Data Source
Sonrai Security is a cloud infrastructure security platform that monitors cloud environments for compliance violations and security posture risks. The connector ingests Sonrai ticket data containing policy violations, resource misconfigurations, and compliance findings across multi-cloud environments.
Ingestion Mechanism
CCF push connector using Data Collection Rules (DCR) with Entra application authentication. Raw ticket data is sent directly from Sonrai’s platform to Microsoft Sentinel via the Ingestion API, populating the SonraiSecurityTickets_CL table.
Detection Surface Unlocked
This connector provides visibility into:
- Cloud resource compliance violations and policy breaches
- Infrastructure security posture deviations
- Critical resource misconfigurations across AWS, Azure, and GCP
- Compliance framework violations (SOX, HIPAA, PCI DSS, etc.)
- Resource ownership and assignment tracking for remediation workflows
Ticket fields include severity categories, resource types, assignment details, and organizational context - enabling correlation with other security events for comprehensive cloud security monitoring.
MITRE Coverage
Compliance monitoring capabilities align with:
- T1087 (Account Discovery) - through resource ownership tracking
- T1119 (Automated Collection) - via systematic compliance scanning
- T1499 (Endpoint Denial of Service) - detecting resource availability risks
Affected Files
Solutions/SonraiSecurity/Data Connectors/SonraiSecurity_ccp/SonraiSecurity_DCR.json
Solutions/SonraiSecurity/Data Connectors/SonraiSecurity_ccp/SonraiSecurity_Definition.json
Solutions/SonraiSecurity/Data Connectors/SonraiSecurity_ccp/SonraiSecurity_poller.json
Solutions/SonraiSecurity/Data Connectors/SonraiSecurity_ccp/SonraiSecurity_table.json
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_SonraiSecurity.json, createUiDefinition.json, mainTemplate.json)