T1098

June 1, 2026

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

May 29, 2026

Entra ID Post-Credential Activity Detection: Service Principal Staging and Privileged Role Escalation

Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse. Read More →

May 28, 2026

Entra ID Identity Boundary Expansion: Three New Hunting Queries for Stealthy Persistence

Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts. Read More →

May 27, 2026

Entra ID Authentication Anomalies: Advanced Hunting for Privilege Abuse and Defense Evasion

Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations. Read More →

May 27, 2026

Entra ID Account Takeover: Three-Query Hunting Pack for Post-Compromise Detection

Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors. Read More →

May 27, 2026

Microsoft Entra ID OAuth Consent Query: Fixing Zero-Result Bug in High-Risk Permission Detection

Corrects broken hunting query that returned no results due to incorrect property name filter. Read More →

May 19, 2026

Entra ID Cross-Source Hunting Pack: Post-Compromise Pattern Detection

Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection. Read More →

May 18, 2026

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

May 13, 2026

Entra ID Attack Chain Detection: 5 New Hunting Queries Target Application Layer Persistence

Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns. Read More →

April 24, 2026

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

April 10, 2026

Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

March 27, 2026

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

November 12, 2025

UEBA Essentials: Enhanced Multi-Cloud Detection with 6 New AWS, GCP & Okta Hunting Queries

Major update adds comprehensive multi-cloud anomaly detection capabilities across AWS, GCP, and Okta platforms with 6 new hunting queries. Read More →

Auto-generated content based on the Azure-Sentinel GitHub repo.

Microsoft Sentinel is a trademark of Microsoft Corporation.