New Solution: meshStack Platform Event Logs Integration for Cloud Governance

Data Source

meshStack is a cloud platform management solution that helps platform engineering teams build, operate, and scale internal developer platforms (IDPs). This connector provides audit and governance visibility into platform operations including workspace management, resource provisioning, policy enforcement, and user access events.

Ingestion Mechanism

CCF-based connector with OAuth2 authentication using client credentials flow:

• Authentication: OAuth2 with API Key credentials (Key ID as client_id, Key Secret as client_secret)
• Data Collection: REST API polling of meshStack Events API at /api/meshobjects/mesheventlogs
• Destination Table: Custom table meshStackEventLogs_CL with 8 columns including TimeGenerated, EventTitle, EventType, WorkspaceName, AuthorIdentifier

The connector implements pagination support, configurable query windows (5-minute default), and rate limiting (10 QPS).

Detection Surface Unlocked

Enables monitoring of cloud platform governance and security events:

• Platform Access Control: User authentication, authorization, and role changes across workspaces
• Resource Governance: Policy violations, compliance failures, and privilege escalation attempts
• Audit Trail: Complete event logging for compliance requirements and forensic investigation
• Workspace Operations: Multi-cloud environment changes, configuration drift, and unauthorized modifications

This integration provides critical visibility into internal developer platform security, enabling SOC teams to correlate platform governance events with broader security incidents and detect insider threats or misconfigurations in cloud platform management.

Affected Files

Logos/meshcloud.svg
Solutions/meshStack/Data Connectors/meshStackEventLogs_ccp/meshStackEventLogs_DCR.json
Solutions/meshStack/Data Connectors/meshStackEventLogs_ccp/meshStackEventLogs_PollerConfig.json
Solutions/meshStack/Data Connectors/meshStackEventLogs_ccp/meshStackEventLogs_Table.json
Solutions/meshStack/Data Connectors/meshStackEventLogs_ccp/meshStackEventLogs_connectorDefinition.json
Solutions/meshStack/Package/testParameters.json
Solutions/meshStack/README.md
Solutions/meshStack/events-example-response.json
Tools/Create-Azure-Sentinel-Solution/common/get-ccp-details.ps1
(packaging artefacts: 3.0.0.zip, SolutionMetadata.json, Solution_meshStack.json, createUiDefinition.json, mainTemplate.json)