Isolate-MDEMachine Playbook: Missing Machine.Read.All Permission Causes Runtime Failures

Any deployment of the Isolate-MDEMachine playbook that followed the existing post-deployment instructions has been silently failing with a Forbidden error at runtime – device isolation never executed. Read More →

New Check Point Harmony Email and Collaboration Solution Adds Email Threat Detection and SOAR Response

A new Microsoft Sentinel Solution for Check Point Harmony Email and Collaboration brings a CCF/DCR-based data connector ingesting into CheckpointHEC_CL, one phishing Analytic Rule, five Hunting Queries covering phishing/DLP/spam, and a Quarantine Playbook for automated response. Read More →

Forescout Host Property Monitor Migrates to CCF Push Connector with Three New Custom Tables

The Forescout Host Property Monitor solution (v3.1.0) adds a CCF push connector backed by a new DCR with three custom streams — deployments that have not upgraded retain the old connector but miss richer endpoint telemetry now available in the new tables. Read More →

Recorded Future: Defender Portal Migration Breaks Incident Creation -- Playbooks Redesigned Around Analytic Rules

Recorded Future v3.2.20 removes direct incident creation from four playbooks (now incompatible with the unified Microsoft Defender portal) and introduces new Analytic Rules to restore incident generation from custom log tables. Read More →

Checkmarx Audit Ingestion Playbook: Pagination Fix, Deployment Simplification, and RBAC Enforcement

The AS-Checkmarx-Audit-Ingestion Playbook receives pagination loop fixes and a collapsed single-deployment model – teams running the old multi-step deployment may have incomplete audit event ingestion. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →

New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel

A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table – covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection – plus an incident-response Playbook and a quarantine dashboard Workbook. Read More →

TacitRed Defender TI Playbook: Fixing Content Hub Deployment Failure on Hyphenated Workspace Names

TacitRed Defender Threat Intelligence v3.0.2 fixes an InvalidTemplate ARM error that blocked Content Hub deployment entirely on any workspace with a hyphenated name, plus resolves a sovereign cloud storage endpoint bug and adds required post-deployment RBAC guidance. Read More →

AS-Checkmarx-SAST-Ingestion Playbook: Loop Optimization, Parameterized DCE/DCR Names, and CRITICAL Severity Support

The Checkmarx SAST ingestion Playbook receives pagination fixes, configurable DCE/DCR resource names to support multi-playbook deployments, a corrected severity schema (adding CRITICAL tier), and a reduced default lookback window from 7 to 2 days. Read More →

Vaikora-AzureSecurityCenter: Three Analytic Rules and Playbook Completely Non-Functional Since Initial Deployment

The v3.0.0 solution was built against a fabricated alert API schema – the playbook crashed on ingestion, all three Analytic Rules queried a table that was never populated, and two install paths wrote to divergent tables, meaning zero Vaikora AI agent threat data reached Microsoft Sentinel from day one. Read More →

Vaikora-SentinelOne Playbook: Broken IOC Push Restored After HTTP 422 API Rejection

The v3.0.0 playbook always appended an empty agent_id= parameter, causing the Vaikora API to reject every poll request with HTTP 422, silently halting all IOC delivery to SentinelOne Threat Intelligence since initial deployment. Read More →

Vaikora-CrowdStrike Playbook: Silent IOC Pipeline Failure Fixed for Monitor All Agents Mode

When VaikoraAgentId was left blank to monitor all agents, every HTTP 422 rejection from the Vaikora API silently dropped all IOCs - no high/critical-risk actions ever reached CrowdStrike Falcon. Read More →

Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring

Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

Fortinet FortiGate Playbook: Function App Authentication Security Hardening

Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure. Read More →

Cyren Defender Threat Intelligence: New IP and Malware URL Ingestion for Microsoft Sentinel

Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook. Read More →

New Cyren-CrowdStrike Threat Intelligence Solution: Automated IOC Sync for Enhanced Threat Detection

Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking. Read More →

Google Directory Solution: New Playbook Integration with Extended Security Scope

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

Function App Security: Access Control Hardening Across Multiple Data Connectors

Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability. Read More →

Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →