AWS S3 Connector: CloudFormation IaC Templates Added for Repeatable AWS-Side Deployment

Four CloudFormation templates (CloudTrail, CloudWatch, VPC Flow Logs, GuardDuty) and an OIDC trust template now provide enterprise-grade IaC deployment of the AWS-side resources required by the Microsoft Sentinel Amazon Web Services S3 connector, complementing the existing PowerShell setup flow. Read More →

New ASIM WebSession Parser Brings AWS WAF Traffic into Normalized Detection Coverage

AWS WAF web session logs can now be ingested and normalized via the ASIM WebSession schema, enabling source-agnostic detections against WAF allow/block/challenge/captcha decisions from the AWSWAF table. Read More →

New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull

A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring. Read More →

AWS Security Hub Compliance Workbook Metadata Added to Content Registry

Workbook metadata entry added for AWS Security Hub compliance visualization — workbook content deployment follows separately. Read More →

AWS Security Hub Compliance Workbook: Comprehensive Security Posture Visualization Now Available

New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management. Read More →

AWS S3 and CrowdStrike Connectors: Non-Analytics Tier Query Support for Basic/Auxiliary Plans

AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

AWS ELB Solution Moves to General Availability

AWS Elastic Load Balancer solution transitions from Public Preview to GA status, confirming production readiness for ALB/NLB access log monitoring. Read More →

AWS CloudTrail Connector: Function App Crash Fix for Unsupported File Types

Fixes potential Python exception in CloudTrail ingestion function when encountering unsupported file formats, preventing data ingestion failure. Read More →

AWS S3 and CEF Connectors: Security Alert Remediation Fixes Error Handling Gaps

Python connector security vulnerabilities patched with improved error handling and null check additions. Read More →

Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

AWS ELB Connector: Public Preview CCF Ingestion for ALB, NLB, and GLB Logs

New CCF connector enables ingestion of AWS Elastic Load Balancer access and flow logs into Microsoft Sentinel for network traffic monitoring and threat detection. Read More →

AWS EKS Connector: CloudFormation Template Revert Fixes Deployment Issues

AWS EKS connector CloudFormation templates reverted to resolve deployment errors affecting EKS audit log ingestion setup. Read More →

AWS Network Firewall Connector: Fixed Critical Deployment Bug Causing Duplicate Collectors

Deployment bug fix prevents multiple collector creation for AWS Network Firewall multi-stream connectors. Read More →

AWS EKS Connector: New Public Preview for Kubernetes Audit Log Security Monitoring

New CCF-based solution ingests Amazon Elastic Kubernetes Service audit logs via SQS for real-time cluster security monitoring. Read More →

AWS Athena Function App: Resolving Extension Bundle Compatibility and Query Result Parsing

AWS Athena Function App connector updated to Azure Functions v4+ bundle and fixed Python query parsing logic that previously failed on empty result data. Read More →

ASIM FileEvent Parser: New AWS CloudTrail S3 Support Added

New FileEvent parser enables normalized S3 object activity monitoring from AWS CloudTrail logs across bucket operations and object lifecycle events. Read More →

ASIM User Management: AWS CloudTrail Parser Enables IAM and Cognito Visibility

New ASIM parser normalizes AWS CloudTrail user management events from IAM and Cognito services into Microsoft Sentinel. Read More →

AWS Access Logs: Security Enhancement for SQS Principal Access Control

AWS S3 Server Access Logs CloudFormation template receives critical security update restricting SQS queue principal from wildcard to S3 service only. Read More →

AWS CloudTrail Connector: Fixed Script Logic and Command Syntax Errors

Corrected PowerShell variable scoping and AWS CLI command syntax in CloudTrail configuration script. Read More →