What Changed
Imperva Cloud WAF connector promoted to public preview with standard table migration. The CCF connector now ingests into the standard SentinelImpervaWAFCloudV2Logs table instead of custom ImpervaWAFCloudV2_CL.
Security Impact (Visibility & Fidelity)
Data continuity maintained through parser union. The updated parser (ImpervaWAFCloud) now combines data from three sources:
- Legacy Azure Function custom table (ImpervaWAFCloud_CL)
- Private preview CCF custom table (ImpervaWAFCloudV2_CL)
- Public preview CCF standard table (SentinelImpervaWAFCloudV2Logs)
All WAF event fields preserved including attack detection, request analysis, and geolocation data. No data fidelity loss during transition.
CCF Connector Changes
- DCR simplified from complex custom stream with transformKql to standard Microsoft-managed stream
- Polling config updated to use SENTINEL_IMPERVA_WAF_CLOUD_V2_LOGS stream
- Connector definition enhanced with improved sample queries and connectivity checks
- Standard table schema provides 40+ normalized fields for WAF events
Affected Files
.script/tests/KqlvalidationsTests/CustomTables/SentinelImpervaWAFCloudV2Logs.json
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaCloudWAFLogs_ccf/ImpervaCloudWAFLogs_ConnectorDefinition.json
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaCloudWAFLogs_ccf/ImpervaCloudWAFLogs_DCR.json
Solutions/ImpervaCloudWAF/Data Connectors/ImpervaCloudWAFLogs_ccf/ImpervaCloudWAFLogs_PollingConfig.json
Solutions/ImpervaCloudWAF/Parsers/ImpervaWAFCloud.yaml
Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1
(packaging artefacts: 3.1.0.zip, ReleaseNotes.md, Solution_ImpervaCloudWAF.json, createUiDefinition.json, mainTemplate.json)