IONIX: Migration to CCF RestApiPoller with Enhanced Data Deduplication

What Changed

Migrated IONIX connector from HTTP Data Collector API (push model) to CCF RestApiPoller (pull model) with automatic daily polling and added query-time deduplication across analytics and workbooks.

Security Impact (Visibility & Fidelity)

Enhanced attack surface management visibility through automated data collection:

• Previous State: Required manual IONIX portal configuration to push data; susceptible to duplicate action items causing false positive alerts
• Current State: Automatic daily polling from IONIX API with query-time deduplication using id_s field prevents duplicate processing
• Operational Improvement: Simplified setup requiring only API token and account name; eliminates manual portal configuration dependency

MITRE Mapping

• T1195 (Supply Chain Compromise): Enhanced detection coverage through continuous ingestion of supply chain security findings from IONIX Attack Surface Management platform

Data Collection Architecture

• Ingestion Method: CCF RestApiPoller with 24-hour query window, 5 QPS rate limiting
• Target Table: CyberpionActionItems_CL (maintains compatibility with existing analytics)
• Deduplication Logic: arg_max(TimeGenerated, *) by id_s ensures latest state per action item
• API Endpoint: https://api.portal.ionix.io/api/v1/remediation/action-items/open/

Backwards Compatibility

Legacy HTTP Data Collector API connector marked as deprecated (removal scheduled June 2026). Updated analytics rule to version 1.0.2 and workbook queries with improved deduplication logic. Data continues flowing to existing CyberpionActionItems_CL table ensuring seamless migration.

Affected Files

Solutions/IONIX/Analytic Rules/HighUrgencyActionItems.yaml
Solutions/IONIX/Data Connectors/IONIXActionItems_CCF/IONIX_ConnectorDefinition.json
Solutions/IONIX/Data Connectors/IONIXActionItems_CCF/IONIX_DCR.json
Solutions/IONIX/Data Connectors/IONIXActionItems_CCF/IONIX_PollerConfig.json
Solutions/IONIX/Data Connectors/IONIXActionItems_CCF/IONIX_Table.json
Solutions/IONIX/Data Connectors/IONIXSecurityLogs.json
Solutions/IONIX/Package/testParameters.json
Solutions/IONIX/Workbooks/IONIXOverviewWorkbook.json
(packaging artefacts: 3.1.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_IONIX.json, createUiDefinition.json, mainTemplate.json)