Azure Sentinel Data Connector Microsoft Defender Advanced Threat Protection
This page shows how to write Terraform and Azure Resource Manager for Sentinel Data Connector Microsoft Defender Advanced Threat Protection and write them securely.
azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection (Terraform)
The Data Connector Microsoft Defender Advanced Threat Protection in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
log_analytics_workspace_id
- (Required) The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.name
- (Required) The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
tenant_id
- (Optional) The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
-> If unspecified the Tenant ID of the current Subscription will be used
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Microsoft Defender Advanced Threat Protection Data Connector.
Explanation in Terraform Registry
Manages a Microsoft Defender Advanced Threat Protection Data Connector.
Microsoft.OperationalInsights/workspaces (Azure Resource Manager)
The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookSourceId": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
Parameters
apiVersion
required - stringeTag
optional - stringThe ETag of the workspace.
location
required - stringThe geo-location where the resource lives
name
required - stringThe name of the workspace.
properties
requiredfeatures
optionaladditionalProperties
optional - objectUnmatched properties from the message are deserialized this collection
clusterResourceId
optional - stringDedicated LA cluster resourceId that is linked to the workspaces.
disableLocalAuth
optional - booleanDisable Non-AAD based Auth.
enableDataExport
optional - booleanFlag that indicate if data should be exported.
enableLogAccessUsingOnlyResourcePermissions
optional - booleanFlag that indicate which permission to use - resource or workspace or both.
immediatePurgeDataOn30Days
optional - booleanFlag that describes if we want to remove the data after 30 days.
forceCmkForQuery
optional - booleanIndicates whether customer managed storage is mandatory for query management.
provisioningState
optional - stringThe provisioning state of the workspace.
publicNetworkAccessForIngestion
optional - stringThe network access type for accessing Log Analytics ingestion.
publicNetworkAccessForQuery
optional - stringThe network access type for accessing Log Analytics query.
retentionInDays
optional - integerThe workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.
sku
optionalcapacityReservationLevel
optional - integerThe capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.
name
required - stringThe name of the SKU.
workspaceCapping
optionaldailyQuotaGb
optional - numberThe workspace daily quota for ingestion.
tags
optional - stringResource tags.
type
required - string