OneTrust Data Security Platform Connector: New Privacy and Risk Management Visibility

Data Source

OneTrust Data Security Platform ingests privacy compliance, data governance, risk assessment, and consent management events into the OneTrustMetadata_CL custom table.

Ingestion Mechanism

CCF-based connector using DCR/DCE architecture. The connector polls OneTrust API endpoints with OAuth2 authentication and transforms data via transformKql before ingestion.

Detection Surface Unlocked

This connector provides visibility into:

• Privacy compliance violations and data subject requests
• Cookie consent management and preference changes
• Data governance policy violations and risk assessments
• Third-party vendor risk scoring and assessment changes
• Data mapping and classification activities

Additional Updates

This PR also includes maintenance updates across multiple solutions:

• Azure WAF: Enhanced detection logic for code injection, path traversal, SQLi, XSS, and scanner detection
• MongoDB Atlas: Improved Function App connector with multiprocessing support and Key Vault secret integration
• CrowdStrike Falcon: Updated CCF connector configuration and DCR optimization
• CyberArk Audit: Enhanced error handling and authentication improvements

Affected Files

Solutions/OneTrust/Data Connectors/OneTrustLogs_CCF/OneTrustLogs_DCR.json Solutions/OneTrust/Data Connectors/OneTrustLogs_CCF/OneTrustLogs_connectorDefinition.json
Solutions/OneTrust/Data Connectors/OneTrustLogs_CCF/OneTrustLogs_dataConnector.json Solutions/OneTrust/Data Connectors/OneTrustLogs_CCF/OneTrustLogs_table.json Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/.yaml Solutions/MongoDBAtlas/Data Connectors/MongoDBAtlasLogs/GetMDBALogs/init.py Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/.json Solutions/CyberArkAudit/Data Connectors/CyberArkAuditConnector/audit.py (packaging artefacts: mainTemplate.json, createUiDefinition.json, SolutionMetadata.json, etc.)