SilkTyphoon Child Process Detection: Duplicate Connector Mapping Removed

The SilkTyphoonNewUMServiceChildProcess Analytic Rule carried a duplicate and mistyped connector entry (SecurityEvents instead of SecurityEvent) that could cause connector validation errors or unexpected behaviour in environments relying on connector dependency resolution. Read More →

LSASS Credential Dumping: Resilient Behavioral Detection Pack Added

Three new hunting queries detect LSASS memory dumping using behavioral physics rather than brittle timing or tool names. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

ASIM Authentication Parsers: Hostname Resolution and Alias Fixes

Fixes SrcHostname resolution logic and IpAddr aliases in Microsoft Windows Event and SSH authentication parsers. Read More →