New CCF Template: Azure Storage Blob Data Connector

What Changed

Added new CCF (Codeless Connector Framework) template for Azure Storage Blob data ingestion at DataConnectors/Templates/Connector_StorageBlob_CCF_template.json.

Ingestion Mechanism

Event-driven blob ingestion:

Uses Event Grid topic to monitor blob creation events in storage account
Automatic notification queue and dead-letter queue creation
Role assignments grant Microsoft Sentinel access to blob container and storage queues
Data flows through DCR (Data Collection Rule) with KQL transform capabilities

Configuration requirements:

Blob container URL and optional folder path
Storage account location, resource group, and subscription details
Existing Event Grid topic name (if present) or creates new one

Detection Surface Unlocked

Enables collection of security logs from:

Custom applications writing structured logs to blob storage
Third-party security tools using blob storage for log export
Archive data recovery for historical analysis
Any system capable of writing JSON/text logs to Azure Storage blobs

Template includes customizable table schema and transform KQL for data normalization.

Affected Files

DataConnectors/Templates/Connector_StorageBlob_CCF_template.json

What Changed#

Ingestion Mechanism#

Detection Surface Unlocked#

Affected Files#

What Changed

Ingestion Mechanism

Detection Surface Unlocked

Affected Files