What Changed

The ESET PROTECT Platform Function App connector received a dependency refresh in requirements.txt, bumping the internal MS-Sentinel integration version from 3.3.0 to 3.3.2 and pinning a new integration module git commit SHA (bc4e914 replacing 1a8bd44).

Contrary to a straightforward upgrade, several packages were downgraded relative to their previously pinned versions:

PackagePreviousNew
aiohttp3.13.43.9.5
azure-core1.38.01.30.2
cryptography48.0.043.0.1
cffi1.17.12.0.0
msal1.32.31.37.0

Per PR discussion, the prior versions were pushed by an automated bot and the ESET integration module requires compatibility with the older aiohttp==3.9.5 pin. The downgrade appears driven by the upstream integration module dependency tree, not a deliberate security decision.

Security Impact

cryptography 48.0.0 to 43.0.1: This is a meaningful rollback. The cryptography library has had multiple CVEs and security advisories between versions 43 and 48. Operators should run pip-audit against the pinned requirements.txt to confirm no known vulnerabilities apply to the 43.0.1 target. No CVE exemption was documented in the PR.

azure-core 1.38.0 to 1.30.2: A significant downgrade of the Azure SDK core library. Verify the installed version is not affected by any Azure SDK advisories.

aiohttp 3.13.4 to 3.9.5: Per PR discussion, this downgrade is intentional for compatibility with the upstream integration module. aiohttp has had security fixes in the 3.9.x-3.13.x range; CVE relevance unverified - review release notes for aiohttp versions between 3.9.5 and 3.13.4.

The integration module itself moved to a new git commit SHA without a pinned version tag, making it difficult to audit the change surface through standard package advisory databases.

No detection logic or data ingestion pipeline changes were made - only the Function App runtime dependency set and a minor code cleanup (removal of a type: ignore comment).

Affected Files

Solutions/ESET Protect Platform/Data Connectors/ESETProtectPlatform_API_FunctionApp.json
Solutions/ESET Protect Platform/Data Connectors/function_app.py
Solutions/ESET Protect Platform/Data Connectors/main_sentinel.py
Solutions/ESET Protect Platform/Data Connectors/requirements.txt
(packaging artefacts: FunctionAppESETProtectPlatform.zip)