Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →
Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →
Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →
Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion. Read More →
New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →
New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →
New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →
blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →
GitHub Enterprise 2FA disablement detection rule was completely broken due to deprecated table reference — restored monitoring for T1562 defense impairment. Read More →
New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →