What Changed
The Cyren-SentinelOne threat intelligence Playbook template was updated to mark credential parameters as securestring instead of plain string, addressing a security policy compliance issue (Policy 300.4.1.1).
Three credential parameters in the Logic App definition were changed from type “string” to “securestring”:
- Cyren_IpReputation_JwtToken
- Cyren_MalwareUrl_JwtToken
- SentinelOne_ApiToken
Security Impact
This fixes a credential exposure risk in the Playbook deployment template. Prior to this change, JWT tokens and API keys were stored as plain text parameters in the Logic App definition, making them visible in deployment logs and ARM template outputs. The securestring typing ensures these credentials are properly masked during deployment and runtime operations.
Deployments of the Cyren-SentinelOne solution using version 3.0.0 prior to this fix had credential parameters exposed in deployment artifacts — this represents a potential credential leak vector that is now resolved.
Affected Files
Solutions/Cyren-SentinelOne-ThreatIntelligence/Playbooks/CyrenToSentinelOne_Playbook.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, mainTemplate.json)