AI Agents Hunting Queries Migrated to Unified AgentsInfo Table -- Connector-Split Queries Retired

Seven consolidated AI agent hunting queries now target the unified Defender XDR AgentsInfo table, replacing 26 connector-specific queries split across the A365 and Copilot Studio connectors; existing deployments still running the old AIAgentsInfo-based queries have had no effective hunting coverage since the table split was introduced. Read More →

New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes

A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID – covering full kill chains that individual, single-source detections routinely miss. Read More →

iboss Solution 3.1.3: New Malware and C2 Analytic Rules for Web Gateway Telemetry

iboss Solution 3.1.3 ships two new Scheduled Analytic Rules that surface malware detections and C2 communications flagged by the iboss gateway, closing a detection gap for organizations relying solely on raw CommonSecurityLog ingestion. Read More →

Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API

New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic. Read More →

UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage

Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context

Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

Defender for Endpoint: Cryptographic Identity Baselining Hunting Query for Process Network Anomalies

New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibility

New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Threat Intelligence: URL IOC Detection Added for Web Session Monitoring

New Analytic Rule enables detection of malicious URLs from threat feeds in web traffic, closing coverage gap for URL-based indicators. Read More →

Global Secure Access: Enhanced Threat Intelligence Correlation and MCP Monitoring

New analytic rules correlate threat intelligence indicators with GSA traffic while MCP Servers Dashboard provides Model Context Protocol server monitoring. Read More →

Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration

Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →