What Changed
The CyberArk Audit Function App connector received documentation and configuration updates including critical deployment warnings and migration guidance. The primary change adds explicit disclaimers about deploying only one CyberArk connector option per workspace.
Security Impact (Visibility & Fidelity)
This update addresses a configuration risk where customers could inadvertently deploy both the legacy Function App and newer CCF-based CyberArk connectors simultaneously, resulting in duplicated audit log ingestion. The added warning states: “Deploy only one CyberArk Audit connector option in your workspace (either Azure Functions or Codeless Connector Framework). Deploying both is not recommended, as the data will be duplicated if both connectors are deployed.”
Key improvements:
- Enhanced connector description now clearly identifies this as the “Azure Functions” variant
- Streamlined deployment instructions with consolidated ARM template guidance
- Added explicit warnings about Azure Functions costs and Key Vault security model
- Updated configuration steps reference current CyberArk documentation
Affected Files
Solutions/CyberArkAudit/Data Connectors/CyberArkAudit_API_FunctionApp.json
(packaging artefacts: 3.1.0.zip, ReleaseNotes.md, mainTemplate.json)