Skip to content

Migrate WithSecure connector to codeless solution#14256

Merged
v-atulyadav merged 5 commits into
Azure:masterfrom
gloo-shock:master
Jul 1, 2026
Merged

Migrate WithSecure connector to codeless solution#14256
v-atulyadav merged 5 commits into
Azure:masterfrom
gloo-shock:master

Conversation

@gloo-shock

Copy link
Copy Markdown
Contributor

WithSecureElementsCCF (Codeless Connector Framework)

  • Replace Azure Function-based data connector with native CCP/CCF poller (ConnectorDefinition, PollerConfig, DCR, Table)
  • Remove Azure Function, Storage Account, Key Vault dependencies and all related Python code
  • Update solution description, createUiDefinition, and mainTemplate to reflect CCF architecture
  • Bump solution version from 3.0.2 to 4.0.0

Reason for Change(s):

  • CCF provides a fully SaaS connector deployment with no customer-managed infrastructure (Azure Function, Storage Account, Key Vault)
  • Reduces operational complexity and cost for customers
  • Aligns with Microsoft Sentinel's recommended connector pattern for REST API-based integrations

Version Updated:

  • Yes, 3.0.2 → 4.0.0 (major version bump due to architectural change)

Testing Completed:

  • Yes — connector definition, poller config, DCR, and table validated via createSolutionV3.ps1 packager
  • ARM-TTK: 48/49 passed (1 known "IDs Should Be Derived From ResourceIDs" failure, standard for CCP solutions)
  • Package 4.0.0.zip generated successfully

Checked that the validations are passing and have addressed any issues that are present:

  • Yes — only the known ARM-TTK IDs-derived-from-ResourceIDs warning remains, which is expected for CCP connector templates

@gloo-shock gloo-shock requested review from a team as code owners May 12, 2026 10:01
@v-maheshbh v-maheshbh added the Solution Solution specialty review needed label May 12, 2026
@v-shukore v-shukore requested a review from Copilot May 13, 2026 07:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Migrates the WithSecure Elements connector from an Azure Function-based deployment to a Codeless Connector Framework (CCF)/CCP-based REST poller solution, targeting a SaaS-style deployment and bumping the solution major version.

Changes:

  • Removed the legacy Azure Function connector (ARM template, Python poller code, requirements) under WithSecureElementsViaFunction.
  • Added new CCF/CCP assets (connector definition, poller config, DCR, custom table) and updated packaged templates/UI for WithSecureElementsCCF.
  • Updated solution metadata and release notes to reflect the new architecture and version 4.0.0.

Reviewed changes

Copilot reviewed 21 out of 31 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
Solutions/WithSecureElementsViaFunction/Package/mainTemplate.json Removes legacy packaged ARM deployment for the Function-based solution.
Solutions/WithSecureElementsViaFunction/Data/Solution_WithSecureElementsViaFunction.json Removes legacy solution data definition (Function-based).
Solutions/WithSecureElementsViaFunction/Data Connectors/requirements.txt Removes Python dependencies tied to the Function-based connector.
Solutions/WithSecureElementsViaFunction/Data Connectors/azuredeploy_Connector_WithSecureElements_AzureFunction.json Removes ARM template that deployed Function/Storage/DCR for legacy connector.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsViaFunction.json Removes legacy GenericUI data connector definition.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/ws_connector.py Removes legacy polling/ingestion implementation.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/withsecure_client.py Removes legacy WithSecure API client implementation.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/log_ingestion_api.py Removes legacy Log Ingestion API wrapper.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/events_formatter.py Removes legacy event normalization for custom table schema.
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/lib/azure_storage_table.py Removes legacy state persistence (Azure Table).
Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsAzureFunction/function_app.py Removes the Azure Functions entrypoint/timer schedule.
Solutions/WithSecureElementsCCF/SolutionMetadata.json Updates publish metadata date for the new CCF-based release.
Solutions/WithSecureElementsCCF/ReleaseNotes.md Adds a 4.0.0 entry describing the CCF migration.
Solutions/WithSecureElementsCCF/Package/testParameters.json Adds parameters used by the new packaged template (RG/subscription).
Solutions/WithSecureElementsCCF/Package/mainTemplate.json Adds the new packaged template that installs CCF connector definition + DCR/table + connections template.
Solutions/WithSecureElementsCCF/Package/createUiDefinition.json Updates installer UX text/links for the new WithSecureElementsCCF solution.
Solutions/WithSecureElementsCCF/Data/Solution_WithSecureElementsCCF.json Adds new solution data file for the CCF-based solution.
Solutions/WithSecureElementsCCF/Data Connectors/WithSecureElementsCCP/WithSecureElements_Table.json Adds custom table schema for WsSecurityEvents_CL.
Solutions/WithSecureElementsCCF/Data Connectors/WithSecureElementsCCP/WithSecureElements_PollerConfig.json Adds poller configuration for the REST API poller.
Solutions/WithSecureElementsCCF/Data Connectors/WithSecureElementsCCP/WithSecureElements_DCR.json Adds DCR with transformKql to normalize raw events into WsSecurityEvents_CL.
Solutions/WithSecureElementsCCF/Data Connectors/WithSecureElementsCCP/WithSecureElements_ConnectorDefinition.json Adds the connector definition (UI config + auth/input fields).

Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/Package/mainTemplate.json
Comment thread Solutions/WithSecureElementsCCF/ReleaseNotes.md Outdated
Comment thread Solutions/WithSecureElementsCCF/Data/Solution_WithSecureElementsCCF.json Outdated
Comment thread Solutions/WithSecureElementsCCF/Data/Solution_WithSecureElementsCCF.json Outdated
@gloo-shock

Copy link
Copy Markdown
Contributor Author

@v-shukore @v-maheshbh any update or any action needed from me?

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, we noticed that in this PR you created the 4.0.0 package version. Currently, we do not support that version, so please use the V3 tool to package the solution and create it with version 3.0.0.
https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md
Additionally, we observed that you deleted the entire solution with the data connector. Could you please confirm if you removed the connector for a specific reason and if you obtained approval from the Sentinel partner teams before deleting the solution? because which user already using this connector, they could face the issue if we merged deleted connector PR. Thanks!

@gloo-shock

Copy link
Copy Markdown
Contributor Author

Hi @gloo-shock, we noticed that in this PR you created the 4.0.0 package version. Currently, we do not support that version, so please use the V3 tool to package the solution and create it with version 3.0.0. https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/README.md Additionally, we observed that you deleted the entire solution with the data connector. Could you please confirm if you removed the connector for a specific reason and if you obtained approval from the Sentinel partner teams before deleting the solution? because which user already using this connector, they could face the issue if we merged deleted connector PR. Thanks!

Hi @v-shukore ,
Thanks for the feedback! I have changed the offer id to a new one, so we could keep the old solution in marketplace during transition, Also the version is now 3.0.0

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, we observed that you deleted the entire solution with the data connector. Could you please confirm if you removed the connector for a specific reason and if you obtained approval from the Sentinel partner teams before deleting the solution? because which user already using this connector, they could face the issue if we merged deleted connector PR. Thanks!

v-shukore
v-shukore previously approved these changes Jun 12, 2026
@gloo-shock

Copy link
Copy Markdown
Contributor Author

Hi @gloo-shock, we observed that you deleted the entire solution with the data connector. Could you please confirm if you removed the connector for a specific reason and if you obtained approval from the Sentinel partner teams before deleting the solution? because which user already using this connector, they could face the issue if we merged deleted connector PR. Thanks!

Hi @v-shukore ,
I've removed the solution code, is it so that the solution remains available in the marketplace? If so, then the removal was done by design. Please let me know if I need to keep something in the repo to keep the old solution available (as deprecated) for customers

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, if you want to keep this solution in the repo for existing users, you can add a note indicating that this solution is deprecated and will not be available for much longer due to our migration to the CCF connector over function app connector but do not delete the entire solution. If you have any further questions, please check with the Sentinel partner team at AzureSentinelPartner@microsoft.com to discuss available options. Thanks!!

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, have you connected with app assure team regarding this? Thanks!

@gloo-shock

Copy link
Copy Markdown
Contributor Author

Hi @gloo-shock, if you want to keep this solution in the repo for existing users, you can add a note indicating that this solution is deprecated and will not be available for much longer due to our migration to the CCF connector over function app connector but do not delete the entire solution. If you have any further questions, please check with the Sentinel partner team at AzureSentinelPartner@microsoft.com to discuss available options. Thanks!!

Hi @v-shukore ,
I've restored the old solution and created a new version package with deprecation note (not sure if that's the best way to inform the customers, let me know if there's another way).
Please confirm that with this configuration the old solution will still exist and the new one appears after merge and the offer creation process.

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, thanks for the update now its look good.

@v-shukore

Copy link
Copy Markdown
Contributor

Hi @gloo-shock, please add workbook preview images to below location.
https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks/Images
Also, create workbookmetadata for your workbook which is present in this new solution to below location.
https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

@gloo-shock gloo-shock requested a review from a team as a code owner June 30, 2026 07:59
@gloo-shock

Copy link
Copy Markdown
Contributor Author

Hi @gloo-shock, please add workbook preview images to below location. https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks/Images Also, create workbookmetadata for your workbook which is present in this new solution to below location. https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json

Hi @v-shukore
I've added new solution dependency to workbook metadata.
As for workbook images, WithSecureTopComputersByInfectionsBlack.png and
WithSecureTopComputersByInfectionsWhite.png are unchanged

@v-atulyadav v-atulyadav merged commit c0cf478 into Azure:master Jul 1, 2026
33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Solution Solution specialty review needed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants