Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →
New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation. Read More →
Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →
12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →
New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →
New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes. Read More →
Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts. Read More →
New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →