Digital Shadows Connector: Logs Ingestion API Migration Required Before September 2026 Ingestion Cutoff

The Digital Shadows SearchLight connector has been fully migrated from the retiring HTTP Data Collector API to the Logs Ingestion API (DCE + DCR + Managed Identity), with a new table DigitalShadows_V2_CL replacing the legacy DigitalShadows_CL – customers who do not upgrade will lose all Digital Shadows ingestion on 2026-09-14. Read More →

New Check Point Harmony Email and Collaboration Solution Adds Email Threat Detection and SOAR Response

A new Microsoft Sentinel Solution for Check Point Harmony Email and Collaboration brings a CCF/DCR-based data connector ingesting into CheckpointHEC_CL, one phishing Analytic Rule, five Hunting Queries covering phishing/DLP/spam, and a Quarantine Playbook for automated response. Read More →

New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel

Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation – lowering the barrier for partners building custom data connectors. Read More →

Three Solutions Packaging Fix: Mulesoft, Trend Micro, and ESET UI Metadata Corrected

Duplicated connector count blocks in solution UI descriptions and a connector count mismatch are corrected across three solutions, with no detection logic or data ingestion changes. Read More →

ESET PROTECT Platform Connector: Dependency Rollback Including Cryptography Downgrade Warrants Review

The ESET PROTECT Platform Function App connector rolls back several Python dependencies to lower versions, including cryptography from 48.0.0 to 43.0.1, without documented CVE justification – operators should verify no security regressions are introduced. Read More →

DocuSign Connector: Az Module Upgrade Restores PowerShell 7.2+ Function App Compatibility

The DocuSign Security Events Function App connector was failing to load Az module cmdlets on PowerShell 7.2+ runtimes; bumping the dependency from Az 5.* to 11.* restores ingestion. Read More →

Semperis Lightning Connector: TLS Certificate Verification Restored Across All API Calls

The Semperis Lightning data connector was making all outbound API requests with TLS verification disabled (verify=False), exposing token acquisition and all data collection calls to man-in-the-middle attacks; this fix re-enables certificate validation across seven affected modules. Read More →

Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity

The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life. Read More →

Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function

Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts. Read More →

TacitRed Defender TI Playbook: Fixing Content Hub Deployment Failure on Hyphenated Workspace Names

TacitRed Defender Threat Intelligence v3.0.2 fixes an InvalidTemplate ARM error that blocked Content Hub deployment entirely on any workspace with a hyphenated name, plus resolves a sovereign cloud storage endpoint bug and adds required post-deployment RBAC guidance. Read More →

BitSight Function App Connector: UI Updated to Reflect Log Ingestion API Authentication Requirements

The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements. Read More →

Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths

A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →

Trend Micro Vision One Connector: Indonesia Region Support Added, Deployments in ID Site Were Unable to Ingest

The Trend Micro Vision One Function App connector gains support for the Indonesia (id) API region, resolving a complete ingestion gap for customers deployed on api.id.xdr.trendmicro.com. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API

The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API – deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated. Read More →

CyberArk Audit Connector: Function App Runtime Updated to Python 3.12

The CyberArk Audit Function App connector has been updated from Python 3.10 (EOL) to Python 3.12, replacing all bundled dependency packages and deployment templates accordingly. Read More →

Zoom Reports Function App Connector Officially Deprecated

The legacy Zoom Reports Azure Function-based connector has been formally deprecated; customers still using it should migrate to the CCF-based replacement. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links

Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents. Read More →

Zoom Data Connector: Legacy Azure Function Files Removed from Standalone Location

Legacy Zoom connector files removed from DataConnectors folder — connector has been migrated to Solutions/ZoomReports. Read More →