VMware Workspace ONE Connector: Corrupted Poller Resource Names Prevented All Deployments

A stray {{GUID}} suffix in the ARM template poller resource name expressions caused a “content template not found” error on every Connect attempt, making the VMware Workspace ONE CCF connector non-deployable since its v3.0.0 release. Read More →

VMware Carbon Black Cloud: DCR Type Mismatch Caused Silent Data Loss in Alerts and Watchlist Streams

A type mismatch between the Carbon Black API (numeric severity, long PIDs) and the DCR schema (string) caused ingestion failures for the Alerts and Watchlist streams; v3.0.9 corrects the schema and adds tostring() casts in the transformKql. Read More →

VMware Workspace ONE: New CCF Connector for UEM Device and Application Visibility

VMware Workspace ONE Unified Endpoint Management platform now available in Microsoft Sentinel via CCF connector for device compliance monitoring and shadow IT detection. Read More →

VMware ESXi: ASIM Authentication Parser for Host Access Monitoring

New ASIM parser normalizes VMware ESXi authentication events to enable centralized logon monitoring for hypervisor infrastructure. Read More →

VMware vCenter ASIM Parser: DvcId Type Correction Prevents Query Failures

Fixed critical data type mismatch in VMware vCenter authentication parser that caused DvcId field queries to fail. Read More →

Four Legacy Azure Function Connectors Marked for Deprecation - Migration to CCF Required

Microsoft has deprecated Azure Function-based connectors for Okta SSO, SentinelOne, Sophos Endpoint Protection, and VMware Carbon Black Cloud in favor of CCF alternatives. Read More →

ASIM Authentication Schema: VMware vCenter Parser Enables Authentication Monitoring for On-Premises and Azure VMware Environments

New ASIM parser normalizes VMware vCenter authentication events from syslog streams to enable detection coverage across vSphere environments. Read More →

VMware Carbon Black Cloud Connector: Title Update to Clarify CCF Usage

Cosmetic title change to clarify the connector uses Codeless Connector Framework for AWS S3 ingestion. Read More →

VMware ESXi Solution: Broken Link Removed

Documentation maintenance removing broken link from VMware ESXi solution. Read More →

AWS and VMware ESXi: Three New Analytic Rules for Execution, Exfiltration, and Lateral Movement

Three new Analytic Rules added across AWS CloudTrail and VMware ESXi — detecting EC2 startup script tampering (T1059), anonymous S3 object exfiltration (T1530), and SSH enablement on ESXi hosts (T1021). Read More →