az security security-connector
This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Manage cloud security posture management (CSPM) and cloud workload protection (CWP) across multicloud resources.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az security security-connector create |
Create a security connector. |
Core | Preview |
| az security security-connector delete |
Delete a security connector. |
Core | Preview |
| az security security-connector devops |
DevOps configuration and operations. |
Core | Preview |
| az security security-connector devops azuredevopsorg |
AzureDevOps Organizations. |
Core | Preview |
| az security security-connector devops azuredevopsorg create |
Create monitored Azure DevOps organization details. |
Core | Preview |
| az security security-connector devops azuredevopsorg list |
List Azure DevOps organizations onboarded to the connector. |
Core | Preview |
| az security security-connector devops azuredevopsorg project |
Azure DevOps projects. |
Core | Preview |
| az security security-connector devops azuredevopsorg project create |
Create a monitored Azure DevOps project resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project list |
List Azure DevOps projects onboarded to the connector. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo |
Azure DevOps repositories. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo create |
Create a monitored Azure DevOps repository resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo list |
List Azure DevOps repositories onboarded to the connector. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo show |
Get a monitored Azure DevOps repository resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo update |
Update a monitored Azure DevOps repository resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project repo wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
| az security security-connector devops azuredevopsorg project show |
Get a monitored Azure DevOps project resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project update |
Update a monitored Azure DevOps project resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg project wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
| az security security-connector devops azuredevopsorg show |
Get a monitored Azure DevOps organization resource. |
Core | Preview |
| az security security-connector devops azuredevopsorg update |
Update monitored Azure DevOps organization details. |
Core | Preview |
| az security security-connector devops azuredevopsorg wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
| az security security-connector devops create |
Create a DevOps Configuration. |
Core | Experimental |
| az security security-connector devops delete |
Delete a DevOps Connector. |
Core | Preview |
| az security security-connector devops githubowner |
GitHub Owners. |
Core | Preview |
| az security security-connector devops githubowner list |
List a list of GitHub owners onboarded to the connector. |
Core | Preview |
| az security security-connector devops githubowner repo |
GitHub repositories. |
Core | Preview |
| az security security-connector devops githubowner repo list |
List GitHub repositories onboarded to the connector. |
Core | Preview |
| az security security-connector devops githubowner repo show |
Get a monitored GitHub repository. |
Core | Preview |
| az security security-connector devops githubowner show |
Get a monitored GitHub owner. |
Core | Preview |
| az security security-connector devops gitlabgroup |
GitLab Groups. |
Core | Preview |
| az security security-connector devops gitlabgroup list |
List GitLab groups onboarded to the connector. |
Core | Preview |
| az security security-connector devops gitlabgroup list-subgroups |
Gets nested subgroups of given GitLab Group which are onboarded to the connector. |
Core | Preview |
| az security security-connector devops gitlabgroup project |
GitLab Projects (Repositories). |
Core | Preview |
| az security security-connector devops gitlabgroup project list |
List GitLab projects that are directly owned by given group and onboarded to the connector. |
Core | Preview |
| az security security-connector devops gitlabgroup project show |
Get a monitored GitLab Project resource for a given fully-qualified group name and project name. |
Core | Preview |
| az security security-connector devops gitlabgroup show |
Get a monitored GitLab Group resource for a given fully-qualified name. |
Core | Preview |
| az security security-connector devops list-available-azuredevopsorgs |
Returns a list of all Azure DevOps organizations accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
| az security security-connector devops list-available-githubowners |
Returns a list of all GitHub owners accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
| az security security-connector devops list-available-gitlabgroups |
Returns a list of all GitLab groups accessible by the user token consumed by the connector. Returns 401 if connector was created by different user or identity. |
Core | Preview |
| az security security-connector devops show |
Get a DevOps Configuration. |
Core | Preview |
| az security security-connector devops update |
Update a DevOps Configuration. |
Core | Experimental |
| az security security-connector devops wait |
Place the CLI in a waiting state until a condition is met. |
Core | Preview |
| az security security-connector list |
List all the security connectors in the specified subscription. |
Core | Preview |
| az security security-connector show |
Get details of a specific security connector. |
Core | Preview |
| az security security-connector update |
Update a security connector. |
Core | Preview |
az security security-connector create
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create a security connector.
az security security-connector create --name --security-connector-name
--resource-group
[--environment-data]
[--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
[--hierarchy-identifier]
[--___location]
[--offerings]
[--tags]Examples
Onboard AWS Environment with CspmMonitor Offering
az security security-connectors create --___location EastUS --name awsConnector --resource-group myResourceGroup --hierarchy-identifier 123456789555 --environment-name AWS --offerings [0].cspm-monitor-aws.native_cloud_connection.cloudRoleArn='arn:aws:iam::123456789555:role/CspmMonitorAws' --environment-data aws-account.scan-interval=24 aws-account.organizational-data.organization.stackset-name=myStackName aws-account.organizational-data.organization.excluded-account-ids="['100000000000', '100000000001']"Onboard GCP Environment with CspmMonitor and DefenderCSPM Offerings
az security security-connectors create --___location EastUS --name gcpConnector --resource-group myResourceGroup --hierarchy-identifier 123456555 --environment-name GCP --environment-data gcp-project.scan-interval=12 gcp-project.project-details.project-id=mdc-mgmt-proj-123456555 gcp-project.project-details.project-number=123456555 gcp-project.organizational-data.organization.service-account-email-address="mdc-onboarding-sa@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" gcp-project.organizational-data.organization.workload-identity-provider-id=auto-provisioner gcp-project.organizational-data.organization.excluded-project-numbers=[] --offerings [0].cspm-monitor-gcp.native-cloud-connection.service-account-email-address="microsoft-defender-cspm@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [0].cspm-monitor-gcp.native-cloud-connection.workload-identity-provider-id=cspm [1].defender-cspm-gcp.vm-scanners.enabled=true [1].defender-cspm-gcp.vm-scanners.configuration.scanning-mode=Default [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.enabled=true [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.service-account-email-address="mdc-containers-k8s-operator@mdc-mgmt-proj-123456555.iam.gserviceaccount.com" [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.azure-active-directory-app-name=mciem-gcp-oidc-app [1].defender-cspm-gcp.mdc-containers-agentless-discovery-k8s.workload-identity-provider-id=containers [1].defender-cspm-gcp.ciem-discovery.workload-identity-provider-id=ciem-discovery [1].defender-cspm-gcp.ciem-discovery.service-account-email-address="microsoft-defender-ciem@mdc-mgmt-proj-123456555.iam.gserviceaccount.com"Onboard AzureDevOps Environment
az security security-connectors create --___location CentralUS --name adoConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d98 --environment-name AzureDevOps --environment-data azuredevops-scope='{}' --offerings [0].cspm-monitor-azuredevops='{}'Onboard GitHub Environment
az security security-connectors create --___location CentralUS --name githubConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d95 --environment-name GitHub --environment-data github-scope='{}' --offerings [0].cspm-monitor-github='{}'Onboard GitLab Environment
az security security-connectors create --___location CentralUS --name gitlabConnector --resource-group myResourceGroup --hierarchy-identifier 8b090c71-cfba-494d-87a6-e10b321a0d93 --environment-name GitLab --environment-data gitlab-scope='{}' --offerings [0].cspm-monitor-gitlab='{}'Required Parameters
The security connector name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The multi cloud resource's cloud name.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | AWS, Azure, AzureDevOps, GCP, GitLab, Github |
The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector, GUID in case DevOps connector).
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Location where the resource is stored.
| Property | Value |
|---|---|
| Parameter group: | SecurityConnector Arguments |
A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | SecurityConnector Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security security-connector delete
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete a security connector.
az security security-connector delete [--ids]
[--name --security-connector-name]
[--resource-group]
[--subscription]
[--yes]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The security connector name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security security-connector list
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List all the security connectors in the specified subscription.
az security security-connector list [--max-items]
[--next-token]
[--resource-group]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security security-connector show
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get details of a specific security connector.
az security security-connector show [--ids]
[--name --security-connector-name]
[--resource-group]
[--subscription]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The security connector name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security security-connector update
Command group 'az security security-connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a security connector.
az security security-connector update [--add]
[--environment-data]
[--environment-name {AWS, Azure, AzureDevOps, GCP, GitLab, Github}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--___location]
[--name --security-connector-name]
[--offerings]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The security connector environment data. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The multi cloud resource's cloud name.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | AWS, Azure, AzureDevOps, GCP, GitLab, Github |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Location where the resource is stored.
| Property | Value |
|---|---|
| Parameter group: | SecurityConnector Arguments |
The security connector name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
A collection of offerings for the security connector. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
A list of key value pairs that describe the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | SecurityConnector Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
