XBOW Autonomous Security Platform: Function App Connector and Detection Rules

NEW Connector

XBOW Security Platform integrates autonomous offensive security testing with Microsoft Sentinel through a comprehensive solution providing asset discovery, vulnerability assessment, and finding correlation capabilities.

Data Source

The XBOW platform provides autonomous penetration testing and vulnerability assessment, ingesting:

• Asset inventory with configuration details and reachability checks
• Security findings with evidence, proof-of-concept exploits, and mitigation guidance
• Assessment lifecycle events including test execution history

Ingestion Mechanism

Function App-based connector with incremental sync strategy using Azure Blob Storage for state persistence. Populates three custom tables:

• XbowAssets_CL - Full asset inventory with configuration snapshots (credentials excluded)
• XbowFindings_CL - Enriched vulnerability findings with evidence and remediation
• XbowAssessments_CL - Assessment execution history with state changes

Detection Surface Unlocked

Four analytic rules provide coverage across XBOW findings severity spectrum:

• Critical/High findings detection for immediate response
• Medium severity finding monitoring
• Low severity finding baseline awareness
• New asset discovery for inventory tracking

MITRE Coverage

Detected MITRE techniques include T1190 (External Remote Services) and T1595 (Active Scanning) based on autonomous offensive security testing capabilities.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/XbowAssessments_CL.json
.script/tests/KqlvalidationsTests/CustomTables/XbowAssets_CL.json
.script/tests/KqlvalidationsTests/CustomTables/XbowFindings_CL.json
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Logos/XBOW.svg
Solutions/XBOW/Analytic Rules/XbowCriticalHighFindings.yaml
Solutions/XBOW/Analytic Rules/XbowLowFindings.yaml
Solutions/XBOW/Analytic Rules/XbowMediumFindings.yaml
Solutions/XBOW/Analytic Rules/XbowNewAssetDiscovered.yaml
Solutions/XBOW/Data Connectors/AzureFunctionXbow/function.json
Solutions/XBOW/Data Connectors/AzureFunctionXbow/main.py
Solutions/XBOW/Data Connectors/Xbow_API_Xbow.json
Solutions/XBOW/Data Connectors/azuredeploy_Xbow_API_Xbow.json
Solutions/XBOW/Data Connectors/host.json
Solutions/XBOW/Data Connectors/proxies.json
Solutions/XBOW/Data Connectors/requirements.txt
Solutions/XBOW/Package/testParameters.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_Xbow.json, Xbow.zip, createUiDefinition.json, mainTemplate.json)