What Changed
New BigID Data Security Posture Management (DSPM) solution version 3.0.0 introduces a CCF-based connector for comprehensive data security monitoring and compliance tracking.
Data Sources Enabled
The connector ingests three types of data security intelligence:
- DSPM Cases: Actionable insights and security cases from BigID DSPM platform
- Affected Objects: Detailed information about data assets impacted by security issues
- Data Source Details: Comprehensive metadata about monitored data repositories and connections
Ingestion Mechanism
Uses CCF with nested API calls to enrich case data:
- Primary API fetches all DSPM cases from /api/v1/actionable-insights/all-cases
- Secondary calls to /api/v1/data-catalog/ for affected object details
- Tertiary calls to /api/v1/ds_connections/ for data source metadata
Security Impact (Visibility & Fidelity)
Organizations with BigID DSPM deployments gain unified visibility into data security posture within Microsoft Sentinel. This addresses the operational gap where data security insights were siloed in BigID platform, preventing correlation with broader security events and centralized SIEM analysis.
DCR Transform Logic
The DCR applies metadata enrichment ensuring proper temporal indexing and vendor classification for security analytics.
Affected Files
Solutions/BigID/Data Connectors/BigIDDSPMLogs_ccp/BigIDDSPMLogs_DCR.json Solutions/BigID/Data Connectors/BigIDDSPMLogs_ccp/BigIDDSPMLogs_connectorDefinition.json Solutions/BigID/Data Connectors/BigIDDSPMLogs_ccp/BigIDDSPMLogs_PollerConfig.json (packaging artefacts: mainTemplate.json, createUiDefinition.json, SolutionMetadata.json)