What Changed
ESET PROTECT Platform Data Connector migrated from timestamp-based data filtering to delta token implementation for more reliable data ingestion. The connector version was bumped from 3.2.0 to 3.3.0.
Security Impact (Visibility & Fidelity)
Timestamp-based filtering in high-volume environments can miss events that occur within the same timestamp window or during clock skew scenarios. The previous implementation filtered data by occurTime for detections and createTime for incidents, which could result in data loss during rapid event generation or system time inconsistencies.
Delta tokens provide a sequential cursor mechanism that ensures no events are missed between polling intervals. This change eliminates the risk of blind spots where ESET security events could be lost due to temporal filtering limitations — particularly critical for threat detection and incident response activities.
Data Ingestion Mechanism
- Previous: Time-based filtering using occurTime and createTime timestamps
- Current: Delta token-based sequential processing with nextDeltaToken tracking
- Storage: Migrated from LastDetectionTime{DataSource} to LastData{DataSource} table structure
- Backwards Compatibility: Maintains support for version 3.0.0 deployments through automatic detection and fallback logic
Affected Files
Solutions/ESET Protect Platform/Data Connectors/main_sentinel.py
Solutions/ESET Protect Platform/Data Connectors/utils_sentinel.py
(packaging artefacts: FunctionAppESETProtectPlatform.zip)