What Changed
Fixed critical data ingestion issues in the D3 Smart SOAR CCF connector that was causing duplicate incident ingestion and broken pagination through multi-page API responses.
Security Impact (Visibility & Fidelity)
Pre-fix data corruption: The original Offset paging with “Page Index” (with space) parameter could not replace nested parameters inside the CommandParams POST body. This caused the connector to repeatedly ingest the same incidents across polling windows, creating duplicate entries in the D3SOARIncidents_CL table and corrupting incident correlation analysis.
Ingestion mechanism fix: Switched from broken Offset paging to CountBasedPaging using:
- $.CommandParams.PageIndex (no space) for proper nested JSON path parameter replacement
- $.outputData.TotalPages for accurate page count detection
- Zero-based indexing alignment with D3 API expectations
Data fidelity restoration: Testing confirmed each incident is now ingested exactly once with no duplicates, restoring accurate incident volume metrics and correlation capabilities. The connector now correctly paginates through multiple pages when incident volume exceeds PageSize limits.
Publisher ID synchronization: Updated publisherId to match Partner Center registration (d3securitymanagementsystemsinc1599258630765), ensuring proper solution packaging and deployment consistency.
Affected Files
Solutions/D3SmartSOAR/Data Connectors/D3SOAR_CCF/D3SOAR_PollingConfig.json
(packaging artefacts: 3.0.0.zip, SolutionMetadata.json, mainTemplate.json)