SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)

The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

Wiz Connector Overhaul: Agentless DCR Push Integration Adds Detections Stream, Eliminates Function App Attack Surface

Wiz v3.0.1 replaces the legacy Azure Function pull connector with a native DCR push integration, adding a new WizDetectionsV3_CL data stream and removing the need for customer-hosted infrastructure or shared workspace keys. Read More →

BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed

The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data. Read More →

GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table

The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs. Read More →

Checkmarx Audit Ingestion Playbook: Pagination Fix, Deployment Simplification, and RBAC Enforcement

The AS-Checkmarx-Audit-Ingestion Playbook receives pagination loop fixes and a collapsed single-deployment model – teams running the old multi-step deployment may have incomplete audit event ingestion. Read More →

Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity

The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life. Read More →

Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap

Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts – data that was previously absent from incident context. Read More →

New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →

Vaikora Connector: Zero Data Ingestion Fixed After DCR Stream Mapping Failure

Critical fix restores Vaikora AI agent behavioral data after complete ingestion failure caused by DCR stream column mismatch. Read More →

CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API

CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security. Read More →

Bitdefender GravityZone Solution v3.0.1 Adds Incident Analytics for Endpoint and Email Protection

Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →

New Strider Shield Threat Intelligence Connector for Email Security Monitoring

NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →

GitHub Webhook V2 Connector: CLv2 Migration Ensures Continued GitHub Advanced Security Ingestion

New CLv2-based GitHub Webhook connector replaces deprecated CLv1 API to maintain ingestion of code scanning, Dependabot, and secret scanning alerts. Read More →

Bitdefender GravityZone: New Push-Based Security Data Connector for Sentinel

New GravityZone solution brings enterprise endpoint threat data directly to Sentinel via DCR-based push ingestion without bundled detections. Read More →

SAP ETD Cloud: User Account Correlation Now Available After Data Collection Gap

SAP ETD alerts now surface user account names and email addresses for incident correlation, filling a critical entity mapping gap that prevented effective identity-based investigations. Read More →

Data Connector 64 KB Field Truncation: Silent Data Loss Risk Documented

Microsoft Sentinel now documents a critical platform limitation where individual fields exceeding 64 KB are silently truncated during ingestion, creating blind spots in large payload analysis. Read More →

Imperva Cloud WAF: Production Ready CCF Connector with Standard Tables

Imperva Cloud WAF CCF connector migrates from private preview custom tables to public preview standard tables. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Checkmarx Audit Log Ingestion Playbook: Security Event Monitoring Integration

New playbook for ingesting Checkmarx audit log events into Microsoft Sentinel via DCR/DCE for security event monitoring and compliance. Read More →