DataBahn Platform: New CCF Connector for Real-Time Security Telemetry Ingestion

Data Source

DataBahn AI platform connector providing real-time telemetry ingestion for audit logs, operational alerts, and device inventory data. Uses CCF push pattern for direct data transmission to Microsoft Sentinel.

Ingestion Mechanism

CCF-based push connector with dedicated Data Collection Rule (DCR) and three custom Log Analytics tables:

• databahn_audit_logs_CL: User actions, object changes, tenant activities with success/failure tracking
• databahn_alerts_CL: Platform alerts with criticality levels, error codes, and dismissal status
• databahn_device_inventory_CL: Device discovery and inventory tracking

Uses Azure Monitor Ingestion API with Entra app registration authentication and automatic ARM deployment.

Detection Surface Unlocked

• User Activity Monitoring: Tracks privileged actions, object modifications, and access patterns through audit logs
• Operational Security: Monitors platform alerts for system anomalies, error conditions, and security events
• Asset Visibility: Provides device discovery and inventory tracking for network security assessments

Configuration Requirements

Requires automated ARM deployment creating DCR, Log Analytics tables, and Entra application registration. Platform integration uses service principal authentication with Monitoring Metrics Publisher RBAC role on the DCR.

Affected Files

Logos/databahn.svg
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_DCR.json
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_connectorDefinition.json
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_dataConnector.json
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_table_databahn_alerts.json
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_table_databahn_audit_logs.json
Solutions/Databahn/Data Connectors/DataBahn_PUSH_CCP/DataBahn_table_databahn_device_inventory.json
Solutions/Databahn/Package/testParameters.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_DataBahn.json, createUiDefinition.json, mainTemplate.json)