New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

Data Source

Panorays is a third-party and supply chain cyber risk management platform. This connector polls the Panorays REST API at endpoint /v2/findings to retrieve company security findings – structured assessments of attack surface exposure, vendor risk scoring, and associated CVEs across monitored assets.

Ingestion Mechanism

• Mechanism: CCF (Codeless Connector Framework) with REST API polling (Bearer token auth)
• Polling: GET /v2/findings with cursor-based pagination (NextPageToken via jsonpath pagination.nextCursor), 100 records per page, rate limited to 10 QPS
• DCR stream: Custom-PanoraysCompanyFindings_API transformed and written to Custom-PanoraysCompanyFindingPOC_CL
• Target table: PanoraysCompanyFindingPOC_CL (custom Log Analytics table)
• Auth: API key passed as Authorization Bearer header

The DCR transformKql projects: TimeGenerated (from insert_ts), Status, FindingKey, Metadata, CVEs, AssetName, Category, SubCategory, TestText, InsertTimestamp, UpdateTimestamp, TestName, Segments.

Detection Surface Unlocked

With Panorays findings ingested into PanoraysCompanyFindingPOC_CL, SOC and vendor risk teams can:

• Alert on new high-severity findings or CVE-tagged asset exposures from monitored third parties
• Correlate CVEs field values against active exploit intelligence (e.g., join with ThreatIntelligenceIndicator)
• Track remediation velocity by diffing status transitions over time
• Build watchlists or Analytic Rules around specific category/sub_category finding types (e.g., open ports, TLS misconfigurations, exposed services)

No bundled Analytic Rules or Hunting Queries are included in this initial release – detection coverage must be built by the deploying team against the custom table.

Deployment Notes

• Requires a valid Panorays API Token (configured as secureString in the ARM template)
• The PanoraysSelfFindings_DeployInstance.json template provisions: DCE, custom table schema, ConnectorDefinition, DCR, and connector instance as a full standalone deployment
• Default API base URL is https://api.panoraysapp.com (configurable via parameter)
• Solution version: 3.0.0 (initial release)

Affected Files

Solutions/Panorays/Data Connectors/PanoraysSelfFindings_ccf/PanoraysSelfFindings_ConnectorDefinition.json
Solutions/Panorays/Data Connectors/PanoraysSelfFindings_ccf/PanoraysSelfFindings_DCR.json
Solutions/Panorays/Data Connectors/PanoraysSelfFindings_ccf/PanoraysSelfFindings_DeployInstance.json
Solutions/Panorays/Data Connectors/PanoraysSelfFindings_ccf/PanoraysSelfFindings_PollerConfig.json
Solutions/Panorays/Data Connectors/PanoraysSelfFindings_ccf/PanoraysSelfFindings_Table.json
Solutions/Panorays/Data Connectors/requirements.txt
Solutions/Panorays/Data/Panorays_Input.json
Solutions/Panorays/Package/testParameters.json
Solutions/Panorays/patch-package.sh
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, createUiDefinition.json, mainTemplate.json)