What Changed
The BlueVoyant Anthropic Claude Compliance CCF connector has been updated from v1.0.0 to v1.0.1, with significant expansion of the DCR schema (BlueVoyantAnthropicClaudeCompliance_DCR.json) and table definition (BlueVoyantAnthropicClaudeCompliance_Table.json) to support the full breadth of activity types returned by the Claude Compliance API.
Security Impact (Visibility & Fidelity)
Prior to this update, the BV_ClaudeCompliance_ComplianceActivities_CL table lacked most activity-specific fields that the Claude Compliance API returns at the top level of event objects. Queries against this table would have returned null for any field not previously declared in the schema – meaning detections and hunting queries targeting activity-specific attributes (roles, permissions, auth methods, MFA, API keys, integrations, MCP server activity) were silently returning incomplete data.
Fields added (representative subset):
| Category | Fields |
|---|---|
| Identity and Auth | user_id, user_email, auth_method, mfa_method, provider, grant_type, session_id |
| Role Management | role, role_id, role_name, current_role, previous_role, invited_role |
| API Keys and Tokens | api_key_id, api_key_name, admin_api_key_id, token_id, token_name |
| Access Control | max_permission, access_level, scopes, principal_type, principal_id |
| Integrations | integration_id, integration_type, mcp_server_id, mcp_server_name, plugin_id, plugin_name |
| Cryptographic | signing_key_id, certificate_id, certificate_fingerprint, algorithm |
| Decision/Status | decision, action, status, reason, approved, enabled |
request_body removed: This column has been deliberately dropped from the schema because the Claude Compliance API may include sensitive payload content in this field. Removing it prevents inadvertent ingestion and long-term retention of sensitive data in the Log Analytics workspace.
Detection Surface Impact
Environments running the v3.0.0 connector that want to build detections around role changes, API key lifecycle, MCP server configuration, authentication method changes, or access scope modifications now have the required fields available for KQL-based Analytic Rules and Hunting Queries. Any existing query referencing fields from this schema that were absent in v3.0.0 was previously returning nulls silently.
Affected Files
Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_ConnectorDefinition.json
Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_DCR.json
Solutions/BlueVoyant Anthropic ClaudeCompliance/Data Connectors/BlueVoyantAnthropicClaudeCompliance_CCF/BlueVoyantAnthropicClaudeCompliance_Table.json
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_BlueVoyantAnthropicClaudeCompliance.json, mainTemplate.json)