New data connector kinds (MicrosoftDefenderAdvancedThreatProtection &…

… AzureAdvancedThreatProtection) and added discovery logs to MicrosoftCloudAppSecurity.
Azure · michaeljqzq · Jul 18, 2019 · Jul 11, 2019 · Jul 11, 2019 · Jul 14, 2019
commit 9a47b67c7b324c1290cfff0c4ed2ce6227eb6006
diff --git a/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -924,6 +924,15 @@
           },
           "Get an AAD data connector.": {
             "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json"
+          },
+          "Get an AwsCloudTrail data connector.": {
+            "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json"
+          },
+          "Get an AATP data connector.": {
+            "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json"
+          },
+          "Get a MDATP data connector": {
+            "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json"
           }
         },
         "tags": [
@@ -2224,7 +2233,10 @@
             "AzureSecurityCenter",
             "MicrosoftCloudAppSecurity",
             "ThreatIntelligence",
-            "Office365"
+            "Office365",
+            "AmazonWebServicesCloudTrail",
+            "AzureAdvancedThreatProtection",
+            "MicrosoftDefenderAdvancedThreatProtection"
           ],
           "x-ms-enum": {
             "name": "DataConnectorKind",
@@ -2244,6 +2256,15 @@
               },
               {
                 "value": "Office365"
+              },
+              {
+                "value": "AmazonWebServicesCloudTrail"
+              },
+              {
+                "value": "AzureAdvancedThreatProtection"
+              },
+              {
+                "value": "MicrosoftDefenderAdvancedThreatProtection"
               }
             ]
           }
@@ -2363,6 +2384,52 @@
         }
       }
     },
+    "AwsCloudTrailDataConnector": {
+      "x-ms-discriminator-value": "AmazonWebServicesCloudTrail",
+      "type": "object",
+      "description": "Represents Amazon Web Services CloudTrail data connector.",
+      "allOf": [
+          {
+              "$ref": "#/definitions/DataConnector"
+          }
+      ],
+      "properties": {
+          "properties": {
+              "x-ms-client-flatten": true,
+              "description": "Amazon Web Services CloudTrail data connector properties.",
+              "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties"
+          }
+      }
+   },
+    "AwsCloudTrailDataConnectorProperties": {
+        "type": "object",
+        "description": "Amazon Web Services CloudTrail data connector properties.",
+        "properties": {
+            "awsRoleArn": {
+                "type": "string",
+                "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account."
+            },
+            "dataTypes": {
+                "description": "The available data types for the connector.",
+                "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes"
+            }
+        }
+    },
+    "AwsCloudTrailDataConnectorDataTypes": {
+        "type": "object",
+        "description": "The available data types for Amazon Web Services CloudTrail data connector.",
+        "properties": {
+            "logs": {
+                "type": "object",
+                "description": "Logs data type.",
+                "allOf": [
+                    {
+                        "$ref": "#/definitions/DataConnectorDataTypeCommon"
+                    }
+                ]
+            }
+        }
+    },
     "AADDataConnector": {
       "x-ms-discriminator-value": "AzureActiveDirectory",
       "type": "object",
@@ -2444,6 +2511,90 @@
     "MCASDataConnectorProperties": {
       "type": "object",
       "description": "MCAS (Microsoft Cloud App Security) data connector properties.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnectorTenantId"
+        }],
+        "properties": {
+          "dataTypes": {
+            "description": "The available data types for the connector.",
+            "$ref": "#/definitions/MCASDataConnectorDataTypes"
+          }
+        }
+    },
+    "MCASDataConnectorDataTypes": {
+      "type": "object",
+      "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.",
+      "properties": {
+        "alerts": {
+          "type": "object",
+          "description": "Alerts data type connection.",
+          "allOf": [
+            {
+              "$ref": "#/definitions/DataConnectorDataTypeCommon"
+            }
+          ]
+        },
+        "discoveryLogs": {
+          "type": "object",
+          "description": "Discovery log data type connection.",
+          "allOf": [
+            {
+              "$ref": "#/definitions/DataConnectorDataTypeCommon"
+            }
+          ]
+        }
+      }
+    },
+    "AATPDataConnector": {
+      "x-ms-discriminator-value": "AzureAdvancedThreatProtection",
+      "type": "object",
+      "description": "Represents AATP (Azure Advanced Threat Protection) data connector.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnector"
+        }
+      ],
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "description": "AATP (Azure Advanced Threat Protection) data connector properties.",
+          "$ref": "#/definitions/AATPDataConnectorProperties"
+        }
+      }
+    },
+    "AATPDataConnectorProperties": {
+      "type": "object",
+      "description": "AATP (Azure Advanced Threat Protection) data connector properties.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnectorTenantId"
+        },
+        {
+          "$ref": "#/definitions/DataConnectorWithAlertsProperties"
+        }
+      ]
+    },
+    "MDATPDataConnector": {
+      "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection",
+      "type": "object",
+      "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnector"
+        }
+      ],
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.",
+          "$ref": "#/definitions/MDATPDataConnectorProperties"
+        }
+      }
+    },
+    "MDATPDataConnectorProperties": {
+      "type": "object",
+      "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.",
       "allOf": [
         {
           "$ref": "#/definitions/DataConnectorTenantId"

diff --git a/...review/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/...review/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json
@@ -0,0 +1,29 @@
+{
+  "parameters": {
+      "api-version": "2019-01-01-preview",
+      "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+      "resourceGroupName": "myRg",
+      "workspaceName": "myWorkspace",
+      "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+      "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04"
+  },
+  "responses": {
+      "200": {
+          "body": {
+              "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+              "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
+              "type": "Microsoft.SecurityInsights/dataConnectors",
+              "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+              "kind": "AmazonWebServicesCloudTrail",
+              "properties": {
+                  "awsRoleArn": "myAwsRoleArn",
+                  "dataTypes": {
+                      "logs": {
+                          "state": "Enabled"
+                      }
+                  }
+              }
+          }
+      }
+  }
+}
diff --git a/...view/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/...view/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json
@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44",
+        "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44",
+        "type": "Microsoft.SecurityInsights/dataConnectors",
+        "kind": "AzureAdvancedThreatProtection",
+        "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+        "properties": {
+          "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+          "dataTypes": {
+            "alerts": {
+              "state": "Enabled"
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/...ecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json b/...ecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json
@@ -4,14 +4,14 @@
     "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
     "resourceGroupName": "myRg",
     "workspaceName": "myWorkspace",
-    "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights"
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights"
   },
   "responses": {
     "200": {
       "body": {
         "value": [
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
             "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "AzureSecurityCenter",
@@ -26,7 +26,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
             "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "ThreatIntelligence",
@@ -41,7 +41,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
             "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "AzureActiveDirectory",
@@ -56,7 +56,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
             "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "Office365",
@@ -74,7 +74,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
             "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "MicrosoftCloudAppSecurity",
@@ -84,10 +84,58 @@
               "dataTypes": {
                 "alerts": {
                   "state": "Enabled"
+                },
+                  "discoveryLogs": {
+                    "state": "Enabled"
                 }
               }
             }
+          },
+          {
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44",
+            "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44",
+            "type": "Microsoft.SecurityInsights/dataConnectors",
+            "kind": "AzureAdvancedThreatProtection",
+            "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+            "properties": {
+              "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+              "dataTypes": {
+                "alerts": {
+                  "state": "Enabled"
+                }
+              }
+            }
+          },
+          {
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "type": "Microsoft.SecurityInsights/dataConnectors",
+            "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+            "kind": "AmazonWebServicesCloudTrail",
+            "properties": {
+                "awsRoleArn": "myAwsRoleArn",
+                "dataTypes": {
+                    "logs": {
+                        "state": "Enabled"
+                    }
+                }
+            }
+        },
+        {
+          "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+          "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+          "type": "Microsoft.SecurityInsights/dataConnectors",
+          "kind": "MicrosoftDefenderAdvancedThreatProtection",
+          "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+          "properties": {
+            "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+            "dataTypes": {
+              "alerts": {
+                "state": "Enabled"
+              }
+            }
           }
+        }
         ]
       }
     }

diff --git a/.../preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/.../preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json
@@ -4,13 +4,13 @@
     "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
     "resourceGroupName": "myRg",
     "workspaceName": "myWorkspace",
-    "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
     "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42"
   },
   "responses": {
     "200": {
       "body": {
-        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
         "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42",
         "type": "Microsoft.SecurityInsights/dataConnectors",
         "kind": "MicrosoftCloudAppSecurity",
@@ -20,6 +20,9 @@
           "dataTypes": {
             "alerts": {
               "state": "Enabled"
+            },
+            "discoveryLogs": {
+              "state": "Enabled"
             }
           }
         }