Skip to content

[IONIX] Migrate to Codeless Connector Framework (CCF) v4.0.0#13524

Open
ItaiMargalit wants to merge 3 commits intoAzure:masterfrom
ItaiMargalit:feature/ionix-ccf-migration
Open

[IONIX] Migrate to Codeless Connector Framework (CCF) v4.0.0#13524
ItaiMargalit wants to merge 3 commits intoAzure:masterfrom
ItaiMargalit:feature/ionix-ccf-migration

Conversation

@ItaiMargalit
Copy link

@ItaiMargalit ItaiMargalit commented Jan 29, 2026
edited
Loading

Summary

  • Migrated IONIX connector from HTTP Data Collector API (push model) to Codeless Connector Framework (CCF) with RestApiPoller (pull model)
  • Automatic daily polling from IONIX API - no need to configure IONIX portal to push data
  • Simplified setup - users just enter API token and account name
  • Added query-time deduplication using id_s field to prevent duplicate action items
  • Data continues to flow to existing CyberpionActionItems_CL table

Changes

  • mainTemplate.json: Added RestApiPoller data connector with DCE/DCR resources
  • Workbooks/IONIXOverviewWorkbook.json: Updated KQL queries with summarize arg_max(TimeGenerated, *) by id_s deduplication
  • Analytic Rules/HighUrgencyActionItems.yaml: Updated query with id_s deduplication, bumped version to 1.0.2
  • ReleaseNotes.md: Added v4.0.0 changelog

itai.margalit added 2 commits January 29, 2026 12:04
[IONIX] Migrate to CCF RestApiPoller (v4.0.0)
0680c3b 
- Replace HTTP Data Collector API (push) with Codeless Connector Framework (pull)
- Add RestApiPoller with daily polling (1440 min) from IONIX API
- Simplified setup: API token + account name only
- Data continues to CyberpionActionItems_CL table
[IONIX] Add query-time deduplication using id_s
28a5355 
Updated workbook and analytics rule to use summarize arg_max(TimeGenerated, *)
by id_s for proper deduplication. This prevents duplicate action items from
appearing when the CCF RestApiPoller polls the same open items daily.

- Workbook queries now deduplicate by id_s before aggregating
- Analytics rule uses id_s deduplication instead of time bucket approach
- Historical chart counts distinct id_s per day
@ItaiMargalit ItaiMargalit requested review from a team as code owners January 29, 2026 13:40
@ItaiMargalit
Copy link
Author

ItaiMargalit commented Jan 29, 2026

@ItaiMargalit please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

  • (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
  • (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@microsoft-github-policy-service agree company="IONIX"

@v-atulyadav v-atulyadav added the Solution Solution specialty review needed label Jan 30, 2026
@claude
Fix ARM-TTK test: Remove unused restApiPollerName variable
05e4744 
Removed the unused 'restApiPollerName' variable from mainTemplate.json
to fix the "Variables Must Be Referenced" ARM-TTK test failure.

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
@v-maheshbh
Copy link
Contributor

v-maheshbh commented Feb 2, 2026

Hi @ItaiMargalit

Kindly refer to the below-mentioned solution for the correct folder structure and update the necessary changes.
https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cloudflare%20CCF

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-maheshbh v-maheshbh

Labels

Solution Solution specialty review needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ItaiMargalit @v-maheshbh @v-atulyadav