Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring

What Changed

Complete architectural overhaul of the Akamai Guardicore solution migrating from Azure Functions to Codeless Connector Framework (CCF), eliminating custom compute while preserving all microsegmentation monitoring capabilities.

New CCF Architecture

• Data Collection: 4 RestApiPoller instances using OAuth2 client-credentials authentication
• Ingestion: Direct Logs Ingestion API via DCR (no workspace shared key required)
• Tables: Unchanged names preserve existing workbook/detection compatibility
  • GuardicoreAgents_CL
  • GuardicoreAssets_CL
  • GuardicoreApplications_CL
  • GuardicorePolicyRules_CL

Enhanced Playbook System

Incident enrichment now runs entirely on Logic Apps Consumption without Function App dependencies:

• Trigger: Guardicore-ProcessIncidentEnrichment (incident creation)
• Runner: Guardicore-EnrichmentRunner (2-minute recurrence)
• Storage: Azure Storage Table queue with 5-minute slot deduplication
• Output: GuardicoreEnrichingConnections_CL and GuardicoreProcessedIncidents_CL tables

Security Operations Impact

This update provides enterprise network microsegmentation visibility without infrastructure management overhead:

• Zero-trust network posture monitoring via Guardicore Centra policy rules
• Network connection analysis for incident investigation
• Asset inventory and segmentation compliance tracking
• Workload protection analytics through 2 bundled workbooks

Migration Requirements

One-way migration requires table conversion from Custom Logs (DCR-less) to DCR-based using az monitor commands. Shared workspace key permissions no longer required - solution operates with standard workspace Read/Write/Delete permissions only.

Operational Benefits

• Eliminated Function App scaling, patching, and monitoring overhead
• Reduced attack surface with managed CCF runtime
• Simplified credential management through connector tile configuration
• Preserved workbook and detection content with unchanged table schemas

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/GuardicoreAgents_CL.json
.script/tests/KqlvalidationsTests/CustomTables/GuardicoreApplications_CL.json
.script/tests/KqlvalidationsTests/CustomTables/GuardicoreAssets_CL.json
.script/tests/KqlvalidationsTests/CustomTables/GuardicoreEnrichingConnections_CL.json
.script/tests/KqlvalidationsTests/CustomTables/GuardicorePolicyRules_CL.json
.script/tests/KqlvalidationsTests/CustomTables/GuardicoreProcessedIncidents_CL.json
Logos/akamai-guardicore.svg
Sample Data/AkamaiGuardicoreAgent.json
Sample Data/AkamaiGuardicoreApplication.json
Sample Data/AkamaiGuardicoreAsset.json
Sample Data/AkamaiGuardicoreConnection.json
Sample Data/AkamaiGuardicorePolicyRules.json
Sample Data/AkamaiGuardicoreProcessedIncident.json
Solutions/Akamai Guardicore/Data Connectors/AkamaiGuardicoreLogs_ccp/AkamaiGuardicore_ConnectorDefinition.json
Solutions/Akamai Guardicore/Data Connectors/AkamaiGuardicoreLogs_ccp/AkamaiGuardicore_DCR.json
Solutions/Akamai Guardicore/Data Connectors/AkamaiGuardicoreLogs_ccp/AkamaiGuardicore_PollingConfig.json
Solutions/Akamai Guardicore/Data Connectors/AkamaiGuardicoreLogs_ccp/AkamaiGuardicore_Tables.json
Solutions/Akamai Guardicore/Data Connectors/AkamaiGuardicoreLogs_ccp/README.md
Solutions/Akamai Guardicore/Package/testParameters.json
Solutions/Akamai Guardicore/Playbooks/AkamaiGuardicoreEnrichment_dcr/AkamaiGuardicoreEnrichment_DCR.json
Solutions/Akamai Guardicore/Playbooks/AkamaiGuardicoreEnrichment_dcr/AkamaiGuardicoreEnrichment_Storage.json
Solutions/Akamai Guardicore/Playbooks/AkamaiGuardicoreEnrichment_dcr/AkamaiGuardicoreEnrichment_Tables.json
Solutions/Akamai Guardicore/Playbooks/Guardicore-EnrichmentRunner/azuredeploy.json
Solutions/Akamai Guardicore/Playbooks/Guardicore-ProcessIncidentEnrichment/azuredeploy.json
Solutions/Akamai Guardicore/Playbooks/README.md
Solutions/Akamai Guardicore/Playbooks/azuredeploy.json
Solutions/Akamai Guardicore/Workbooks/GuardicoreIncident.json
Solutions/Akamai Guardicore/Workbooks/GuardicoreInfo.json
Solutions/Akamai Guardicore/Workbooks/Images/Preview/GuardicoreNotebookBlack.png
Solutions/Akamai Guardicore/Workbooks/Images/Preview/GuardicoreNotebookBlack2.png
Solutions/Akamai Guardicore/Workbooks/Images/Preview/GuardicoreNotebookWhite.png
Solutions/Akamai Guardicore/Workbooks/Images/Preview/GuardicoreNotebookWhite2.png
Solutions/Akamai Guardicore/Workbooks/Images/Preview/IncidentAnalysisBlack.png
Solutions/Akamai Guardicore/Workbooks/Images/Preview/IncidentAnalysisWhite.png
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_AkamaiGuardicore.json, createUiDefinition.json, mainTemplate.json)