Upwind Cloud Security: New Data Connector Unlocks Cloud Asset Visibility

Data Source

Ingests compute platform assets from the Upwind cloud security platform via REST API, providing visibility into cloud infrastructure across AWS, Azure, and GCP environments. The connector focuses on asset inventory with integrated risk scoring, vulnerability assessments, and network exposure analysis.

Ingestion Mechanism

Function App-based connector using Python 3.11 with OAuth2 client credentials authentication. Timer-triggered function (hourly by default) that pages through Upwind inventory API and ships data to custom UpwindLogsAssets_CL table via Azure Monitor Ingestion API (DCE/DCR). Includes exponential backoff retry logic and cursor-based pagination.

Detection Surface Unlocked

Enables monitoring of cloud infrastructure security posture through asset risk correlation:

• Vulnerability Management: Critical/high vulnerability counts per asset with CVE-level detail
• Network Exposure: Public IP addresses and network risk scoring for internet-exposed resources
• Privilege Escalation Detection: High privilege risk indicators for assets with elevated permissions
• Data Protection: Sensitive data at rest/in transit discovery across cloud workloads
• Multi-Cloud Visibility: Unified asset view across AWS, Azure, and GCP environments

The connector populates structured fields for cloud account ID, resource type, region, protection status, and risk metrics that enable correlation with existing security telemetry for comprehensive cloud threat detection.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/UpwindLogsAssets_CL.json
Solutions/Upwind/Data Connectors/Logos/upwind.svg
Solutions/Upwind/Data Connectors/UpwindLogsLoader/__init__.py
Solutions/Upwind/Data Connectors/UpwindLogsLoader/config.py
Solutions/Upwind/Data Connectors/UpwindLogsLoader/function.json
Solutions/Upwind/Data Connectors/UpwindLogsLoader/upwind_catalog_client.py
Solutions/Upwind/Data Connectors/UpwindLogsLoader/upwind_client.py
Solutions/Upwind/Data Connectors/UpwindLogsLoader_API_FunctionApp.json
Solutions/Upwind/Data Connectors/azuredeploy_UpwindLogsLoader_API_FunctionApp.json
Solutions/Upwind/Data Connectors/createUiDef.json
Solutions/Upwind/Data Connectors/host.json
Solutions/Upwind/Data Connectors/requirements.txt
Solutions/Upwind/Package/testParameters.json
Solutions/Upwind/README.md
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_UpwindLogsLoader.json, UpwindLogsLoader.zip, createUiDefinition.json, mainTemplate.json)