Open davidlife52 opened 2 years ago
@davidlife52 Thank you for submitting this! Looking into the latest stable version of sentinel API, looks like all of the DCs defined are supported:
Would you please kindly point out the API definitions for above resources that want to be supported?
I learned that Microsoft changed some connector names. In their API definition, they are still using the old names. For people like me, who do not know old names for the data connectors, this link should help. https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/advanced-hunting-product-name-changes/ba-p/2009233 Microsoft Defender for Endpoint is already implemented as azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection. Microsoft Defender for Cloud Apps is as well implemented as azurerm_sentinel_data_connector_microsoft_cloud_app_security. Microsoft Defender for Identity is also implemented as azurerm_sentinel_data_connector_azure_advanced_threat_protection.
All that's left is:
I couldn't find the Windows Security Events for AMA, but for Defender for Office 365 it used to be called Office 365 Advanced Threat Protection. The definition: https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/data-connectors/create-or-update?tabs=HTTP#officeatpdataconnector.
Still missing modules for
@magodo is there any update on this? I have been having issues deploying out connectors. A couple of times it has failed then I deploy again and it shows up. Some of the recent errors, I have received are below.
Error: Provider produced inconsistent result after apply │ │ When applying changes to module.sentinel.azurerm_sentinel_data_connector_azure_active_directory.aad, provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.
│ Error: Provider produced inconsistent result after apply │ │ When applying changes to module.sentinel.azurerm_sentinel_data_connector_microsoft_cloud_app_security.microsoft_cloud_app_security, provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.
Error: Provider produced inconsistent result after apply
│
│ When applying changes to module.sentinel.azurerm_sentinel_data_connector_azure_advanced_threat_protection.aad_advanced_threat_protection, provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
│ Error: creating Data Connector: (Name "microsoft_defender_advanced_threat_protection" / Workspace Name "law-sentinel-eastus" / Resource Group "rg-law-sentinel-eastus"): securityinsight.DataConnectorsClient#CreateOrUpdate: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="InvalidLicense" Message="Missing consent" │ │ with module.sentinel.azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection.microsoft_defender_advanced_threat_protection, │ on modules\connectors.tf line 53, in resource "azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection" "microsoft_defender_advanced_threat_protection": │ 53: resource "azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection" "microsoft_defender_advanced_threat_protection" { │
Ping @ziyeqf
Is there an existing issue for this?
Community Note
Description
Support stable sentinel data connector resources.
New or Affected Resource(s)/Data Source(s)
azurerm_sentinel_data_connector_microsoft_defender_for_endpoint azurerm_sentinel_data_connector_microsoft_defender_for_office365 azurerm_sentinel_data_connector_microsoft_defender_for_identity azurerm_sentinel_data_connector_microsoft_defender_for_cloud_apps azurerm_sentinel_data_connector_azure_ad_identity_protection