New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

What Changed

New Content Hub solution for blacklens.io Attack Surface Management (ASM) platform, providing external security posture monitoring capabilities. Includes complete infrastructure for webhook-based alert ingestion via Logic Apps and DCR/DCE architecture.

Data Source

blacklens.io is an Attack Surface Management platform that combines automated security analysis, continuous monitoring, and penetration testing. The integration captures alerts from features including Darknet Monitoring, Vulnerability Scanning, and XDR Response.

Ingestion Mechanism

DCR-based ingestion using:

• Logic App webhook endpoint receives blacklens.io alerts
• Custom Log Analytics table blacklens_CL with schema for alert metadata (id, severity, message, payload)
• Data Collection Rule transforms and routes alerts to Microsoft Sentinel workspace

Detection Surface Unlocked

The solution enables visibility into external attack surface threats including reconnaissance activities, credential exposures, and vulnerability discoveries affecting organisational assets outside the traditional network perimeter. Bundled analytics rule creates incidents with severity mapping and entity extraction for investigation workflows.

MITRE Coverage

Covers reconnaissance and initial access techniques including T1595 (Active Scanning), T1583 (Acquire Infrastructure), T1190 (Exploit Public-Facing Application), and T1110 (Brute Force). Additional coverage spans credential access, collection, and exfiltration techniques relevant to external threat monitoring.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/blacklens_CL.json
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Logos/blacklens.svg
Solutions/Blacklens/Analytic Rules/blacklensInsights.yaml
Solutions/Blacklens/Data Connectors/blacklens_io.json
Solutions/Blacklens/Data Connectors/deployment/azuredeploy_blacklens.json
Solutions/Blacklens/Package/testParameters.json
Solutions/Blacklens/README.md
Workbooks/Images/Logos/blacklens.svg
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_Blacklens.json, createUiDefinition.json, mainTemplate.json)