What Changed
XBOW Data Connector upgraded from API version 2026-02-01 to 2026-04-01, enhanced assessment data collection to include full detail records, and improved error handling for 400 Bad Request responses. Solution version updated from 3.0.0 to 3.0.1.
Security Impact (Visibility & Fidelity)
Previous assessment ingestion only captured summary data from the list endpoint, missing critical offensive security metrics. This update fetches full assessment details including:
- Attack Credits: Quantified measure of offensive security testing resources consumed per assessment
- Recent Events: Detailed activity logs showing specific attack progression and technique execution
- Enhanced Error Handling: 400 Bad Request responses now provide explicit error details instead of generic failures
Assessment events now provide complete visibility into offensive security testing activities, enabling SOC teams to correlate attack simulation results with defensive telemetry and measure security control effectiveness against real-world attack techniques.
Data Enrichment Improvements
- Assessment Events: Now includes attackCredits and recentEvents fields populated from full detail API calls
- State Management: Refactored to use dataclass structure for improved reliability and type safety
- API Compatibility: Updated User-Agent to version 1.1 and API version header to 2026-04-01
- Analytic Rules: Updated incident grouping to use consistent field naming (FindingID instead of FindingId)
Affected Files
Solutions/XBOW/Analytic Rules/XbowCriticalHighFindings.yaml
Solutions/XBOW/Analytic Rules/XbowLowFindings.yaml
Solutions/XBOW/Analytic Rules/XbowMediumFindings.yaml
Solutions/XBOW/Analytic Rules/XbowNewAssetDiscovered.yaml
Solutions/XBOW/Data Connectors/AzureFunctionXbow/main.py
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, Solution_Xbow.json, Xbow.zip, mainTemplate.json)