What Changed
Updated GreyNoise Threat Intelligence connector v3.1.1 with packaging fixes, security improvements, and table name updates:
- Fixed Function App packaging error with outdated aka.ms URL reference
- Updated ARM template to use securestring for API key and client secret parameters
- Enhanced error logging in the Python connector code
- Updated connector configuration and workbooks to reference the new ThreatIntelIndicators table
- Fixed typo in class name and improved HTTP error handling
Security Impact (Visibility & Fidelity)
The primary impact is operational reliability rather than detection coverage. Key improvements:
- Deployment Security: ARM template now properly protects sensitive parameters (API keys, client secrets) using securestring type instead of plain text
- Packaging Reliability: Fixed broken Function App deployment URL that would cause installation failures for new deployments
- Table Schema Alignment: Updated queries and workbooks to use the current ThreatIntelIndicators table instead of the legacy ThreatIntelligenceIndicator table
Existing deployments continue to function, but new installations on v3.1.0 and earlier would fail due to the packaging URL issue.
Affected Files
Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseAPISentinelConnector/main.py
Solutions/GreyNoiseThreatIntelligence/Data Connectors/GreyNoiseConnector_UploadIndicatorsAPI.json
Solutions/GreyNoiseThreatIntelligence/Data Connectors/azuredeploy_Connector_GreyNoiseAPISentinel_AzureFunction.json
Solutions/GreyNoiseThreatIntelligence/Workbooks/GreyNoiseOverview.json
(packaging artefacts: 3.1.1.zip, GreyNoiseAPISentinelConn.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_GreyNoise.json, mainTemplate.json)