What Changed
The ContrastADR solution parsers have been updated to use column_ifexists() functions instead of direct column references, improving error handling when expected columns are missing from ingested data. Additionally, workbook templates have been corrected to remove hardcoded resource IDs.
Security Impact (Visibility & Fidelity)
Parser improvements ensure consistent data mapping even when Contrast ADR API responses vary in structure or contain missing fields. This prevents parser failures that could result in data ingestion gaps for application security events.
The changes maintain visibility into critical web application security events including SQL injection, XSS, command injection, and other OWASP Top 10 attacks monitored by Contrast ADR.
Affected Files
Solutions/ContrastADR/Parsers/Contrast_alert_event_parser.yaml
Solutions/ContrastADR/Parsers/Contrast_incident_parser.yaml
Solutions/ContrastADR/Workbooks/ (9 threat-specific workbooks updated)
Solutions/ContrastADR/Data Connectors/azuredeploy_ContrastADR_functionapp.json
(packaging artifacts and workbook metadata)