Documentation

June 1, 2026

Oracle Cloud Infrastructure CCF Connector: IAM Permissions Guidance Added

OCI connector UI updated with explicit IAM policy requirements for stream consumption authorization alongside API signing key authentication. Read More →

May 27, 2026

Google Threat Intelligence Solution: Custom Connector Deployment Prerequisites Clarified

Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use. Read More →

May 18, 2026

Microsoft Entra ID Table Rename: Hunting Queries Updated for Current Schema

12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →

May 5, 2026

Visa Threat Intelligence: Connector Description Update for Certification

Updated Data Connector description in Visa Threat Intelligence solution to resolve certification failure. Read More →

April 30, 2026

Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage

Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes. Read More →

April 30, 2026

Logstash Output Plugin: Documentation Update for Version 2.1.1

Version bump to 2.1.1 with efficiency improvements noted but no connector logic changes. Read More →

April 20, 2026

Microsoft Sentinel Logstash Plugin: Documentation Update Reveals Major Architecture Changes

Documentation updated for Logstash output plugin to reflect version 2.1.0 with Ruby-to-Java refactor, managed identity support, and closed-source transition. Read More →

April 9, 2026

Island Enterprise Browser V2 Connector: Documentation Clarity Improvements

Updated Island connector titles and descriptions to reduce confusion between legacy V1 and current V2 connectors. Read More →

April 8, 2026

Data Connector 64 KB Field Truncation: Silent Data Loss Risk Documented

Microsoft Sentinel now documents a critical platform limitation where individual fields exceeding 64 KB are silently truncated during ingestion, creating blind spots in large payload analysis. Read More →

April 8, 2026

Azure Resource Graph: Table Name Standardization for Query Consistency

Azure Resource Graph connector updated table labels to align with Table Management naming conventions, ensuring consistent query references. Read More →

April 2, 2026

Detection Template Validation: connectorId Enforcement Added to Review Process

Detection authoring guidelines now require validation of connectorId values against the official repository allowlist to prevent invalid connector references. Read More →

March 20, 2026

Microsoft Copilot Connector: Updated Product Scope Description

Clarifies connector description to specify M365 Copilot and Security Copilot coverage alongside general improvements. Read More →

March 1, 2026

Google Kubernetes Engine Connector: Documentation Update Links to Official Microsoft Learn

Google Kubernetes Engine connector documentation updated to reference official Microsoft Learn guides instead of personal repositories. Read More →

February 27, 2026

Logstash Connector: Extended Version Support for Newer Logstash Releases

Documentation update adds support for Logstash versions 8.19.2, 9.0.8, 9.1.10, and 9.2.4-9.2.5. Read More →

February 26, 2026

Azure Activity: Hunting Query Documentation Enhancement for Custom Script Extensions

Minor documentation improvement clarifying protected settings visibility in Custom Script Extension hunting query. Read More →

February 13, 2026

JoeSandbox Solution: Updated Deployment Links and Removed Manual Installation Steps

JoeSandbox solution deployment documentation updated with corrected Azure links and streamlined automated deployment options. Read More →

February 12, 2026

ASIM Authentication Schema: NetworkCleartext SubType Added

ASIM Authentication schema expanded to include NetworkCleartext authentication subtype for cleartext password events. Read More →

February 6, 2026

Documentation Fix: Broken Links Resolved in Microsoft Entra ID and Network Session Essentials

Customer-reported broken links fixed in analytic rule descriptions with corrected MITRE technique references and restored documentation. Read More →

February 4, 2026

Solutions Analyzer: Enhanced Documentation with Lake-Only Ingestion and Statistics Features

Comprehensive documentation tool update adds lake-only ingestion tracking, collection methods index, and enhanced connector association analysis. Read More →

January 22, 2026

Azure DevOps Auditing Solution: Description Text Cleanup and Repackaging

Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references. Read More →

Auto-generated content based on the Azure-Sentinel GitHub repo.

Microsoft Sentinel is a trademark of Microsoft Corporation.