New ASIM NetworkSession Parser for Cisco FTD Extends Network Visibility via AMA Connector

Cisco Firepower Threat Defense (FTD) logs ingested via the Cisco ASA/FTD AMA connector can now be normalised into the ASIM NetworkSession schema, enabling source-agnostic detections and hunting queries to run against FTD firewall and IDS events. Read More →

Salesforce Service Cloud ASIM Authentication Parser: Extended to Cover CCF V2/V3 Connector Tables

The ASIM Authentication parser for Salesforce Service Cloud now normalises logs from the V2 and V3 CCF connector tables – environments using the updated codeless connectors were previously producing zero normalised authentication events. Read More →

New ASIM AlertEvent Parser for Google SecOps Extends Normalised Detection Coverage

A new ASIM AlertEvent parser pair normalises Google SecOps Detection Alerts from the DetectionAlerts_CL custom table into the ASIM AlertEvent schema, enabling source-agnostic alert hunting and cross-platform detection rules against Google SecOps data. Read More →

New ASIM WebSession Parser Brings AWS WAF Traffic into Normalized Detection Coverage

AWS WAF web session logs can now be ingested and normalized via the ASIM WebSession schema, enabling source-agnostic detections against WAF allow/block/challenge/captcha decisions from the AWSWAF table. Read More →

CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema

A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Netskope Security Cloud Joins ASIM AlertEvent Schema — Threats Now Normalised from NetskopeAlerts_CL

A new ASIM AlertEvent parser for Netskope Security Cloud normalises DLP, malware, C2, IPS, compromised credential, UBA, and policy alerts from the NetskopeAlerts_CL table into the standard AlertEvent schema, enabling source-agnostic detections and hunting across Netskope data. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Salesforce Service Cloud: New ASIM WebSession Parser Enables Normalized API/Web Request Monitoring

ASIM WebSession parser for Salesforce Service Cloud normalizes API and web session logs into standardized schema, enabling unified monitoring across SaaS platforms. Read More →

Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility

Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities. Read More →

ASIM AlertEvent Support Added for Bitdefender GravityZone Security Platform

New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection. Read More →

Zimperium MTD: New CCF Push Connector for Mobile Threat Telemetry

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Abnormal Security CCF Connector: Schema Alignment Fixes Column Visibility Gaps

Abnormal Security CCF connector v3.0.1 fixes table column naming to match Microsoft Log Analytics output, restoring access to previously missing metadata fields. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

Contrast ADR: CCF Connector Deployment Unlocks Application Attack Visibility

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Abnormal Security: New CCF Push Connector Adds Multi-Table Email Security Event Routing

Added CCF Push connector with OAuth 2.0 authentication and dedicated tables for 9 event types — modern replacement for Azure Functions ingestion. Read More →

Palo Alto GlobalProtect: New ASIM Authentication Parser for VPN Monitoring

New ASIM parser normalizes GlobalProtect VPN authentication events from CommonSecurityLog table, enabling unified monitoring of gateway and portal authentication across Palo Alto PAN-OS deployments. Read More →

Microsoft Copilot Connector — Critical Table Name Update from LLMActivity to CopilotActivity

Microsoft Copilot connector fixes critical table reference issue, standardizing on official CopilotActivity table name across all components. Read More →

ZeroFox CCF Connector: KQL Query Restoration and Multi-Solution Maintenance

ZeroFox CCF connector receives missing KQL query fixes alongside packaging updates across 8+ solutions. Read More →

Salesforce Service Cloud Connector: Column Name Bug Fix Plus Multi-Solution Updates

Fixed critical column name mapping bug in Salesforce Service Cloud CCF connector preventing proper data ingestion. Read More →