What Changed
New standalone playbook AS-Checkmarx-SAST-Ingestion that creates unidirectional integration between Checkmarx SAST (Static Application Security Testing) and Microsoft Sentinel for application vulnerability monitoring.
Data Source
Checkmarx SAST integration pulls completed scan findings from Checkmarx One platform via REST API, ingesting static code analysis results into custom log table CheckmarxSASTFindings_CL.
API authentication: Supports both OAuth client_credentials (recommended) and refresh_token grant types with configurable regional endpoints (US, EU, DEU, ANZ, IND).
Ingestion Mechanism
DCR-based ingestion using Data Collection Rules (DCR), Data Collection Endpoints (DCE), and custom log tables. Logic App runs daily to collect findings from the previous 24 hours with configurable batch size (recommended 200 results per request).
Schema coverage: Ingests comprehensive SAST data including vulnerability details (QueryName, Severity, CweID, CVSS score), source code location (SourceFileName, line/column), scan metadata, and compliance framework mappings.
Detection Surface Unlocked
Application vulnerability tracking: Enables monitoring of static code analysis findings across development lifecycle, supporting vulnerability trend analysis, compliance reporting, and integration with broader security operations.
KQL query capabilities: Pre-configured sample queries for severity analysis, language-specific findings, CVSS score distribution, and source file vulnerability hotspots.
Affected Files
Playbooks/AS-Checkmarx-SAST-Ingestion/AzureDeployDCE.json
Playbooks/AS-Checkmarx-SAST-Ingestion/AzureDeploySASTDCR.json
Playbooks/AS-Checkmarx-SAST-Ingestion/AzureDeploySASTTable.json
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Custom_Logs_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_DCR_Access_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_DCR_Access_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_DCR_Access_3.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_DCR_Access_4.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_3.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_DCE_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_DCE_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_DCR_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_DCR_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Deploy_Table_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Initial_Run_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Initial_Run_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Integration_Demo_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_3.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_4.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_5.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_6.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_7.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Key_Vault_Access_8.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Log_Analytics_Workspace_1.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Log_Analytics_Workspace_2.png
Playbooks/AS-Checkmarx-SAST-Ingestion/Images/Checkmarx_SAST_Log_Analytics_Workspace_3.png
Playbooks/AS-Checkmarx-SAST-Ingestion/README.md
Playbooks/AS-Checkmarx-SAST-Ingestion/azuredeploy.json