Add community Hubspot solution using CCF connector by pl4nty · Pull Request #13317 · Azure/Azure-Sentinel

pl4nty · 2025-12-15T07:53:29Z

Change(s):

New community Hubspot solution, using a CCF connector with two tables

Reason for Change(s):

No Hubspot solution or connector exists

Version Updated:

Used the versions from this commit

Testing Completed:

mainTemplate.json is deployed in our Sentinel environment
Is there a way for users to disable tables with CCF? Some users might want security events but not audit logs

Checked that the validations are passing and have addressed any issues that are present:

Latest version lint - Do the versions need to use latest? I noticed older versions in this commit
Resource ID lint - I used createSolutionV3.ps1 to generate mainTemplate.json. Does the template need to be edited manually?

Signed-off-by: Tom Plant <tom.plant@devicie.com>

Endpoint is missing time range params Signed-off-by: Tom Plant <tom.plant@devicie.com>

v-maheshbh · 2025-12-18T13:32:35Z

Hi @pl4nty
Kindly add the release notes with the proper date and a brief comment.
Modify the BasePath to the following structure:
C:\GitHub\Azure-Sentinel\solutions\Solution Name
and ensure that the definition file name and the ID value are identical. please refer to any existing CCF solution for guidance.

Kindly attach the screenshot showing the CCF connector in a connected state, and also include the invocation logs for reference.

Thanks!

v-maheshbh · 2025-12-24T06:12:01Z

Hi @pl4nty
Kindly review the comment provided above at your earliest convenience.

Thanks!

pl4nty · 2025-12-24T06:18:02Z

@v-maheshbh apologies, I've been on holiday and won't return for a few weeks

Signed-off-by: Tom Plant <tom.plant@devicie.com>

pl4nty · 2026-01-07T01:40:40Z

Thanks, fixed. Here's the connector screenshot, but I'm not sure how to get invocation logs.

v-maheshbh · 2026-01-09T12:44:09Z

Hi @pl4nty

Path to check invocation logs for the CCF connector: Function App > Functions > HubSpot > Monitor > Invocation logs

and Kindly verify the dataType value mentioned in the pollerConfig.json file and ensure it matches the table name defined in the connector’s ARM template.

Thanks!

pl4nty · 2026-01-10T02:11:47Z

Thanks for the logs path, but that looks like it's for Function Apps. This is a CCF connector so there's no Function App visible in the portal.

The dataType without _CL works because it matches the table's object name. But I can change both of them if you prefer.

Following HubSpot solution pattern (PR Azure#13317), added cyren_logo.svg to the Logos/ directory (not Workbooks/Images/Logos/). Changes: 1. Added Logos/cyren_logo.svg (custom Cyren logo) 2. Updated Solution_Cyren.json Logo field to point to: master/Logos/cyren_logo.svg This matches the pattern where solutions store their custom logos in the top-level Logos/ directory.

Signed-off-by: Tom Plant <tom.plant@devicie.com>

pl4nty · 2026-01-15T02:39:18Z

@srsistla thanks for the detailed feedback, I've made those changes. Is retentionInDays required? In our workspace, other CCF tables use the default workspace retention, and we prefer that

Signed-off-by: Tom Plant <tom.plant@devicie.com>

srsistla · 2026-01-15T16:12:18Z

@pl4nty Looks much better to me. Having retentionInDays is more of a "highly recommended" option as we use custom tables and definition of retention period helps in maintenance.

Unfortunately, I do not see the option to approve or merge. @hassanchawiche could you please review and approve? LGTM.

mprossau · 2026-01-27T22:33:14Z

I am testing out this CCF in my local environment.

I've hit one issue in the dataConnectors for HubspotSecurityActivity.

connectorDefinitionName is set to 'Hubspot'. When I try to connect the connector via the UI, I receive the following error:

Deployment Failed At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.</br>{ "error": { "code": "BadRequest", "message": "The connector definition Hubspot does not exist." } }</br>

I have updated the connectorDefinitionName to Hubtspotdefinition and both connectors now connect.

Signed-off-by: Tom Plant <tom.plant@devicie.com>

pl4nty · 2026-01-27T23:48:17Z

@mprossau thanks for testing, fixed. I guess I should've deleted/recreated the connector instead of just redeploying

pl4nty · 2026-02-17T06:36:30Z

@hassanchawiche any chance you can take a look at this please?

v-maheshbh · 2026-02-20T09:11:54Z

Hi @pl4nty

Kindly update the value from 'Community' to 'Partner Supported.

Thanks!

pl4nty · 2026-02-23T05:27:13Z

@v-maheshbh What does "Partner Supported" mean? My employer (Devicie) won't provide commercial support for this solution, we just want to help the Sentinel community by sharing something we built

pl4nty · 2026-03-04T22:54:03Z

@v-maheshbh bump

pl4nty · 2026-03-30T03:52:35Z

pl4nty · 2026-05-21T13:32:02Z

@v-maheshbh please

v-maheshbh · 2026-06-11T12:22:26Z

Hi @pl4nty

As this is a community-supported solution, it is not backed by official support and is maintained on a best-effort basis. Support and maintenance typically rely on the contributors.
Kindly confirm whether you will be able to extend support in the future if any issues or updates are required.

Thanks!

pl4nty · 2026-06-11T13:03:58Z

thanks for taking a look at this! I'm happy to support this in the future

v-maheshbh · 2026-06-12T06:28:53Z

Hi @pl4nty

The email field is mandatory and currently missing in the support section.
Additionally, please update the name field to the correct and expected value.

Thanks!

pl4nty · 2026-06-12T11:10:41Z

@v-maheshbh done 😄

v-maheshbh · 2026-06-17T08:56:03Z

Hi @pl4nty

The support link should be organization/company-specific rather than pointing to the generic Azure Sentinel GitHub issues page. Please update the support.link field to the appropriate support portal, documentation site, or contact page maintained by your organization for this solution.

Thanks!

pl4nty added 2 commits December 15, 2025 07:28

Community Hubspot solution

1496006

Signed-off-by: Tom Plant <tom.plant@devicie.com>

Remove HubspotLoginActivity

fad5f42

Endpoint is missing time range params Signed-off-by: Tom Plant <tom.plant@devicie.com>

pl4nty requested review from a team as code owners December 15, 2025 07:53

v-atulyadav assigned v-maheshbh Dec 15, 2025

v-atulyadav added Solution Solution specialty review needed Codeless Connector Framework (CCF) Connector labels Dec 15, 2025

v-shukore added New Solution For new Solutions which are new to Microsoft Sentinel and removed Solution Solution specialty review needed labels Dec 15, 2025

pl4nty added 2 commits January 7, 2026 01:18

Add Hubspot release notes and fix BasePath

a6dc7cb

Signed-off-by: Tom Plant <tom.plant@devicie.com>

Fix Hubspot connector definition ID

e696f90

Signed-off-by: Tom Plant <tom.plant@devicie.com>

v-maheshbh previously approved these changes Jan 14, 2026

View reviewed changes