What Changed

Fixed parameter name inconsistency in the Azure DevOps Audit Logs CCF connector configuration that was preventing the connector from functioning. The queryParameters keys were changed from “from”/“to” to “startTime”/“endTime” to match the corresponding StartTimeAttributeName/EndTimeAttributeName values.

Security Impact (Visibility & Fidelity)

This was a complete connector failure. Deployments running the previous version experienced zero audit log ingestion from Azure DevOps due to the parameter mismatch. The CCF framework could not reconcile the time-window parameters, causing the connector to fail during configuration.

Per PR discussion: deployments now show “Connected” status after applying this fix, confirming that the connector was previously non-functional and audit visibility has been restored.

Data Source

Azure DevOps audit logs provide visibility into:

  • Project and organization-level configuration changes
  • User access and permission modifications
  • Pipeline and repository security events
  • Administrative actions across Azure DevOps services

This connector failure represented a complete blind spot for Azure DevOps security monitoring in affected deployments.

Affected Files

Solutions/AzureDevOpsAuditing/Data Connectors/AzureDevOpsAuditLogs_CCP/AzureDevOpsAuditLogs_PollingConfig.json
(packaging artefacts: 3.0.9.zip, ReleaseNotes.md, Solution_AzureDevOpsAuditing.json, mainTemplate.json)