The azure-native:securityinsights:ASCDataConnector resource, part of the Pulumi Azure Native provider, registers an Azure Security Center (Microsoft Defender for Cloud) data connector within a Microsoft Sentinel workspace. This guide focuses on one capability: connecting Defender for Cloud alerts to Sentinel.
Data connectors belong to a Sentinel workspace and reference a resource group. The example is intentionally minimal. Extend it with dataTypes filtering or cross-subscription configuration for more complex scenarios.
Connect Azure Security Center alerts to Sentinel
Security teams consolidate alerts from Microsoft Defender for Cloud into Sentinel for unified threat detection and response.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const ascDataConnector = new azure_native.securityinsights.ASCDataConnector("ascDataConnector", {
dataConnectorId: "c345bf40-8509-4ed2-b947-50cb773aaf04",
resourceGroupName: "myRg",
workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
asc_data_connector = azure_native.securityinsights.ASCDataConnector("ascDataConnector",
data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04",
resource_group_name="myRg",
workspace_name="myWorkspace")
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewASCDataConnector(ctx, "ascDataConnector", &securityinsights.ASCDataConnectorArgs{
DataConnectorId: pulumi.String("c345bf40-8509-4ed2-b947-50cb773aaf04"),
ResourceGroupName: pulumi.String("myRg"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var ascDataConnector = new AzureNative.SecurityInsights.ASCDataConnector("ascDataConnector", new()
{
DataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04",
ResourceGroupName = "myRg",
WorkspaceName = "myWorkspace",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ASCDataConnector;
import com.pulumi.azurenative.securityinsights.ASCDataConnectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ascDataConnector = new ASCDataConnector("ascDataConnector", ASCDataConnectorArgs.builder()
.dataConnectorId("c345bf40-8509-4ed2-b947-50cb773aaf04")
.resourceGroupName("myRg")
.workspaceName("myWorkspace")
.build());
}
}
resources:
ascDataConnector:
type: azure-native:securityinsights:ASCDataConnector
properties:
dataConnectorId: c345bf40-8509-4ed2-b947-50cb773aaf04
resourceGroupName: myRg
workspaceName: myWorkspace
The dataConnectorId provides a unique identifier for this connector instance. The workspaceName and resourceGroupName specify where the connector is registered. Once created, Defender for Cloud alerts flow into the Sentinel workspace automatically.
Beyond these examples
This snippet focuses on data connector registration. It’s intentionally minimal rather than a full security operations deployment.
The example references pre-existing infrastructure such as a Microsoft Sentinel workspace and resource group. It focuses on connector configuration rather than provisioning the workspace itself.
To keep things focused, connector-level patterns are omitted, including:
- Data type filtering (dataTypes property)
- Cross-subscription connections (subscriptionId property)
- Connector state management (etag for concurrency)
These omissions are intentional: the goal is to illustrate how the data connector is wired, not provide a drop-in security module. See the ASCDataConnector resource reference for all available configuration options.
Let's configure Azure Security Center Data Connectors
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Setup
kind (must be ‘AzureSecurityCenter’), dataConnectorId, resourceGroupName, and workspaceName. The resourceGroupName is case insensitive.ASCDataConnector resource type. The different titles reference various use cases, but the resource configuration is identical across all examples.subscriptionId (the subscription to connect to and get data from) and dataTypes (available data types for the connector).Resource Management
dataConnectorId, resourceGroupName, and workspaceName. Changing any of these requires replacing the resource./subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}