What Changed

The BlueVoyant Anthropic Claude Compliance CCF connector has been updated from v1.0.0 to v1.0.1, with significant expansion of the DCR schema (BlueVoyantAnthropicClaudeCompliance_DCR.json) and table definition (BlueVoyantAnthropicClaudeCompliance_Table.json) to support the full breadth of activity types returned by the Claude Compliance API.

Security Impact (Visibility & Fidelity)

Prior to this update, the BV_ClaudeCompliance_ComplianceActivities_CL table lacked most activity-specific fields that the Claude Compliance API returns at the top level of event objects. Queries against this table would have returned null for any field not previously declared in the schema – meaning detections and hunting queries targeting activity-specific attributes (roles, permissions, auth methods, MFA, API keys, integrations, MCP server activity) were silently returning incomplete data.

Fields added (representative subset):

CategoryFields
Identity and Authuser_id, user_email, auth_method, mfa_method, provider, grant_type, session_id
Role Managementrole, role_id, role_name, current_role, previous_role, invited_role
API Keys and Tokensapi_key_id, api_key_name, admin_api_key_id, token_id, token_name
Access Controlmax_permission, access_level, scopes, principal_type, principal_id
Integrationsintegration_id, integration_type, mcp_server_id, mcp_server_name, plugin_id, plugin_name
Cryptographicsigning_key_id, certificate_id, certificate_fingerprint, algorithm
Decision/Statusdecision, action, status, reason, approved, enabled

request_body removed: This column has been deliberately dropped from the schema because the Claude Compliance API may include sensitive payload content in this field. Removing it prevents inadvertent ingestion and long-term retention of sensitive data in the Log Analytics workspace.

Detection Surface Impact

Environments running the v3.0.0 connector that want to build detections around role changes, API key lifecycle, MCP server configuration, authentication method changes, or access scope modifications now have the required fields available for KQL-based Analytic Rules and Hunting Queries. Any existing query referencing fields from this schema that were absent in v3.0.0 was previously returning nulls silently.

Affected Files

Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_ConnectorDefinition.json
Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_DCR.json
Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_Table.json
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_BlueVoyantAnthropicClaudeCompliance.json, mainTemplate.json)