CYFIRMA Attack Surface

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index

Attribute Value
Connector ID CyfirmaAttackSurfaceAlertsConnector
Publisher Microsoft
Used in Solutions Cyfirma Attack Surface
Collection Method CCF
Connector Definition Files CyfirmaASAlerts_DataConnectorDefinition.json
DCR Definition Files CyfirmaASAlerts_DCR.json
CCF Configuration CyfirmaASAlerts_PollerConfig.json
CCF Capabilities APIKey
Microsoft Learn View on Learn

Tables Ingested

This connector ingests data into the following tables:

Table Transformations Ingestion API Lake-Only
CyfirmaASCertificatesAlerts_CL
CyfirmaASCloudWeaknessAlerts_CL
CyfirmaASConfigurationAlerts_CL
CyfirmaASDomainIPReputationAlerts_CL
CyfirmaASDomainIPVulnerabilityAlerts_CL
CyfirmaASOpenPortsAlerts_CL

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. CYFIRMA Attack Surface

Connect to CYFIRMA Attack Surface to ingest alerts into Microsoft Sentinel. This connector uses the DeCYFIR/DeTCT API to retrieve logs and supports DCR-based ingestion time transformations, parsing security data into custom tables during ingestion. This eliminates the need for query-time parsing, enhancing performance and efficiency.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index