Tools fixes enable proper SAP solution marketplace tracking and make the SAPCC agentless connector visible to the Microsoft Sentinel Solutions Analyzer. Read More →

Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks. Read More →

Check Point firewall ASIM parser updated to handle both “Check Point” and “CheckPoint” DeviceVendor field values, fixing parsing failures introduced in PR #12056. Read More →

BitSight solution metadata updated to reflect partner provider status, transitioning from Microsoft internal to external partner support. Read More →

Legacy Zoom connector files removed from DataConnectors folder — connector has been migrated to Solutions/ZoomReports. Read More →

Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities. Read More →

Pathlock Threat Detection & Response adds 77 comprehensive SAP security analytic rules covering ABAP changes, user activities, system modifications, and financial data access. Read More →

CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security. Read More →

Critical fix prevents BeyondTrust PM Cloud Function App timer functions from hanging when processing large event backlogs, restoring data ingestion reliability. Read More →

New Azure Storage-based GitHub Enterprise audit log connector overcomes CCF API rate limitations through Event Grid blob notifications. Read More →

Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting. Read More →

BitSight solution support tier updated from Microsoft to Partner with version downgrade to 3.2.0. Read More →

Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables. Read More →

ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap. Read More →

New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection. Read More →

OCI connector UI updated with explicit IAM policy requirements for stream consumption authorization alongside API signing key authentication. Read More →

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers. Read More →

Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss. Read More →

Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse. Read More →