Azure Sentinel Data Connector Microsoft Defender Advanced Threat Protection

This page shows how to write Terraform and Azure Resource Manager for Sentinel Data Connector Microsoft Defender Advanced Threat Protection and write them securely.

azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection (Terraform)

The Data Connector Microsoft Defender Advanced Threat Protection in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • log_analytics_workspace_id - (Required) The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

  • name - (Required) The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.


  • tenant_id - (Optional) The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

-> If unspecified the Tenant ID of the current Subscription will be used

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Microsoft Defender Advanced Threat Protection Data Connector.

Explanation in Terraform Registry

Manages a Microsoft Defender Advanced Threat Protection Data Connector.

Microsoft.OperationalInsights/workspaces (Azure Resource Manager)

The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbooks.arm.template.statistics.detailed.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.statistics.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbook.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workbookSourceId": {
            "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
AWS_User_Activities.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.rag.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",

Parameters

  • apiVersion required - string
  • eTag optional - string

    The ETag of the workspace.

  • location required - string

    The geo-location where the resource lives

  • name required - string

    The name of the workspace.

  • properties required
      • features optional
          • additionalProperties optional - object

            Unmatched properties from the message are deserialized this collection

          • clusterResourceId optional - string

            Dedicated LA cluster resourceId that is linked to the workspaces.

          • disableLocalAuth optional - boolean

            Disable Non-AAD based Auth.

          • enableDataExport optional - boolean

            Flag that indicate if data should be exported.

          • enableLogAccessUsingOnlyResourcePermissions optional - boolean

            Flag that indicate which permission to use - resource or workspace or both.

          • immediatePurgeDataOn30Days optional - boolean

            Flag that describes if we want to remove the data after 30 days.

      • forceCmkForQuery optional - boolean

        Indicates whether customer managed storage is mandatory for query management.

      • provisioningState optional - string

        The provisioning state of the workspace.

      • publicNetworkAccessForIngestion optional - string

        The network access type for accessing Log Analytics ingestion.

      • publicNetworkAccessForQuery optional - string

        The network access type for accessing Log Analytics query.

      • retentionInDays optional - integer

        The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

      • sku optional
          • capacityReservationLevel optional - integer

            The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.

          • name required - string

            The name of the SKU.

      • workspaceCapping optional
          • dailyQuotaGb optional - number

            The workspace daily quota for ingestion.

  • tags optional - string

    Resource tags.

  • type required - string

Frequently asked questions

What is Azure Sentinel Data Connector Microsoft Defender Advanced Threat Protection?

Azure Sentinel Data Connector Microsoft Defender Advanced Threat Protection is a resource for Sentinel of Microsoft Azure. Settings can be wrote in Terraform.