ExtraHop RevealX: Azure Monitor Logs Ingestion API Replaces Legacy HTTP Data Collector

What Changed

ExtraHop solution v3.0.2 migrates the Azure Functions data connector from the legacy HTTP Data Collector API to the Azure Monitor Logs Ingestion API.

Data Ingestion Architecture

Legacy HTTP Data Collector API removal:

• Replaced SharedKey authentication with OAuth 2.0 client credentials
• Removed custom signature generation and HTTP request handling
• Eliminated retry logic for HTTP status codes (429, 500, 503)

New Azure Monitor Logs Ingestion API implementation:

• Authentication: ClientSecretCredential with Azure Government cloud support
• Ingestion: LogsIngestionClient with DCR-based routing
• Configuration: Added environment variables for DCR_RULE_ID, AZURE_DATA_COLLECTION_ENDPOINT, SCOPE

Parser Updates

Schema compatibility fixes:

• Updated parser logic to handle new field names without _s/_d suffixes
• Maintains backward compatibility with existing queries
• Version bump from 1.0.1 to 2.0.0 reflects schema changes

Security Impact (Visibility & Fidelity)

Modern authentication: OAuth 2.0 credentials provide improved security posture compared to workspace key authentication.

API deprecation mitigation: Proactive migration prevents future ingestion failures when Microsoft deprecates the HTTP Data Collector API.

No data loss: Schema changes maintain field mapping compatibility — existing analytics and hunting queries remain functional.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/ExtraHopDetections.json
.script/tests/KqlvalidationsTests/CustomTables/ExtraHop_Detections_CL.json
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/extrahop.py
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHopSentinelActivity/sentinel.py
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/ExtraHop_FunctionApp.json
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/SharedCode/consts.py
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/azuredeploy_ExtraHop_AzureFunction.json
Solutions/ExtraHop/Data Connectors/ExtraHopDataConnector/requirements.txt
Solutions/ExtraHop/Parsers/ExtraHopDetections.yaml
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.0.2.zip, ExtraHopDataConnector.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_ExtraHop.json, mainTemplate.json)