New ASIM AgentEvent Parser Unlocks Anthropic Claude Compliance Log Normalization

Two new ASIM AgentEvent parsers normalize Anthropic Claude Compliance API logs (via BlueVoyant CCF connector) into the ASIM AgentEvent schema, enabling unified hunting across AI agent activity events. Read More →

New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF

A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel

A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

Untitled

test Affected Files .script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json DataConnectors/Frends iPaaS/README.md Read More →

New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel

Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation – lowering the barrier for partners building custom data connectors. Read More →

Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID

A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility. Read More →

New Hunting Query: BadUSB HID Injection via certutil LOLBIN Detected Through explorer.exe Parent Signal

A new hunting query surfaces BadUSB payloads that abuse certutil.exe or cmd.exe via the WIN+R Run dialog by keying on explorer.exe as the initiating process – a signal absent from existing generic certutil LOLBin detections. Read More →

ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections

A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector. Read More →

AWS S3 Connector: CloudFormation IaC Templates Added for Repeatable AWS-Side Deployment

Four CloudFormation templates (CloudTrail, CloudWatch, VPC Flow Logs, GuardDuty) and an OIDC trust template now provide enterprise-grade IaC deployment of the AWS-side resources required by the Microsoft Sentinel Amazon Web Services S3 connector, complementing the existing PowerShell setup flow. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →

New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel

A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs. Read More →

WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated

A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments. Read More →

New ASIM NetworkSession Parser for Cisco FTD Extends Network Visibility via AMA Connector

Cisco Firepower Threat Defense (FTD) logs ingested via the Cisco ASA/FTD AMA connector can now be normalised into the ASIM NetworkSession schema, enabling source-agnostic detections and hunting queries to run against FTD firewall and IDS events. Read More →

New ASIM Authentication Parser for Cisco Firepower Threat Defense Closes Syslog Auth Visibility Gap

A new ASIM Authentication parser for Cisco FTD normalises SSH login success and failure events from Syslog into the imAuthentication/ASimAuthentication schema, enabling source-agnostic detection coverage for Cisco firewall authentication activity. Read More →

New Workbook: Hybrid Attack Kill-Chain Hunting Across Cloud and On-Prem Identity

A new behavior-led hunting workbook registers in Microsoft Sentinel covering end-to-end hybrid identity attack scenarios across 7 MITRE ATT&CK phases, correlating signals from Entra ID, Azure, on-prem AD, and Defender XDR. Read More →

New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes

A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID – covering full kill chains that individual, single-source detections routinely miss. Read More →

Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel

A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory – including IP, hostname, OS, severity, and vulnerability counts – into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel. Read More →

New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel

A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table – covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection – plus an incident-response Playbook and a quarantine dashboard Workbook. Read More →