Contrast ADR for Azure Sentinel

Solution: ContrastADR

ContrastADR Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Contrast Security
Support Tier	Partner
Support Link	https://support.contrastsecurity.com/hc/en-us
Categories	domains
Version	3.1.0
Author	Contrast Security
First Published	2025-01-18
Last Updated	2026-01-22
Solution Folder	ContrastADR
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Contrast Security solution for Microsoft Sentinel enables you to ingest [Contrast Security events] generated using the Contrast Webhook ,

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s) (plus 1 discovered⚠️):

ContrastADR ⚠️ 🔶
Contrast ADR Push Connector

🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 4 table(s):

Table	Used By Connectors	Used By Content
`ContrastADRAttackEvents_CL`	Contrast ADR Push Connector	Analytics, Workbooks
`ContrastADRIncident_CL` 🔶	ContrastADR	-
`ContrastADRIncidents_CL`	Contrast ADR Push Connector	Analytics
`ContrastADR_CL` 🔶	ContrastADR	-

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 17 content item(s):

Content Type	Count
Workbooks	9
Analytic Rules	6
Parsers	2

Analytic Rules

Name	Severity	Tactics	Tables Used
Contrast ADR - DLP SQL Injection Correlation	High	InitialAccess, CredentialAccess, Collection, Exfiltration, CommandAndControl, Reconnaissance, CredentialAccess, LateralMovement, Discovery	`ContrastADRAttackEvents_CL`
Contrast ADR - EDR Alert Correlation	Medium	Execution, DefenseEvasion, InitialAccess, CommandAndControl	`ContrastADRAttackEvents_CL` `ContrastADRIncidents_CL`
Contrast ADR - Exploited Attack Event	High	InitialAccess, Execution, DefenseEvasion, LateralMovement, CommandAndControl	`ContrastADRAttackEvents_CL`
Contrast ADR - Exploited Attack in Production	High	InitialAccess, Execution, DefenseEvasion, LateralMovement, CommandAndControl	`ContrastADRAttackEvents_CL`
Contrast ADR - Security Incident Alert	Medium	InitialAccess, DefenseEvasion, Discovery, CommandAndControl	`ContrastADRIncidents_CL`
Contrast ADR - WAF Alert Correlation	Medium	InitialAccess, DefenseEvasion, CommandAndControl	`ContrastADRAttackEvents_CL`

Workbooks

Name	Tables Used
ContrastADR_Command_Injection_Workbook	`ContrastADRAttackEvents_CL`
ContrastADR_Cross_Site_Scripting_Workbook	-
ContrastADR_Expression_Language_Injection_Workbook	-
ContrastADR_HTTP_Method_Tampering_Workbook	-
ContrastADR_JNDI_Injection_Workbook	`ContrastADRAttackEvents_CL`
ContrastADR_Path_Traversal_Workbook	`ContrastADRAttackEvents_CL`
ContrastADR_SQL_Injection_Workbook	`ContrastADRAttackEvents_CL`
ContrastADR_Untrusted_Deserialization_Workbook	`ContrastADRAttackEvents_CL`
ContrastADR_XML External_Entity_Injection_Injection_Workbook	`ContrastADRAttackEvents_CL`

Parsers

Name	Description	Tables Used
Contrast_alert_event_parser	-	-
Contrast_incident_parser	-	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.1.0	27-03-2026	Adding support for Contrast ADR CCF Connector and change in relevant components.
3.0.1	11-11-2025	Updated Workbook and parsing logic in both supported Parsers to improve accuracy and compatibility.
3.0.0	22-02-2025	Initial Solution Release.