Changelog

BitSight solution support tier updated from Microsoft to Partner with version downgrade to 3.2.0. Read More →

Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables. Read More →

ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap. Read More →

New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection. Read More →

OCI connector UI updated with explicit IAM policy requirements for stream consumption authorization alongside API signing key authentication. Read More →

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers. Read More →

Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss. Read More →

Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse. Read More →

Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →

Two hunting queries added targeting Gentlemen ransomware campaign artifacts including payload hashes and decentralized Web3/SaaS C2 infrastructure used by EtherRAT and TukTuk malware. Read More →

Microsoft Sentinel Logstash plugin updated to v2.2.1 with improved batch logging and comprehensive security warnings for vulnerable Logstash versions. Read More →

Workspace Usage Report workbook bumped to v1.6.5 with updated description mentioning Microsoft Sentinel and Defender support. Read More →

New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation. Read More →

CrowdStrike API connector now supports multiple domain configurations with unique aliases, enabling organizations to ingest data from different CrowdStrike instances simultaneously. Read More →

New CCF connector enables ingestion of Airlock Digital application control logs, providing execution monitoring and file activity visibility to detect unauthorized software execution. Read More →

New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management. Read More →

New NordStellar solution delivers real-time threat intelligence and exposure monitoring via CCF Push architecture to unified NordStellar_CL table. Read More →

Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts. Read More →

AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans. Read More →