Skip to content

Add Island V2 CCP data connector with DCR-based ingestion #13634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
v-atulyadav merged 4 commits into from
Feb 25, 2026
Merged

Add Island V2 CCP data connector with DCR-based ingestion #13634

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5730d68
Add Island V2 CCP data connector and update connector descriptions
island-iddowax Feb 16, 2026
23b541b
Update base path
island-iddowax Feb 24, 2026
2f35f0f
Update Solution_Island.json
v-shukore Feb 25, 2026
c7877ff
Update ReleaseNotes.md
v-shukore Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Solutions/Island/Data Connectors/IslandAdminAPIConnector.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@
"kind": "APIPolling",
"properties": {
"connectorUiConfig": {
"title": "Island Enterprise Browser Admin Audit (Polling CCP)",
"title": "Island Enterprise Browser Admin Audit (Legacy)",
"id":"Island_Admin_Polling",
"publisher": "Island",
"descriptionMarkdown": "The [Island](https://www.island.io) Admin connector provides the capability to ingest Island Admin Audit logs into Microsoft Sentinel.",
"descriptionMarkdown": "This is a legacy connector and is no longer recommended. Please use the **Island Enterprise Browser V2 Event Collector (Using CCF)** connector instead, which supports all Island event types.",
"graphQueriesTableName": "Island_Admin_CL",
"graphQueries": [
{
Expand Down Expand Up @@ -75,7 +75,7 @@
"instructionSteps": [
{
"title": "Connect Island to Microsoft Sentinel",
"description": "Provide the Island API URL and Key. API URL is https://management.island.io/api/external/v1/adminActions for US or https://eu.management.island.io/api/external/v1/adminActions for EU.\n Generate the API Key in the Management Console under Settings > API.",
"description": "This is a legacy connector. For full setup instructions, refer to the [official Island documentation](https://documentation.island.io/docs/configure-the-microsoft-sentinel-integration) (requires login to the Island Management Console).",
"instructions": [
{
"parameters": {
Expand Down
6 changes: 3 additions & 3 deletions Solutions/Island/Data Connectors/IslandUserAPIConnector.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@
"kind": "APIPolling",
"properties": {
"connectorUiConfig": {
"title": "Island Enterprise Browser User Activity (Polling CCP)",
"title": "Island Enterprise Browser User Activity (Legacy)",
"id":"Island_User_Polling",
"publisher": "Island",
"descriptionMarkdown": "The [Island](https://www.island.io) connector provides the capability to ingest Island User Activity logs into Microsoft Sentinel.",
"descriptionMarkdown": "This is a legacy connector and is no longer recommended. Please use the **Island Enterprise Browser V2 Event Collector (Using CCF)** connector instead, which supports all Island event types.",
"graphQueriesTableName": "Island_User_CL",
"graphQueries": [
{
Expand Down Expand Up @@ -75,7 +75,7 @@
"instructionSteps": [
{
"title": "Connect Island to Microsoft Sentinel",
"description": "Provide the Island API URL and Key. API URL is https://management.island.io/api/external/v1/timeline for US or https://eu.management.island.io/api/external/v1/timeline for EU.\n Generate the API Key in the Management Console under Settings > API.",
"description": "This is a legacy connector. For full setup instructions, refer to the [official Island documentation](https://documentation.island.io/docs/configure-the-microsoft-sentinel-integration) (requires login to the Island Management Console).",
"instructions": [
{
"parameters": {
Expand Down
302 changes: 302 additions & 0 deletions Solutions/Island/Data Connectors/IslandV2_CCP/IslandV2_DCR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,302 @@
[{
"name": "IslandV2-DCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "{{location}}",
"properties": {
"streamDeclarations": {
"Custom-IslandV2": {
"columns": [
{
"name": "source",
"type": "string"
},
{
"name": "tenant_id",
"type": "string"
},
{
"name": "id",
"type": "string"
},
{
"name": "timestamp",
"type": "datetime"
},
{
"name": "user_id",
"type": "string"
},
{
"name": "device_id",
"type": "string"
},
{
"name": "device_domains",
"type": "dynamic"
},
{
"name": "client_event_id",
"type": "string"
},
{
"name": "user_name",
"type": "string"
},
{
"name": "email",
"type": "string"
},
{
"name": "type",
"type": "string"
},
{
"name": "verdict",
"type": "string"
},
{
"name": "verdict_reason",
"type": "string"
},
{
"name": "processed_date",
"type": "datetime"
},
{
"name": "top_level_url",
"type": "string"
},
{
"name": "country",
"type": "string"
},
{
"name": "region",
"type": "string"
},
{
"name": "url_web_categories",
"type": "dynamic"
},
{
"name": "saas_application_name",
"type": "string"
},
{
"name": "saas_application_category",
"type": "string"
},
{
"name": "url_web_reputation",
"type": "int"
},
{
"name": "url_reputation_level",
"type": "string"
},
{
"name": "tab_id",
"type": "string"
},
{
"name": "session_id",
"type": "string"
},
{
"name": "rule_id",
"type": "string"
},
{
"name": "rule_name",
"type": "string"
},
{
"name": "screenshot_file_name",
"type": "string"
},
{
"name": "screenshot_url",
"type": "string"
},
{
"name": "keystrokes",
"type": "boolean"
},
{
"name": "details",
"type": "dynamic"
},
{
"name": "incognito",
"type": "boolean"
},
{
"name": "submitted_url",
"type": "string"
},
{
"name": "source_ip",
"type": "string"
},
{
"name": "public_ip",
"type": "string"
},
{
"name": "machine_name",
"type": "string"
},
{
"name": "matched_device_posture",
"type": "dynamic"
},
{
"name": "device_posture_matching_details",
"type": "dynamic"
},
{
"name": "country_code",
"type": "string"
},
{
"name": "window_id",
"type": "string"
},
{
"name": "is_island_private_access",
"type": "boolean"
},
{
"name": "short_top_level_url",
"type": "string"
},
{
"name": "website_top_level_url",
"type": "string"
},
{
"name": "frame_url",
"type": "string"
},
{
"name": "compatibility_mode",
"type": "boolean"
},
{
"name": "os_user_name",
"type": "string"
},
{
"name": "machine_id",
"type": "string"
},
{
"name": "os_platform",
"type": "string"
},
{
"name": "saas_application_id",
"type": "string"
},
{
"name": "lineage_ids",
"type": "dynamic"
},
{
"name": "origin",
"type": "string"
},
{
"name": "entity_type",
"type": "string"
},
{
"name": "action",
"type": "string"
},
{
"name": "audit_type",
"type": "string"
},
{
"name": "original_value",
"type": "string"
},
{
"name": "new_value",
"type": "string"
},
{
"name": "entity_name",
"type": "string"
},
{
"name": "entity_id",
"type": "string"
},
{
"name": "category",
"type": "string"
},
{
"name": "sub_category",
"type": "string"
},
{
"name": "severity",
"type": "string"
},
{
"name": "primary_entity_id",
"type": "string"
},
{
"name": "primary_entity_name",
"type": "string"
}
]
}
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "{{workspaceResourceId}}",
"name": "islandv2-dest"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-IslandV2"
],
"destinations": [
"islandv2-dest"
],
"transformKql": "source | where source == 'BrowserAudit' | extend TimeGenerated = todatetime(timestamp), EventId = toguid(id), IslandTenantId = tenant_id, UserId = user_id, DeviceId = toguid(device_id), DeviceDomains = device_domains, ClientEventId = toguid(client_event_id), UserName = user_name, Email = email, EventType = type, Verdict = verdict, VerdictReason = verdict_reason, ProcessedDate = todatetime(processed_date), TopLevelUrl = top_level_url, Country = country, Region = region, UrlWebCategories = url_web_categories, SaasApplicationName = saas_application_name, SaasApplicationCategory = saas_application_category, UrlWebReputation = url_web_reputation, UrlReputationLevel = url_reputation_level, TabId = tab_id, SessionId = session_id, RuleId = rule_id, RuleName = rule_name, ScreenshotFileName = screenshot_file_name, ScreenshotUrl = screenshot_url, Keystrokes = keystrokes, Details = details, Incognito = incognito, SubmittedUrl = submitted_url, SourceIp = source_ip, PublicIp = public_ip, MachineName = machine_name, MatchedDevicePosture = matched_device_posture, DevicePostureMatchingDetails = device_posture_matching_details, CountryCode = country_code, WindowId = window_id, IsIslandPrivateAccess = is_island_private_access, ShortTopLevelUrl = short_top_level_url, WebsiteTopLevelUrl = website_top_level_url, FrameUrl = frame_url, CompatibilityMode = compatibility_mode, OsUserName = os_user_name, MachineId = machine_id, OsPlatform = os_platform, SaasApplicationId = toguid(saas_application_id), LineageIds = lineage_ids, Origin = origin | project TimeGenerated, EventId, IslandTenantId, UserId, DeviceId, DeviceDomains, ClientEventId, UserName, Email, EventType, Verdict, VerdictReason, ProcessedDate, TopLevelUrl, Country, Region, UrlWebCategories, SaasApplicationName, SaasApplicationCategory, UrlWebReputation, UrlReputationLevel, TabId, SessionId, RuleId, RuleName, ScreenshotFileName, ScreenshotUrl, Keystrokes, Details, Incognito, SubmittedUrl, SourceIp, PublicIp, MachineName, MatchedDevicePosture, DevicePostureMatchingDetails, CountryCode, WindowId, IsIslandPrivateAccess, ShortTopLevelUrl, WebsiteTopLevelUrl, FrameUrl, CompatibilityMode, OsUserName, MachineId, OsPlatform, SaasApplicationId, LineageIds, Origin",
"outputStream": "Custom-Island_UserEvents_V2_CL"
},
{
"streams": [
"Custom-IslandV2"
],
"destinations": [
"islandv2-dest"
],
"transformKql": "source | where source == 'AdminAction' | extend TimeGenerated = todatetime(timestamp), EventId = toguid(id), IslandTenantId = tenant_id, EntityType = entity_type, ActionType = action, ActionDomain = audit_type, OriginalValue = todynamic(original_value), NewValue = todynamic(new_value), EntityName = entity_name, EntityId = entity_id, UserId = user_id, Email = email, SourceIp = source_ip | project TimeGenerated, EventId, IslandTenantId, EntityType, ActionType, ActionDomain, OriginalValue, NewValue, EntityName, EntityId, UserId, Email, SourceIp",
"outputStream": "Custom-Island_AdminEvents_V2_CL"
},
{
"streams": [
"Custom-IslandV2"
],
"destinations": [
"islandv2-dest"
],
"transformKql": "source | where source == 'SystemEvent' | extend TimeGenerated = todatetime(timestamp), EventId = toguid(id), IslandTenantId = tenant_id, EventType = type, EventCategory = category, SubCategory = sub_category, Severity = severity, PrimaryEntityId = toguid(primary_entity_id), PrimaryEntityName = primary_entity_name, Details = details | project TimeGenerated, EventId, IslandTenantId, EventType, EventCategory, SubCategory, Severity, PrimaryEntityId, PrimaryEntityName, Details",
"outputStream": "Custom-Island_SystemEvents_V2_CL"
}
]
}
}]
44 changes: 44 additions & 0 deletions Solutions/Island/Data Connectors/IslandV2_CCP/IslandV2_PollerConfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
[{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2022-12-01-preview",
"name": "apiRequest",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "IslandV2",
"dataType": "Island_V2_CL",
"dcrConfig": {
"streamName": "Custom-IslandV2",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"auth": {
"type": "APIKey",
"APIKeyName": "Authorization",
"APIKey": "{{apiKey}}"
},
"request": {
"apiEndpoint": "{{apiEndpoint}}",
"rateLimitQPS": 1,
"queryWindowInMin": 5,
"httpMethod": "Get",
"retryCount": 3,
"timeoutInSeconds": 60,
"headers": {
"Accept": "application/json"
}
},
"paging": {
"pagingType": "LinkHeader"
},
"response": {
"eventsJsonPaths": [
"$"
],
"format": "jsonlines",
"successStatusCodes": [
200,
204
]
}
}
}]
Loading
Loading