⚠️ 42Crunch API Protection

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

42Crunch API Protection Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Solutions Index

Attribute Value
Publisher 42Crunch API Protection
Support Tier Partner
Support Link https://42crunch.com/
Categories Security - Threat Protection
Version 3.0.1
Author 42Crunch - plugins@42crunch.com
First Published 2022-09-21
Solution Folder 42Crunch API Protection

The 42Crunch API Protection solution protects APIs by installing a microfirewall inline with the API server. Access logs from the microfirewall are emitted to Microsoft Sentinel allowing analysis and investigation of attacks.

Contents

Data Connectors

This solution provides 2 data connector(s):

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 2 table(s):

Table Used By Connectors Used By Content
FortyTwoCrunchAPIProtectionV2_CL 42Crunch API Protection (Push Connector via Codeless Connector Framework) Analytics, Workbooks
apifirewall_log_1_CL 🔶 API Protection Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 13 content item(s):

Content Type Count
Analytic Rules 11
Workbooks 1
Parsers 1

Analytic Rules

Name Severity Tactics Tables Used
API - API Scraping High Reconnaissance, Collection FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Account Takeover High CredentialAccess, Discovery FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Anomaly Detection Low Reconnaissance FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - BOLA Medium Exfiltration FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Invalid host access Low Reconnaissance FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - JWT validation Low InitialAccess, CredentialAccess FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Kiterunner detection Medium Reconnaissance, Discovery FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Password Cracking High CredentialAccess FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Rate limiting Low Discovery, InitialAccess FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Rate limiting Medium Impact FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL
API - Suspicious Login High CredentialAccess, InitialAccess FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL

Workbooks

Name Tables Used
42CrunchAPIProtectionWorkbook FortyTwoCrunchAPIProtectionV2_CL
apifirewall_log_1_CL

Parsers

Name Description Tables Used
FortyTwoCrunchAPIProtection - FortyTwoCrunchAPIProtectionV2_CL (read)
apifirewall_log_1_CL (read)

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.0.1 25-05-2026 Added CCF Push Data Connector (OAuth2/Entra ID via DCE/DCR) alongside legacy connector; added backward-compatible Parser (FortyTwoCrunchAPIProtection) supporting both apifirewall_log_1_CL and FortyTwoCrunchAPIProtectionV2_CL schemas. Updated all 11 Analytic Rules to use the parser alias and PascalCase column names, added Migration Guide with end-to-end validated ccf-forwarder sample deployment, and refreshed Workbook metadata.
3.0.0 15-07-2024 Missing Tactics and Techniques added

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Solutions Index