What Changed

New CCF (Codeless Connector Framework) connector for MuleSoft CloudHub alerts, expanding the existing logs-only solution to include alert monitoring. The update consolidates three data sources (legacy logs, new CCF logs, CCF alerts) into a unified parser function.

Data Source

MuleSoft CloudHub Alerts API: Ingests alert notifications from MuleSoft’s cloud platform via CloudHub REST API v2. Supports multi-region deployments (US Commercial, EU Cloud, Government Cloud, on-premises) and multi-environment connections.

Ingestion Mechanism

CCF-based connector using DCR (Data Collection Rule) ingestion to MulesoftCloudhubAlerts_CL table. Configured with polling API, authentication via Anypoint Platform credentials, and environment ID targeting.

Parser Impact

Updated MuleSoftCloudhub parser now unifies three data sources through view consolidation:

  • Legacy MuleSoft_Cloudhub_CL (existing logs)
  • New MuleSoftCloudhubLogs_CL (CCF logs stream)
  • New MulesoftCloudhubAlerts_CL (CCF alerts stream)

All streams normalize to consistent field schema including EventSeverity, OrganizationId, EnvironmentId, and EventResult for cross-stream detection queries.

Detection Surface Unlocked

DevOps security monitoring gains visibility into:

  • Application deployment failures and configuration errors
  • Resource constraint alerts (CPU, memory, bandwidth) indicating potential DoS conditions
  • Environment-level security policy violations
  • System vs custom alert categorization for threat hunting

Complements existing log data with structured alert metadata for correlation-based detection of application infrastructure compromise.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/Mulesoft_MuleSoftCloudhubLogs_KqlValidation.json
.script/tests/KqlvalidationsTests/CustomTables/Mulesoft_MulesoftCloudhubAlerts_KqlValidation.json
Solutions/Mulesoft/Data Connectors/MulesoftCloudHubAlerts_CCF/MuleSoftCloudHubAlerts_ConnectorDefinition.json
Solutions/Mulesoft/Data Connectors/MulesoftCloudHubAlerts_CCF/MulesoftCloudHubAlerts_DCR.json
Solutions/Mulesoft/Data Connectors/MulesoftCloudHubAlerts_CCF/MulesoftCloudHubAlerts_PollingConfig.json
Solutions/Mulesoft/Data Connectors/MulesoftCloudHubAlerts_CCF/table_MulesoftCloudhubAlerts.json
Solutions/Mulesoft/Parsers/MuleSoftCloudhub.yaml
Solutions/Mulesoft/Parsers/parser_MuleSoftCloudhubLogsAliasFunction.json
(packaging artefacts: 3.1.0.zip, ReleaseNotes.md, Solution_Mulesoft.json, createUiDefinition.json, mainTemplate.json)