Merge pull request Azure#12995 from mhebrard-bigid/bigid-ccf-updates

BigID CCF Connector UserToken based auth

Author: v-dvedak

Solutions/BigID/Data Connectors/BigIDDSPMLogs_ccp/BigIDDSPMLogs_PollerConfig.json

@@ -14,11 +14,13 @@
       },
       "dataType": "BigIDDSPMCatalog_CL",
       "auth": {
-        "type": "APIKey",
-        "ApiKey": "{{bigidToken}}",
-        "ApiKeyName": "Authorization",
-        "ApiKeyIdentifier": "",
-        "isApiKeyInPostPayload": false
+        "type": "JwtToken",
+        "UserToken": "{{bigidToken}}",
+        "UserTokenPrepend": "",
+        "TokenEndpoint": "https://{{bigidFqdn}}/api/v1/refresh-access-token",
+        "TokenEndpointHttpMethod": "GET",
+        "NoAccessTokenPrepend": true,
+        "JwtTokenJsonPath": "$.systemToken"
       },
       "request": {
         "apiEndpoint": "https://{{bigidFqdn}}/api/v1/actionable-insights/all-cases",
@@ -29,7 +31,7 @@
         "timeoutInSeconds": 10,
         "headers": {
           "Accept": "application/json",
-          "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+          "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (all-cases)"
         }
       },
       "response": {
@@ -49,54 +51,59 @@
       "stepInfo": {
         "stepType": "Nested",
         "nextSteps": [
-          {
-            "stepId": "fetchObjectsDetails",
-            "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName, policyName = res.policyName"
-          },
           {
             "stepId": "fetchDataSourceDetails",
-            "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName"
+            "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName, policyName = res.policyName"
           }
         ]
       },
       "stepCollectorConfigs": {
-        "fetchObjectsDetails": {
+        "fetchDataSourceDetails": {
           "shouldJoinNestedData": true,
-          "joinedDataStepName": "affectedObjects",
+          "joinedDataStepName": "datasource",
+          "stepInfo": {
+            "stepType": "Nested",
+            "nextSteps": [
+              {
+                "stepId": "fetchObjectsDetails",
+                "stepPlaceholdersParsingKql": "source"
+              }
+            ]
+          },
           "request": {
             "httpMethod": "GET",
-            "apiEndpoint": "https://{{bigidFqdn}}/api/v1/data-catalog/",
+            "apiEndpoint": "https://{{bigidFqdn}}/api/v1/ds_connections/$dataSourceName$",
             "queryParameters": {
-              "limit": 32,
-              "requireTotalCount": "true",
-              "filter": "SYSTEM = \"$dataSourceName$\" AND policy IN (\"$policyName$\")"
+              "withoutCredentialValue": "true"
             },
             "headers": {
               "Accept": "application/json",
-              "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+              "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (datasources)"
             }
           },
           "response": {
-            "eventsJsonPaths": ["$.results"],
+            "eventsJsonPaths": ["$.ds_connection"],
             "format": "json"
           }
         },
-        "fetchDataSourceDetails": {
+        "fetchObjectsDetails": {
           "shouldJoinNestedData": true,
-          "joinedDataStepName": "datasource",
+          "joinedDataStepName": "affectedObjects",
           "request": {
             "httpMethod": "GET",
-            "apiEndpoint": "https://{{bigidFqdn}}/api/v1/ds_connections/$dataSourceName$",
+            "apiEndpoint": "https://{{bigidFqdn}}/api/v1/data-catalog/",
             "queryParameters": {
-              "withoutCredentialValue": "true"
+              "limit": 32,
+              "requireTotalCount": "true",
+              "filter": "SYSTEM = \"$dataSourceName$\" AND policy IN (\"$policyName$\")"
             },
             "headers": {
               "Accept": "application/json",
-              "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+              "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (data-catalog)"
             }
           },
           "response": {
-            "eventsJsonPaths": ["$.ds_connection"],
+            "eventsJsonPaths": ["$.results"],
             "format": "json"
           }
         }

Solutions/BigID/Package/3.0.0.zip

@@ -544,11 +544,13 @@
                 },
                 "dataType": "BigIDDSPMCatalog_CL",
                 "auth": {
-                  "type": "APIKey",
-                  "ApiKey": "[[parameters('bigidToken')]",
-                  "ApiKeyName": "Authorization",
-                  "ApiKeyIdentifier": "",
-                  "isApiKeyInPostPayload": false
+                  "type": "JwtToken",
+                  "UserToken": "[[parameters('bigidToken')]",
+                  "UserTokenPrepend": "",
+                  "TokenEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/refresh-access-token')]",
+                  "TokenEndpointHttpMethod": "GET",
+                  "NoAccessTokenPrepend": true,
+                  "JwtTokenJsonPath": "$.systemToken"
                 },
                 "request": {
                   "apiEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/actionable-insights/all-cases')]",
@@ -559,7 +561,7 @@
                   "timeoutInSeconds": 10,
                   "headers": {
                     "Accept": "application/json",
-                    "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+                    "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (all-cases)"
                   }
                 },
                 "response": {
@@ -579,57 +581,62 @@
                 "stepInfo": {
                   "stepType": "Nested",
                   "nextSteps": [
-                    {
-                      "stepId": "fetchObjectsDetails",
-                      "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName, policyName = res.policyName"
-                    },
                     {
                       "stepId": "fetchDataSourceDetails",
-                      "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName"
+                      "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project dataSourceName = res.dataSourceName, policyName = res.policyName"
                     }
                   ]
                 },
                 "stepCollectorConfigs": {
-                  "fetchObjectsDetails": {
+                  "fetchDataSourceDetails": {
                     "shouldJoinNestedData": true,
-                    "joinedDataStepName": "affectedObjects",
+                    "joinedDataStepName": "datasource",
+                    "stepInfo": {
+                      "stepType": "Nested",
+                      "nextSteps": [
+                        {
+                          "stepId": "fetchObjectsDetails",
+                          "stepPlaceholdersParsingKql": "source"
+                        }
+                      ]
+                    },
                     "request": {
                       "httpMethod": "GET",
-                      "apiEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/data-catalog/')]",
+                      "apiEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/ds_connections/$dataSourceName$')]",
                       "queryParameters": {
-                        "limit": 32,
-                        "requireTotalCount": "true",
-                        "filter": "SYSTEM = \"$dataSourceName$\" AND policy IN (\"$policyName$\")"
+                        "withoutCredentialValue": "true"
                       },
                       "headers": {
                         "Accept": "application/json",
-                        "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+                        "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (datasources)"
                       }
                     },
                     "response": {
                       "eventsJsonPaths": [
-                        "$.results"
+                        "$.ds_connection"
                       ],
                       "format": "json"
                     }
                   },
-                  "fetchDataSourceDetails": {
+                  "fetchObjectsDetails": {
                     "shouldJoinNestedData": true,
-                    "joinedDataStepName": "datasource",
+                    "joinedDataStepName": "affectedObjects",
                     "request": {
                       "httpMethod": "GET",
-                      "apiEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/ds_connections/$dataSourceName$')]",
+                      "apiEndpoint": "[[concat('https://',parameters('bigidFqdn'),'/api/v1/data-catalog/')]",
                       "queryParameters": {
-                        "withoutCredentialValue": "true"
+                        "limit": 32,
+                        "requireTotalCount": "true",
+                        "filter": "SYSTEM = \"$dataSourceName$\" AND policy IN (\"$policyName$\")"
                       },
                       "headers": {
                         "Accept": "application/json",
-                        "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector"
+                        "User-Agent": "BigID-MSFT-Sentinel-CCF-Connector (data-catalog)"
                       }
                     },
                     "response": {
                       "eventsJsonPaths": [
-                        "$.ds_connection"
+                        "$.results"
                       ],
                       "format": "json"
                     }

Solutions/BigID/Package/mainTemplate.json

@@ -1,3 +1,3 @@
  **Version** | **Date Modified (DD-MM-YYYY)**| **ChangeHistory**                                                                         |
 |------------|-------------------------------|-------------------------------------------------------------------------------------------|
-| 3.0.0      | 07-10-2025                    | First version of a BigID DSPM CCF Connector                                               |
+| 3.0.0      | 15-10-2025    | First version of a BigID DSPM CCF Connector. <br/> BigID DSPM CCF Connector now using JWT user token authentication |

Solutions/BigID/ReleaseNotes.md

@@ -1134,10 +1134,29 @@ function CreateRestApiPollerResourceProperties($armResource, $templateContentCon
     }
     elseif ($armResource.properties.auth.type.ToLower() -eq 'jwttoken')
     {
-        ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth.userName -propertyName 'value' -isInnerObject $true -innerObjectName 'userName' -kindType $kindType -isSecret $false -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
+        # Check for userName.value format OR UserToken format
+        $hasUserName = $armResource.properties.auth.userName -and $armResource.properties.auth.userName.value
+        $hasPassword = $armResource.properties.auth.password -and $armResource.properties.auth.password.value
+        $hasUserToken = $armResource.properties.auth.UserToken
 
-        ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth.password -propertyName 'value' -isInnerObject $true -innerObjectName 'password' -kindType $kindType -isSecret $true -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
+        if ($hasUserName -and $hasPassword) {
+            Write-Host "Processing userName+password format for JwtToken auth."
+            # Process userName.value format
+            ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth.userName -propertyName 'value' -isInnerObject $true -innerObjectName 'userName' -kindType $kindType -isSecret $false -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
+            ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth.password -propertyName 'value' -isInnerObject $true -innerObjectName 'password' -kindType $kindType -isSecret $true -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
 
+        }
+        elseif ($hasUserToken) {
+            Write-Host "Processing UserToken format for JwtToken auth."
+            # Process UserToken format
+            ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth -propertyName 'UserToken' -isInnerObject $true -innerObjectName 'auth' -kindType $kindType -isSecret $true -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
+        }
+        else {
+            Write-Host "Error: For kind $kindType with JwtToken auth, either 'userName.value' + 'password.value' or 'UserToken' is required." -BackgroundColor Red
+            exit 1;
+        }
+
+        # TokenEndpoint is required for both formats
         ProcessPropertyPlaceholders -armResource $armResource -templateContentConnections $templateContentConnections -isOnlyObjectCheck $false -propertyObject $armResource.properties.auth -propertyName 'TokenEndpoint' -isInnerObject $true -innerObjectName 'auth' -kindType $kindType -isSecret $false -isRequired $true -fileType $fileType -minLength 4 -isCreateArray $false
     }
     else {
@@ -1177,13 +1196,31 @@ function CreateRestApiPollerResourceProperties($armResource, $templateContentCon
         else {
             Write-Host "Warning: 'stepInfo' object is missing 'nextSteps' array."
         }
+    }
 
-        if ($stepIds.Count -gt 0) {
-            $stepIdsString = $stepIds -join ', '
-            Write-Host "List of identified 'stepId' in 'stepInfo' are: $stepIdsString"
+    # Also collect stepIds from nested stepCollectorConfigs
+    $hasStepCollectorConfigs = [bool]($armResource.properties.PSobject.Properties.name -match "stepCollectorConfigs")
+    if ($hasStepCollectorConfigs) {
+        foreach ($stepConfig in $armResource.properties.stepCollectorConfigs.PSObject.Properties) {
+            $stepConfigName = $stepConfig.Name
+            $stepConfigValue = $stepConfig.Value
+
+            # Check if this step has nested nextSteps
+            if ($stepConfigValue.stepInfo -and $stepConfigValue.stepInfo.nextSteps) {
+                foreach ($nestedStep in $stepConfigValue.stepInfo.nextSteps) {
+                    if ($stepIds -notcontains $nestedStep.stepId) {
+                        $stepIds += $nestedStep.stepId
+                    }
+                }
+            }
         }
     }
 
+    if ($stepIds.Count -gt 0) {
+        $stepIdsString = $stepIds -join ', '
+        Write-Host "List of identified 'stepId' in 'stepInfo' are: $stepIdsString"
+    }
+
     # stepCollectorConfigs placeholder
     $hasStepCollectorConfigs = [bool]($armResource.properties.PSobject.Properties.name -match "stepCollectorConfigs")
     if ($hasStepCollectorConfigs) {