NordStellar CCF Push Connector: Real-time Threat Intelligence Integration Now Available

What Changed

Initial release of the NordStellar solution for Microsoft Sentinel, implementing a CCF Push connector that ingests real-time threat intelligence and exposure events. The connector creates a unified NordStellar_CL table with normalized common columns extracted via DCR KQL transform while preserving type-specific payloads.

Data Source

NordStellar is a comprehensive threat intelligence platform offering:

• Leaked Data monitoring (module: LEAKED_DATA): Data breaches, combo lists, malware infections, consumer credentials
• Dark Web Monitoring (module: DARK_WEB_MONITORING): Forum posts, Telegram posts, ransomware posts, marketplace posts
• Domain Squatting (module: DOMAIN_SQUATTING): Domain permutation/typosquatting detection
• Attack Surface (module: ATTACK_SURFACE): Web application, network service, and DNS vulnerabilities

Ingestion Mechanism

CCF Push connector with OAuth 2.0 client credentials authentication. Events flow via Azure Monitor Ingestion API to a single Custom-NordStellar stream with DCR KQL transform extracting common fields (EventId, EventType, Module, RiskLevel, AssetType, AssetValue, Tags) and preserving full event payload in dynamic Details column.

Detection Surface Unlocked

The unified table structure enables detection engineering across:

• Credential exposure monitoring: Query malware infections by stealer family, track combo lists affecting organizational domains
• Dark web threat hunting: Monitor ransomware group mentions, marketplace discussions targeting your organization
• Attack surface vulnerability management: Correlate CVSS3 >= 7 vulnerabilities with asset inventory
• Domain abuse detection: Identify typosquatting campaigns against organizational domains

No bundled detections included in initial release — organizations can develop KQL rules leveraging the standardized schema and type-specific Details payload fields.

Affected Files

Logos/NordStellar.svg
Solutions/NordStellar/Data Connectors/NordStellar_ccf/DCR.json
Solutions/NordStellar/Data Connectors/NordStellar_ccf/connectorDefinition.json
Solutions/NordStellar/Data Connectors/NordStellar_ccf/dataConnector.json
Solutions/NordStellar/Data Connectors/NordStellar_ccf/table.json
Solutions/NordStellar/Package/testParameters.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_NordStellar.json, createUiDefinition.json, mainTemplate.json)