Feedly Threat Intelligence: Migration from Azure Functions to Native CCF Connector

What Changed

The Feedly Threat Intelligence solution has been fully migrated from Azure Functions-based ingestion to the native Microsoft Sentinel Codeless Connector Framework (CCF). This architectural modernization removes all custom Python polling logic and Function App infrastructure dependencies.

Security Impact (Visibility & Fidelity)

No loss of threat intelligence coverage — the CCF connector maintains identical data ingestion from Feedly IoC feeds into the feedly_indicators_CL table. The migration improves reliability by leveraging Sentinel native scheduling, authentication, pagination, and ingestion mechanisms instead of custom Function App code.

The change eliminates potential blind spots from Function App failures or maintenance overhead, ensuring consistent threat intelligence flow for detection engineering teams.

Ingestion Mechanism

Replaced Azure Function timer trigger with CCF REST API polling connector using:

• Native DCR/DCE ingestion pipeline
• Sentinel-managed authentication and retry logic
• Automated pagination for Feedly stream contents API
• Built-in state management for incremental data collection

Files Removed

• Complete Azure Function codebase (251 lines of Python across 6 modules)
• Function App deployment template (azuredeploy_Connector_Feedly_AzureFunction.json)
• Custom state management and Sentinel API integration code
• Function configuration files and requirements

Files Added

• New CCF deployment template (azuredeploy_Connector_Feedly_CCP.json) with 657 lines of ARM template
• Native DCR configuration for feedly_indicators_CL table schema

Deployment Impact

Existing deployments using the Azure Function connector will need to migrate to the new CCF connector. The CCF connector provides the same threat intelligence coverage with reduced infrastructure complexity and improved maintainability.

Affected Files

Solutions/Feedly/Data Connectors/FeedlySentinelConnector/__init__.py
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/config.py
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/feedly_downloader.py
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/function.json
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/local.settings.json
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/sentinel_api.py
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/state_manager.py
Solutions/Feedly/Data Connectors/FeedlySentinelConnector/worker.py
Solutions/Feedly/Data Connectors/Feedly_API_AzureFunctionApp.json
Solutions/Feedly/Data Connectors/azuredeploy_Connector_Feedly_AzureFunction.json
Solutions/Feedly/Data Connectors/azuredeploy_Connector_Feedly_CCP.json
Solutions/Feedly/Data Connectors/host.json
Solutions/Feedly/Data Connectors/proxies.json
Solutions/Feedly/Data Connectors/requirements.txt
(packaging artefacts: FeedlyAzureFunction.zip)