Add data connector kinds AzureAdvancedThreatProtection and MicrosoftDefenderAdvancedThreatProtection.

custom-words.txt

@@ -1524,3 +1524,5 @@ Turbonomic
 Zerto
 Corent
 Carbonite
+AATP
+MDATP

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json

@@ -927,6 +927,12 @@
           },
           "Get an AwsCloudTrail data connector.": {
             "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json"
+          },
+          "Get an AATP data connector.": {
+            "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json"
+          },
+          "Get a MDATP data connector": {
+            "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json"
           }
         },
         "tags": [
@@ -2228,7 +2234,9 @@
             "MicrosoftCloudAppSecurity",
             "ThreatIntelligence",
             "Office365",
-            "AmazonWebServicesCloudTrail"
+            "AmazonWebServicesCloudTrail",
+            "AzureAdvancedThreatProtection",
+            "MicrosoftDefenderAdvancedThreatProtection"
           ],
           "x-ms-enum": {
             "name": "DataConnectorKind",
@@ -2251,6 +2259,12 @@
               },
               {
                 "value": "AmazonWebServicesCloudTrail"
+              },
+              {
+                "value": "AzureAdvancedThreatProtection"
+              },
+              {
+                "value": "MicrosoftDefenderAdvancedThreatProtection"
               }
             ]
           }
@@ -2497,6 +2511,86 @@
     "MCASDataConnectorProperties": {
       "type": "object",
       "description": "MCAS (Microsoft Cloud App Security) data connector properties.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnectorTenantId"
+        }],
+        "properties": {
+          "dataTypes": {
+            "description": "The available data types for the connector.",
+            "$ref": "#/definitions/MCASDataConnectorDataTypes"
+          }
+        }
+    },
+    "MCASDataConnectorDataTypes": {
+      "type": "object",
+      "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/AlertsDataTypeOfDataConnector"
+        }],
+        "properties":
+        {
+          "discoveryLogs": {
+            "type": "object",
+            "description": "Discovery log data type connection.",
+            "allOf": [
+              {
+                "$ref": "#/definitions/DataConnectorDataTypeCommon"
+              }
+            ]
+          }
+        }
+    },
+    "AATPDataConnector": {
+      "x-ms-discriminator-value": "AzureAdvancedThreatProtection",
+      "type": "object",
+      "description": "Represents AATP (Azure Advanced Threat Protection) data connector.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnector"
+        }
+      ],
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "description": "AATP (Azure Advanced Threat Protection) data connector properties.",
+          "$ref": "#/definitions/AATPDataConnectorProperties"
+        }
+      }
+    },
+    "AATPDataConnectorProperties": {
+      "type": "object",
+      "description": "AATP (Azure Advanced Threat Protection) data connector properties.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnectorTenantId"
+        },
+        {
+          "$ref": "#/definitions/DataConnectorWithAlertsProperties"
+        }
+      ]
+    },
+    "MDATPDataConnector": {
+      "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection",
+      "type": "object",
+      "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/DataConnector"
+        }
+      ],
+      "properties": {
+        "properties": {
+          "x-ms-client-flatten": true,
+          "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.",
+          "$ref": "#/definitions/MDATPDataConnectorProperties"
+        }
+      }
+    },
+    "MDATPDataConnectorProperties": {
+      "type": "object",
+      "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.",
       "allOf": [
         {
           "$ref": "#/definitions/DataConnectorTenantId"

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json

@@ -4,7 +4,7 @@
         "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
         "resourceGroupName": "myRg",
         "workspaceName": "myWorkspace",
-        "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights",
+        "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
         "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04"
     },
     "responses": {

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44",
+        "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44",
+        "type": "Microsoft.SecurityInsights/dataConnectors",
+        "kind": "AzureAdvancedThreatProtection",
+        "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+        "properties": {
+          "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+          "dataTypes": {
+            "alerts": {
+              "state": "Enabled"
+            }
+          }
+        }
+      }
+    }
+  }
+}

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json

@@ -4,14 +4,14 @@
     "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
     "resourceGroupName": "myRg",
     "workspaceName": "myWorkspace",
-    "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights"
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights"
   },
   "responses": {
     "200": {
       "body": {
         "value": [
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
             "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "AzureSecurityCenter",
@@ -26,7 +26,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
             "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "ThreatIntelligence",
@@ -41,7 +41,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
             "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "AzureActiveDirectory",
@@ -56,7 +56,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
             "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "Office365",
@@ -74,7 +74,7 @@
             }
           },
           {
-            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
             "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42",
             "type": "Microsoft.SecurityInsights/dataConnectors",
             "kind": "MicrosoftCloudAppSecurity",
@@ -84,10 +84,58 @@
               "dataTypes": {
                 "alerts": {
                   "state": "Enabled"
+                },
+                  "discoveryLogs": {
+                    "state": "Enabled"
                 }
               }
             }
+          },
+          {
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44",
+            "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44",
+            "type": "Microsoft.SecurityInsights/dataConnectors",
+            "kind": "AzureAdvancedThreatProtection",
+            "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+            "properties": {
+              "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+              "dataTypes": {
+                "alerts": {
+                  "state": "Enabled"
+                }
+              }
+            }
+          },
+          {
+            "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
+            "type": "Microsoft.SecurityInsights/dataConnectors",
+            "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+            "kind": "AmazonWebServicesCloudTrail",
+            "properties": {
+                "awsRoleArn": "myAwsRoleArn",
+                "dataTypes": {
+                    "logs": {
+                        "state": "Enabled"
+                    }
+                }
+            }
+        },
+        {
+          "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+          "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+          "type": "Microsoft.SecurityInsights/dataConnectors",
+          "kind": "MicrosoftDefenderAdvancedThreatProtection",
+          "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+          "properties": {
+            "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+            "dataTypes": {
+              "alerts": {
+                "state": "Enabled"
+              }
+            }
           }
+        }
         ]
       }
     }

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json

@@ -4,13 +4,13 @@
     "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
     "resourceGroupName": "myRg",
     "workspaceName": "myWorkspace",
-    "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
     "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42"
   },
   "responses": {
     "200": {
       "body": {
-        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42",
         "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42",
         "type": "Microsoft.SecurityInsights/dataConnectors",
         "kind": "MicrosoftCloudAppSecurity",
@@ -20,6 +20,9 @@
           "dataTypes": {
             "alerts": {
               "state": "Enabled"
+            },
+            "discoveryLogs": {
+              "state": "Enabled"
             }
           }
         }

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+        "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b",
+        "type": "Microsoft.SecurityInsights/dataConnectors",
+        "kind": "MicrosoftDefenderAdvancedThreatProtection",
+        "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+        "properties": {
+          "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8",
+          "dataTypes": {
+            "alerts": {
+              "state": "Enabled"
+            }
+          }
+        }
+      }
+    }
+  }
+}