What Changed
Fixed critical Function App connector bugs in CTM360 HackerView that prevented data ingestion:
- Corrected variable naming typo (“statsusss” → proper state handling) in backup flag logic
- Fixed backup condition to properly default to true on first deployment
- Added automatic file share creation in state_manager.py to prevent ResourceNotFoundError
Security Impact (Visibility & Fidelity)
Complete threat intelligence blind spot: Deployments running CTM360 HackerView v3.0.2 and earlier had zero data ingestion due to the Function App failing at startup. The backup flag feature contained a typo in the variable name and incorrect conditional logic that caused immediate failure on every execution attempt.
First deployment failure: New deployments could not complete initial setup due to missing file share initialization, resulting in ResourceNotFoundError during the first Function App execution. This prevented any organizations from successfully deploying this threat intelligence connector.
Impact scope: All CTM360 HackerView deployments were unable to ingest external threat intelligence data covering advanced persistent threats, domain infringement, malware campaigns, and breach credential intelligence. This represents a significant detection coverage gap for organizations relying on CTM360 threat feeds.
Data Source Recovery
CTM360 HackerView provides external threat intelligence covering:
- Advanced Persistent Threat (APT) campaigns and indicators
- Brand protection and domain infringement monitoring
- Breach credential and compromise card intelligence
- Malware family tracking and C2 infrastructure
- Executive impersonation and targeted attack detection
Data is ingested to the HackerViewLog_CL table via Function App with 5-minute polling intervals. This fix restores the complete CTM360 threat intelligence pipeline.
Affected Files
.script/tests/KqlvalidationsTests/CustomTables/CBSLog.json
.script/tests/KqlvalidationsTests/CustomTables/CBSLog_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_BreachedCredentials.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_BreachedCredentials_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_BreachedCredentials_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_CompromisedCards.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_CompromisedCards_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_CompromisedCards_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_DomainInfringement_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_DomainInfringement_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_Log_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_MalwareLogs.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_MalwareLogs_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_MalwareLogs_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_SubdomainInfringement.json
.script/tests/KqlvalidationsTests/CustomTables/CBS_SubdomainInfringement_AzureV2_CL.json
.script/tests/KqlvalidationsTests/CustomTables/HackerViewLog.json
.script/tests/KqlvalidationsTests/CustomTables/HackerViewLog_AzureV2_CL.json
.script/tests/detectionTemplateSchemaValidation/SkipConnectorIdsValidationsTemplates.json
.script/tests/detectionTemplateSchemaValidation/SkipStrcutreValidationsTemplates.json
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Solutions/CTM360/Analytic Rules/AutoGeneratedPage.yaml
Solutions/CTM360/Analytic Rules/BrandAbuse.yaml
Solutions/CTM360/Analytic Rules/BrandImpersonationHIGH.yaml
Solutions/CTM360/Analytic Rules/BrandImpersonationINFO.yaml
Solutions/CTM360/Analytic Rules/CBSAnyIssueDetected.yaml
Solutions/CTM360/Analytic Rules/CodeRepository.yaml
Solutions/CTM360/Analytic Rules/CompromisedCards.yaml
Solutions/CTM360/Analytic Rules/CookiesHttponlyFlagNotUsed.yaml
Solutions/CTM360/Analytic Rules/CookiesSamesiteFlagNotUsed.yaml
Solutions/CTM360/Analytic Rules/CookiesSecureFlagNotUsed.yaml
Solutions/CTM360/Analytic Rules/DMARCNotConfigured.yaml
Solutions/CTM360/Analytic Rules/DomainInfringemen.yaml
Solutions/CTM360/Analytic Rules/ExecutiveImpersonation.yaml
Solutions/CTM360/Analytic Rules/ExposedAdminLoginPage.yaml
Solutions/CTM360/Analytic Rules/ExposedEmailAddress.yaml
Solutions/CTM360/Analytic Rules/ExposedUserList.yaml
Solutions/CTM360/Analytic Rules/HackerViewAnyIssueDetected.yaml
Solutions/CTM360/Analytic Rules/HeaderContentSecurityPolicyMissing.yaml
Solutions/CTM360/Analytic Rules/HeaderHTTPStrictTransportSecurityMissing.yaml
Solutions/CTM360/Analytic Rules/HeaderReferrerPolicyMissing.yaml
Solutions/CTM360/Analytic Rules/HeaderWebServerExposed.yaml
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingInformational.yaml
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingLow.yaml
Solutions/CTM360/Analytic Rules/HeaderXFrameOptionsMissingMedium.yaml
Solutions/CTM360/Analytic Rules/HeaderXXSSProtectionMissing.yaml
Solutions/CTM360/Analytic Rules/LeakedCredential.yaml
Solutions/CTM360/Analytic Rules/Phishing.yaml
Solutions/CTM360/Analytic Rules/SPFNotConfigured.yaml
Solutions/CTM360/Analytic Rules/SPFPolicySetToSoftFail.yaml
Solutions/CTM360/Analytic Rules/SubdomainInfringement.yaml
Solutions/CTM360/Analytic Rules/SubresourceIntegritySRINotImplemented.yaml
Solutions/CTM360/Analytic Rules/SuspiciousMobileAppHigh.yaml
Solutions/CTM360/Analytic Rules/SuspiciousMobileAppINFO.yaml
Solutions/CTM360/Analytic Rules/TLSCertificateHostnameMismatch.yaml
Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherInformational.yaml
Solutions/CTM360/Analytic Rules/TLSCertificateUsingWeakCipherMedium.yaml
Solutions/CTM360/Analytic Rules/Tlsv11InUseInfo.yaml
Solutions/CTM360/Analytic Rules/Tlsv11InUseMedium.yaml
Solutions/CTM360/Analytic Rules/Tlsv1InUseLow.yaml
Solutions/CTM360/Analytic Rules/Tlsv1InUseMedium.yaml
Solutions/CTM360/Analytic Rules/apt_high.yaml
Solutions/CTM360/Analytic Rules/apt_informational.yaml
Solutions/CTM360/Analytic Rules/apt_low.yaml
Solutions/CTM360/Analytic Rules/apt_medium.yaml
Solutions/CTM360/Analytic Rules/attack_indication_high.yaml
Solutions/CTM360/Analytic Rules/attack_indication_informational.yaml
Solutions/CTM360/Analytic Rules/attack_indication_low.yaml
Solutions/CTM360/Analytic Rules/attack_indication_medium.yaml
Solutions/CTM360/Analytic Rules/auto_generated_page_high.yaml
Solutions/CTM360/Analytic Rules/auto_generated_page_informational.yaml
Solutions/CTM360/Analytic Rules/auto_generated_page_medium.yaml
Solutions/CTM360/Analytic Rules/baiting_news_site_high.yaml
Solutions/CTM360/Analytic Rules/baiting_news_site_informational.yaml
Solutions/CTM360/Analytic Rules/baiting_news_site_low.yaml
Solutions/CTM360/Analytic Rules/baiting_news_site_medium.yaml
Solutions/CTM360/Analytic Rules/brand_abuse_high.yaml
Solutions/CTM360/Analytic Rules/brand_abuse_informational.yaml
Solutions/CTM360/Analytic Rules/brand_abuse_low.yaml
Solutions/CTM360/Analytic Rules/brand_abuse_medium.yaml
Solutions/CTM360/Analytic Rules/brand_harassment_high.yaml
Solutions/CTM360/Analytic Rules/brand_harassment_informational.yaml
Solutions/CTM360/Analytic Rules/brand_harassment_low.yaml
Solutions/CTM360/Analytic Rules/brand_harassment_medium.yaml
Solutions/CTM360/Analytic Rules/brand_impersonation_informational.yaml
Solutions/CTM360/Analytic Rules/brand_impersonation_medium.yaml
Solutions/CTM360/Analytic Rules/breached_credential_high.yaml
Solutions/CTM360/Analytic Rules/breached_credential_informational.yaml
Solutions/CTM360/Analytic Rules/breached_credential_low.yaml
Solutions/CTM360/Analytic Rules/breached_credential_medium.yaml
Solutions/CTM360/Analytic Rules/code_repo_high.yaml
Solutions/CTM360/Analytic Rules/code_repo_informational.yaml
Solutions/CTM360/Analytic Rules/code_repo_low.yaml
Solutions/CTM360/Analytic Rules/code_repo_medium.yaml
Solutions/CTM360/Analytic Rules/code_repository_high.yaml
Solutions/CTM360/Analytic Rules/code_repository_low.yaml
Solutions/CTM360/Analytic Rules/code_repository_medium.yaml
Solutions/CTM360/Analytic Rules/compromised_cards_high.yaml
Solutions/CTM360/Analytic Rules/compromised_cards_informational.yaml
Solutions/CTM360/Analytic Rules/compromised_cards_low.yaml
Solutions/CTM360/Analytic Rules/compromised_cards_medium.yaml
Solutions/CTM360/Analytic Rules/cyber_evil_twin_site_high.yaml
Solutions/CTM360/Analytic Rules/cyber_evil_twin_site_informational.yaml
Solutions/CTM360/Analytic Rules/cyber_evil_twin_site_low.yaml
Solutions/CTM360/Analytic Rules/cyber_evil_twin_site_medium.yaml
Solutions/CTM360/Analytic Rules/dark_web_high.yaml
Solutions/CTM360/Analytic Rules/dark_web_informational.yaml
Solutions/CTM360/Analytic Rules/dark_web_low.yaml
Solutions/CTM360/Analytic Rules/dark_web_medium.yaml
Solutions/CTM360/Analytic Rules/data_leakage_high.yaml
Solutions/CTM360/Analytic Rules/data_leakage_informational.yaml
Solutions/CTM360/Analytic Rules/data_leakage_low.yaml
Solutions/CTM360/Analytic Rules/data_leakage_medium.yaml
Solutions/CTM360/Analytic Rules/digital_content_theft_high.yaml
Solutions/CTM360/Analytic Rules/digital_content_theft_informational.yaml
Solutions/CTM360/Analytic Rules/digital_content_theft_low.yaml
Solutions/CTM360/Analytic Rules/digital_content_theft_medium.yaml
Solutions/CTM360/Analytic Rules/domain_infringement_high.yaml
Solutions/CTM360/Analytic Rules/domain_infringement_informational.yaml
Solutions/CTM360/Analytic Rules/domain_infringement_low.yaml
Solutions/CTM360/Analytic Rules/domain_infringement_medium.yaml
Solutions/CTM360/Analytic Rules/doorway_page_high.yaml
Solutions/CTM360/Analytic Rules/doorway_page_informational.yaml
Solutions/CTM360/Analytic Rules/doorway_page_low.yaml
Solutions/CTM360/Analytic Rules/doorway_page_medium.yaml
Solutions/CTM360/Analytic Rules/email_fraud_high.yaml
Solutions/CTM360/Analytic Rules/email_fraud_informational.yaml
Solutions/CTM360/Analytic Rules/email_fraud_low.yaml
Solutions/CTM360/Analytic Rules/email_fraud_medium.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_3rd_party_high.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_3rd_party_informational.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_3rd_party_low.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_3rd_party_medium.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_internal_high.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_internal_informational.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_internal_low.yaml
Solutions/CTM360/Analytic Rules/employee_credentials_internal_medium.yaml
Solutions/CTM360/Analytic Rules/executive_impersonation_high.yaml
Solutions/CTM360/Analytic Rules/executive_impersonation_low.yaml
Solutions/CTM360/Analytic Rules/executive_impersonation_medium.yaml
Solutions/CTM360/Analytic Rules/executive_leaks_high.yaml
Solutions/CTM360/Analytic Rules/executive_leaks_informational.yaml
Solutions/CTM360/Analytic Rules/executive_leaks_low.yaml
Solutions/CTM360/Analytic Rules/executive_leaks_medium.yaml
Solutions/CTM360/Analytic Rules/exposed_email_address_informational.yaml
Solutions/CTM360/Analytic Rules/exposed_email_address_low.yaml
Solutions/CTM360/Analytic Rules/exposed_email_address_medium.yaml
Solutions/CTM360/Analytic Rules/exposed_misconfiguration_high.yaml
Solutions/CTM360/Analytic Rules/exposed_misconfiguration_informational.yaml
Solutions/CTM360/Analytic Rules/exposed_misconfiguration_low.yaml
Solutions/CTM360/Analytic Rules/exposed_misconfiguration_medium.yaml
Solutions/CTM360/Analytic Rules/fake_ad_high.yaml
Solutions/CTM360/Analytic Rules/fake_ad_informational.yaml
Solutions/CTM360/Analytic Rules/fake_ad_low.yaml
Solutions/CTM360/Analytic Rules/fake_ad_medium.yaml
Solutions/CTM360/Analytic Rules/hacker_chatter_high.yaml
Solutions/CTM360/Analytic Rules/hacker_chatter_informational.yaml
Solutions/CTM360/Analytic Rules/hacker_chatter_low.yaml
Solutions/CTM360/Analytic Rules/hacker_chatter_medium.yaml
Solutions/CTM360/Analytic Rules/inaccurate_content_high.yaml
Solutions/CTM360/Analytic Rules/inaccurate_content_informational.yaml
Solutions/CTM360/Analytic Rules/inaccurate_content_low.yaml
Solutions/CTM360/Analytic Rules/inaccurate_content_medium.yaml
Solutions/CTM360/Analytic Rules/leaked_credential_informational.yaml
Solutions/CTM360/Analytic Rules/leaked_credential_low.yaml
Solutions/CTM360/Analytic Rules/leaked_credential_medium.yaml
Solutions/CTM360/Analytic Rules/malicious_domain_high.yaml
Solutions/CTM360/Analytic Rules/malicious_domain_informational.yaml
Solutions/CTM360/Analytic Rules/malicious_domain_low.yaml
Solutions/CTM360/Analytic Rules/malicious_domain_medium.yaml
Solutions/CTM360/Analytic Rules/malicious_ip_high.yaml
Solutions/CTM360/Analytic Rules/malicious_ip_informational.yaml
Solutions/CTM360/Analytic Rules/malicious_ip_low.yaml
Solutions/CTM360/Analytic Rules/malicious_ip_medium.yaml
Solutions/CTM360/Analytic Rules/malicious_redirector_high.yaml
Solutions/CTM360/Analytic Rules/malicious_redirector_informational.yaml
Solutions/CTM360/Analytic Rules/malicious_redirector_low.yaml
Solutions/CTM360/Analytic Rules/malicious_redirector_medium.yaml
Solutions/CTM360/Analytic Rules/malware_high.yaml
Solutions/CTM360/Analytic Rules/malware_informational.yaml
Solutions/CTM360/Analytic Rules/malware_low.yaml
Solutions/CTM360/Analytic Rules/malware_medium.yaml
Solutions/CTM360/Analytic Rules/money_mule_account_high.yaml
Solutions/CTM360/Analytic Rules/money_mule_account_informational.yaml
Solutions/CTM360/Analytic Rules/money_mule_account_low.yaml
Solutions/CTM360/Analytic Rules/money_mule_account_medium.yaml
Solutions/CTM360/Analytic Rules/pharming_high.yaml
Solutions/CTM360/Analytic Rules/pharming_informational.yaml
Solutions/CTM360/Analytic Rules/pharming_low.yaml
Solutions/CTM360/Analytic Rules/pharming_medium.yaml
Solutions/CTM360/Analytic Rules/phish_redirector_high.yaml
Solutions/CTM360/Analytic Rules/phish_redirector_informational.yaml
Solutions/CTM360/Analytic Rules/phish_redirector_low.yaml
Solutions/CTM360/Analytic Rules/phish_redirector_medium.yaml
Solutions/CTM360/Analytic Rules/phishing_informational.yaml
Solutions/CTM360/Analytic Rules/phishing_low.yaml
Solutions/CTM360/Analytic Rules/phishing_medium.yaml
Solutions/CTM360/Analytic Rules/ransomware_high.yaml
Solutions/CTM360/Analytic Rules/ransomware_informational.yaml
Solutions/CTM360/Analytic Rules/ransomware_low.yaml
Solutions/CTM360/Analytic Rules/ransomware_medium.yaml
Solutions/CTM360/Analytic Rules/se_vulnerability_high.yaml
Solutions/CTM360/Analytic Rules/se_vulnerability_informational.yaml
Solutions/CTM360/Analytic Rules/se_vulnerability_low.yaml
Solutions/CTM360/Analytic Rules/se_vulnerability_medium.yaml
Solutions/CTM360/Analytic Rules/smshing_high.yaml
Solutions/CTM360/Analytic Rules/smshing_informational.yaml
Solutions/CTM360/Analytic Rules/smshing_low.yaml
Solutions/CTM360/Analytic Rules/smshing_medium.yaml
Solutions/CTM360/Analytic Rules/spam_high.yaml
Solutions/CTM360/Analytic Rules/spam_informational.yaml
Solutions/CTM360/Analytic Rules/spam_low.yaml
Solutions/CTM360/Analytic Rules/spam_medium.yaml
Solutions/CTM360/Analytic Rules/subdomain_infringement_high.yaml
Solutions/CTM360/Analytic Rules/subdomain_infringement_informational.yaml
Solutions/CTM360/Analytic Rules/subdomain_infringement_low.yaml
Solutions/CTM360/Analytic Rules/subdomain_infringement_medium.yaml
Solutions/CTM360/Analytic Rules/survey_scam_high.yaml
Solutions/CTM360/Analytic Rules/survey_scam_informational.yaml
Solutions/CTM360/Analytic Rules/survey_scam_low.yaml
Solutions/CTM360/Analytic Rules/survey_scam_medium.yaml
Solutions/CTM360/Analytic Rules/suspicious_documents_high.yaml
Solutions/CTM360/Analytic Rules/suspicious_documents_informational.yaml
Solutions/CTM360/Analytic Rules/suspicious_documents_low.yaml
Solutions/CTM360/Analytic Rules/suspicious_documents_medium.yaml
Solutions/CTM360/Analytic Rules/suspicious_email_high.yaml
Solutions/CTM360/Analytic Rules/suspicious_email_informational.yaml
Solutions/CTM360/Analytic Rules/suspicious_email_low.yaml
Solutions/CTM360/Analytic Rules/suspicious_email_medium.yaml
Solutions/CTM360/Analytic Rules/suspicious_mobile_app_low.yaml
Solutions/CTM360/Analytic Rules/suspicious_mobile_app_medium.yaml
Solutions/CTM360/Analytic Rules/targeted_malware_high.yaml
Solutions/CTM360/Analytic Rules/targeted_malware_informational.yaml
Solutions/CTM360/Analytic Rules/targeted_malware_low.yaml
Solutions/CTM360/Analytic Rules/targeted_malware_medium.yaml
Solutions/CTM360/Analytic Rules/trap_10_high.yaml
Solutions/CTM360/Analytic Rules/trap_10_informational.yaml
Solutions/CTM360/Analytic Rules/trap_10_low.yaml
Solutions/CTM360/Analytic Rules/trap_10_medium.yaml
Solutions/CTM360/Analytic Rules/unauthorized_association_high.yaml
Solutions/CTM360/Analytic Rules/unauthorized_association_informational.yaml
Solutions/CTM360/Analytic Rules/unauthorized_association_low.yaml
Solutions/CTM360/Analytic Rules/unauthorized_association_medium.yaml
Solutions/CTM360/Analytic Rules/unauthorized_job_posting_high.yaml
Solutions/CTM360/Analytic Rules/unauthorized_job_posting_informational.yaml
Solutions/CTM360/Analytic Rules/unauthorized_job_posting_low.yaml
Solutions/CTM360/Analytic Rules/unauthorized_job_posting_medium.yaml
Solutions/CTM360/Analytic Rules/user_credentials_mobile_app_high.yaml
Solutions/CTM360/Analytic Rules/user_credentials_mobile_app_informational.yaml
Solutions/CTM360/Analytic Rules/user_credentials_mobile_app_low.yaml
Solutions/CTM360/Analytic Rules/user_credentials_mobile_app_medium.yaml
Solutions/CTM360/Analytic Rules/user_credentials_web_app_high.yaml
Solutions/CTM360/Analytic Rules/user_credentials_web_app_informational.yaml
Solutions/CTM360/Analytic Rules/user_credentials_web_app_low.yaml
Solutions/CTM360/Analytic Rules/user_credentials_web_app_medium.yaml
Solutions/CTM360/Analytic Rules/vip_credential_high.yaml
Solutions/CTM360/Analytic Rules/vip_credential_informational.yaml
Solutions/CTM360/Analytic Rules/vip_credential_low.yaml
Solutions/CTM360/Analytic Rules/vip_credential_medium.yaml
Solutions/CTM360/Analytic Rules/vishing_high.yaml
Solutions/CTM360/Analytic Rules/vishing_informational.yaml
Solutions/CTM360/Analytic Rules/vishing_low.yaml
Solutions/CTM360/Analytic Rules/vishing_medium.yaml
Solutions/CTM360/Data Connectors/CCF/CBS/CTM360_CBS_ConnectorDefinition.json
Solutions/CTM360/Data Connectors/CCF/CBS/CTM360_CBS_DCR.json
Solutions/CTM360/Data Connectors/CCF/CBS/CTM360_CBS_PollingConfig.json
Solutions/CTM360/Data Connectors/CCF/CBS/CTM360_CBS_TablesV2.json
Solutions/CTM360/Data Connectors/CCF/HackerView/CTM360_HV_ConnectorDefinition.json
Solutions/CTM360/Data Connectors/CCF/HackerView/CTM360_HV_DCR.json
Solutions/CTM360/Data Connectors/CCF/HackerView/CTM360_HV_PollingConfig.json
Solutions/CTM360/Data Connectors/CCF/HackerView/CTM360_HV_TablesV2.json
Solutions/CTM360/Data/CTM360.json
Solutions/CTM360/Package/testParameters.json
Solutions/CTM360/Parsers/CBSLog_Parser.yaml
Solutions/CTM360/Parsers/CBS_BreachedCredentials_Parser.yaml
Solutions/CTM360/Parsers/CBS_CompromisedCards_Parser.yaml
Solutions/CTM360/Parsers/CBS_DomainInfringement_Parser.yaml
Solutions/CTM360/Parsers/CBS_MalwareLogs_Parser.yaml
Solutions/CTM360/Parsers/CBS_SubdomainInfringement_Parser.yaml
Solutions/CTM360/Parsers/HackerViewLog_Parser.yaml
(packaging artefacts: 3.0.3.zip, createUiDefinition.json, mainTemplate.json)