What Changed

The SIGNL4 data connector definition (DerdackSIGNL4.json) has had its instructional text substantially reworked as part of a v3.0.1 compatibility update:

  • The connector is now explicitly described as a legacy connector — the recommended integration path is the SIGNL4 Microsoft Sentinel connector app documented at the vendor docs site.
  • The lengthy multi-step deployment procedure (PowerShell script, Azure AD app registration, Graph Security API permissions, Log Analytics workspace credential setup) has been removed in full from the UI instructions.
  • References to the Azure Graph Security API alert-read and incident-status-sync capabilities have been removed; the updated description simply describes a basic Azure Logic Apps Playbook template that triggers on new Microsoft Sentinel incident creation.
  • The external link has been updated from a blog post to official vendor documentation.

Packaging artefacts (mainTemplate.json, createUiDefinition.json, Solution_SIGNL4.json, 3.0.1.zip) reflect the version bump to 3.0.1 with no substantive configuration changes.

Security Impact

No detection logic, KQL, or DCR/ingestion configuration was changed. This is a documentation-only update to the connector setup UI. Operators already running the SIGNL4 integration are unaffected. New deployments following the refreshed instructions will be directed to the vendor-recommended connector app path rather than the now-removed Graph Security API credential flow.

Affected Files

Solutions/SIGNL4/Data Connectors/DerdackSIGNL4.json
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, Solution_SIGNL4.json, createUiDefinition.json, mainTemplate.json)