Skip to content

Comments

Solution: Cyren Defender Threat Intelligence (Official)#13656

Open
mazamizo21 wants to merge 3 commits intoAzure:masterfrom
Data443:feature/cyren-defender-ti-v3.0.1
Open

Solution: Cyren Defender Threat Intelligence (Official)#13656
mazamizo21 wants to merge 3 commits intoAzure:masterfrom
Data443:feature/cyren-defender-ti-v3.0.1

Conversation

@mazamizo21
Copy link
Contributor

@mazamizo21 mazamizo21 commented Feb 19, 2026

New Solution: Cyren-Defender-ThreatIntelligence v3.0.1

Overview

This solution deploys a Logic App playbook that syncs Cyren threat intelligence indicators (IP reputation and malware URLs) to Microsoft Defender for Endpoint via the Microsoft Sentinel TI API.

Solution Details

  • Publisher: Data443 Risk Mitigation, Inc.
  • Solution ID: data443riskmitigationinc1761580347231.azure-sentinel-solution-cyren-defender-ti
  • Version: 3.0.1
  • Type: Playbook (Logic App)

Resources Deployed

Resource Type Purpose
Logic App Microsoft.Logic/workflows Polls Cyren feeds → pushes indicators to Sentinel TI
Role Assignment Sentinel Contributor Logic App managed identity → workspace
Storage Account Microsoft.Storage/storageAccounts PersistentToken blob storage for delta polling

Files (10)

File Purpose
Package/mainTemplate.json ARM template with contentTemplates + contentPackages
Package/createUiDefinition.json Deployment UI definition
Package/3.0.1.zip Current version package
Package/1.0.0.zip, 1.0.1.zip Previous versions (preserved per policy)
Playbooks/CyrenToDefenderTI_Playbook.json Standalone playbook template
Data/Solution_CyrenDefenderTI.json Solution metadata
SolutionMetadata.json Solution metadata
ReleaseNotes.md Version history
Package/testParameters.json Test parameters

Relationship to Existing Solutions

This is the Cyren-branded version of the existing TacitRed-Defender-ThreatIntelligence solution (PR #13266, merged). Both use the same architecture but connect to different threat intelligence feeds:

  • TacitRed → TacitRed API (compromised credentials, domains)
  • Cyren → Cyren CCF feeds (IP reputation, malware URLs, phishing URLs)

Partner Center

  • Offer ID: azure-sentinel-solution-cyren-defender-ti
  • Publisher: data443riskmitigationinc1761580347231

@mazamizo21
feat: Add Cyren-Defender-ThreatIntelligence Content Hub solution v3.0.1
ced28a9 
V3 packaged solution with playbook for Microsoft Sentinel Content Hub.
@mazamizo21 mazamizo21 requested review from a team as code owners February 19, 2026 14:40
@v-shukore v-shukore added the New Solution For new Solutions which are new to Microsoft Sentinel label Feb 20, 2026
@mazamizo21
fix(Cyren-Defender): Fix ARM-TTK and branding validation failures
2a39f21 
- Remove unreferenced variables: TemplateEmptyArray, workspaceResourceId
- Fix branding: 'Sentinel TI' -> 'Microsoft Sentinel TI' (rule 300.4.1.1)
- Rebuild 3.0.1.zip
@v-maheshbh
Copy link
Contributor

v-maheshbh commented Feb 23, 2026

Hi @mazamizo21

Kindly package this as a new solution with version 3.0.0 and update the correct release notes.

Thanks!

@mazamizo21
fix(cyren-defender): repackage as v3.0.0 per reviewer request
e1367c7 
Mahesh (v-maheshbh) requested packaging as v3.0.0 with correct release notes.

Changes:
- Bump _solutionVersion from 3.0.1 → 3.0.0 in mainTemplate.json
- Bump Version from 3.0.1 → 3.0.0 in Solution_CyrenDefenderTI.json
- Replace Package/3.0.1.zip with Package/3.0.0.zip (mainTemplate + createUiDefinition)
- Add comprehensive v3.0.0 release notes (NDJSON fix, feedId camelCase, PersistentToken, MI auth, Sentinel tags)
- Add v1.0.1 release notes entry (ARM template fixes from previous review cycle)
@mazamizo21
Copy link
Contributor Author

mazamizo21 commented Feb 23, 2026

Hi @v-maheshbh,

Done — repackaged as v3.0.0 per your request.

Changes made:

  • _solutionVersion bumped from 3.0.1 → 3.0.0 in mainTemplate.json
  • Version field updated to 3.0.0 in Solution_CyrenDefenderTI.json
  • Package/3.0.1.zip replaced with Package/3.0.0.zip (mainTemplate.json + createUiDefinition.json)
  • ReleaseNotes.md updated with:
    • v3.0.0 entry covering all major changes (NDJSON fix, feedId camelCase correction, PersistentToken pagination, managed identity auth, hidden Sentinel tags)
    • v1.0.1 entry covering previous ARM template fixes

Please let me know if any further changes are needed.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@v-maheshbh v-maheshbh

Labels

New Solution For new Solutions which are new to Microsoft Sentinel

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mazamizo21 @v-maheshbh @v-shukore