableDataExport optional - boolean

            Flag that indicate if data should be exported.

          • enableLogAccessUsingOnlyResourcePermissions optional - boolean

            Flag that indicate which permission to use - resource or workspace or both.

          • immediatePurgeDataOn30Days optional - boolean

            Flag that describes if we want to remove the data after 30 days.

      • forceCmkForQuery optional - boolean

        Indicates whether customer managed storage is mandatory for query management.

      • provisioningState optional - string

        The provisioning state of the workspace.

      • publicNetworkAccessForIngestion optional - string

        The network access type for accessing Log Analytics ingestion.

      • publicNetworkAccessForQuery optional - string

        The network access type for accessing Log Analytics query.

      • retentionInDays optional - integer

        The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

      • sku optional
          • capacityReservationLevel optional - integer

            The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.

          • name required - string

            The name of the SKU.

      • workspaceCapping optional
          • dailyQuotaGb optional - number

            The workspace daily quota for ingestion.

  • tags optional - string

    Resource tags.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Sentinel Resources

Frequently asked questions

What is Azure Sentinel Data Connector Azure Advanced Threat Protection?

Azure Sentinel Data Connector Azure Advanced Threat Protection is a resource for Sentinel of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents