Cisco Secure Endpoint ASIM AlertEvent Parser: Missing Mandatory Fields Causing Data Fidelity Gap

TimeGenerated and Type fields were absent from the Cisco Secure Endpoint ASIM AlertEvent parser output, causing null returns for all rows referencing these now-mandatory schema fields in downstream queries. Read More →

New ASIM AgentEvent Parser Unlocks Anthropic Claude Compliance Log Normalization

Two new ASIM AgentEvent parsers normalize Anthropic Claude Compliance API logs (via BlueVoyant CCF connector) into the ASIM AgentEvent schema, enabling unified hunting across AI agent activity events. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel

A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel. Read More →

SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)

The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced. Read More →

Azure Firewall ASIM DNS Parsers: Silent Union Failure Fixed for Resource-Specific Log Mode

When Azure Firewall is configured to send logs only to the resource-specific AZFWDnsQuery table, the AzureDiagnostics branch of both ASimDnsAzureFirewall and vimDnsAzureFirewall parsers was aborting with a scalar resolution error, dropping all DNS query data from those branches entirely. Read More →

Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration

Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections

A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector. Read More →

GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table

The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →

New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel

A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs. Read More →

Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed

A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record. Read More →

New ASIM NetworkSession Parser for Cisco FTD Extends Network Visibility via AMA Connector

Cisco Firepower Threat Defense (FTD) logs ingested via the Cisco ASA/FTD AMA connector can now be normalised into the ASIM NetworkSession schema, enabling source-agnostic detections and hunting queries to run against FTD firewall and IDS events. Read More →

New ASIM Authentication Parser for Cisco Firepower Threat Defense Closes Syslog Auth Visibility Gap

A new ASIM Authentication parser for Cisco FTD normalises SSH login success and failure events from Syslog into the imAuthentication/ASimAuthentication schema, enabling source-agnostic detection coverage for Cisco firewall authentication activity. Read More →

ASIM Schema Docs Pruned -- Canonical Definitions Moved to Microsoft Learn

Nine ASIM schema YAML files and a parsers list have been removed from the repo as the canonical schema definitions are now hosted on Microsoft Learn, with two new schemas (Agent Event and Asset Entity) documented in the README. Read More →

Salesforce Service Cloud ASIM Authentication Parser: Extended to Cover CCF V2/V3 Connector Tables

The ASIM Authentication parser for Salesforce Service Cloud now normalises logs from the V2 and V3 CCF connector tables – environments using the updated codeless connectors were previously producing zero normalised authentication events. Read More →

Cisco ISE ASIM Auth Parser: Regex Fix Restores EventOriginalType Extraction Across Log Format Variants

A broken regex in both the ASimAuthenticationCiscoISE and vimAuthenticationCiscoISE parsers caused EventOriginalType to return null for Cisco ISE syslog messages that include extended timestamp/sequence prefixes, silently dropping event classification for those log variants. Read More →

Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables

The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed. Read More →

Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility

The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser. Read More →