New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF

A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel

A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel. Read More →

SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)

The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced. Read More →

Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration

Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated. Read More →

Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations

The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts. Read More →

Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory

The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility. Read More →

Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability

The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

Untitled

test Affected Files .script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json DataConnectors/Frends iPaaS/README.md Read More →

Imperva Cloud WAF CCF Connector Graduates to General Availability

The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes. Read More →

New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel

Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation – lowering the barrier for partners building custom data connectors. Read More →

WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters

The WithSecureElementsCCF connector has been non-functional since initial release – both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector. Read More →

Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID

A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility. Read More →

BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed

The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data. Read More →

ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections

A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector. Read More →

GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table

The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs. Read More →

Cisco Umbrella CCF Connector GA Promotion Fixes Template Variable Rendering in UI Queries

The Cisco Umbrella CCF connector graduates to GA while also resolving broken template variable references that caused Content Hub connectivity checks and sample queries to malfunction. Read More →

Rapid7 InsightVM CCF Connector Promoted to General Availability

The Rapid7 InsightVM CCF data connector moves out of Public Preview to GA, updating the API version to the stable 2025-09-01 release. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →