Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries

Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →

New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel

A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table – covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection – plus an incident-response Playbook and a quarantine dashboard Workbook. Read More →

Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added

Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Microsoft Defender XDR: OAuth and Device-Code Phishing Hunting Queries Unblocked After ARM-TTK Pipeline Failure

Two Defender XDR hunting queries targeting OAuth consent and device-code phishing were blocked from pipeline validation due to ARM-TTK hardcoded URI false positives; KQL refactored to construct URLs via strcat(), restoring deployment and preserving detection semantics. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

Phishing Detection: Raw IP URLs in Delivered Email

New hunting query identifies delivered emails using raw IPv4 addresses as URL domains to detect phishing campaigns bypassing domain reputation systems. Read More →

Microsoft Defender XDR: New Hunting Query for Delegate Mailbox Phish Reporting Analysis

New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios. Read More →

Microsoft Entra ID Table Rename: Hunting Queries Updated for Current Schema

12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →

Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

Visa Threat Intelligence Solution: Initial Package Release with IOC Detection Rules

New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes. Read More →

Microsoft Defender XDR: New Hunting Query for Punycode Lookalike Domain Phishing

Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →

Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration

Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →

Microsoft Teams Security: 9 Additional Hunting Queries for Advanced Threat Detection

Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis. Read More →

Microsoft Teams Security: 7 New Hunting Queries for URL Threat Detection

New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams. Read More →