⚠️ Akamai Guardicore
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Publisher | Akamai Guardicore Support |
| Support Tier | Partner |
| Support Link | https://www.akamai.com/global-services/support/guardicore-support |
| Categories | Security - Cloud Security,Security - Network |
| Version | 3.0.0 |
| Author | Akamai Guardicore - specialist@akamai.com |
| First Published | 2025-04-23 |
| Solution Folder | Akamai Guardicore |
The Akamai Guardicore solution for Microsoft Sentinel imports Agents, Assets, Applications, Policy Rules, and incident-related connection enrichment data from a Guardicore Centra instance. The data is ingested via the Codeless Connector Framework (CCF) and Data Collection Rules, with no Azure Function App dependency.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Codeless Connector Framework (CCF)
d. Azure Logic Apps (Consumption)
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 6 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
GuardicoreAgents_CL |
Akamai Guardicore | Workbooks |
GuardicoreApplications_CL |
Akamai Guardicore | Workbooks |
GuardicoreAssets_CL |
Akamai Guardicore | - |
GuardicoreEnrichingConnections_CL |
- | Workbooks |
GuardicorePolicyRules_CL |
Akamai Guardicore | Workbooks |
GuardicoreProcessedIncidents_CL |
- | Workbooks |
Content Items
This solution includes 5 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 3 |
| Workbooks | 2 |
Workbooks
| Name | Tables Used |
|---|---|
| GuardicoreIncident | GuardicoreEnrichingConnections_CLGuardicoreProcessedIncidents_CL |
| GuardicoreInfo | GuardicoreAgents_CLGuardicoreApplications_CLGuardicorePolicyRules_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Akamai Guardicore Incident-Enrichment — one-click bootstrap | Deploys the entire Akamai Guardicore incident-enrichment stack in one shot: Storage Account + Guardi... | - |
| Guardicore-EnrichmentRunner | Recurrence-triggered Logic App that drains the GuardicoreConnectionSlots Azure Table work queue, fet... | - |
| Guardicore-ProcessIncidentEnrichment | This playbook reacts to a Microsoft Sentinel incident, computes the 3-slot fan-out over the incident... | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 27-04-2026 | Initial release of the Akamai Guardicore solution as a Codeless Connector Framework (CCF/CCP) solution. Polls Agents, Assets, Applications, and Policy Rules from Guardicore Centra via DCR-based ingestion (no Azure Function App). Includes the Guardicore-ProcessIncidentEnrichment Microsoft Sentinel incident-creation playbook and the Guardicore-EnrichmentRunner recurrence-triggered companion playbook, both implemented natively in Logic Apps. They write to GuardicoreProcessedIncidents_CL and GuardicoreEnrichingConnections_CL via the Logs Ingestion API to a Data Collection Rule using system-assigned managed identity (no workspace shared key required). Two workbooks: Workload Protection Dashboard and Incident Analysis Dashboard. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊