AI Agents Hunting Queries Migrated to Unified AgentsInfo Table -- Connector-Split Queries Retired

Seven consolidated AI agent hunting queries now target the unified Defender XDR AgentsInfo table, replacing 26 connector-specific queries split across the A365 and Copilot Studio connectors; existing deployments still running the old AIAgentsInfo-based queries have had no effective hunting coverage since the table split was introduced. Read More →

New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes

A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID – covering full kill chains that individual, single-source detections routinely miss. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Azure Firewall: Five New IDPS Analytic Rules for Advanced Threat Detection

Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts. Read More →