Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →

Exception handling bug in Vectra XDR data collector prevented proper error propagation during ingestion failures. Read More →

Added ASIM Authentication parser for Cisco ISE administrator authentication events, expanding centralized network device visibility. Read More →

Imperva CCF connector now properly ingests WAF logs containing embedded JSON, preventing data loss during log processing. Read More →

Updates schema version metadata from 0.1.3 to 0.1.4 in FortiGate authentication parsers with no functional changes. Read More →

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

Threat Intelligence domain mapping rule updated to prevent infinite alert loops by excluding its own alerts from the source data. Read More →

Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →

Resolved deployment failure caused by invalid secureData configuration in Logic App Compose action. Read More →

Changed vulnerability export checkpoint field from last_found to indexed_at for customer enhancement. Read More →

Added Log Ingestion API support with OAuth 2.0 authentication — modernizes data ingestion from legacy HTTP Data Collector API. Read More →

Added CCF Push connector with OAuth 2.0 authentication and dedicated tables for 9 event types — modern replacement for Azure Functions ingestion. Read More →

Moves critical IP filtering variables inside parser function to prevent incorrect filtering and potential data loss. Read More →

New ASIM parser normalizes GlobalProtect VPN authentication events from CommonSecurityLog table, enabling unified monitoring of gateway and portal authentication across Palo Alto PAN-OS deployments. Read More →

Added South Africa (za) regional API endpoint support, expanding global deployment coverage for Trend Micro Vision One data ingestion. Read More →

Updated Island connector titles and descriptions to reduce confusion between legacy V1 and current V2 connectors. Read More →

Template validation failure fixed through package regeneration for Visa Threat Intelligence solution v3.0.2. Read More →

Microsoft Sentinel now documents a critical platform limitation where individual fields exceeding 64 KB are silently truncated during ingestion, creating blind spots in large payload analysis. Read More →

Four ASIM schemas missing from KQL validation pipeline now included, preventing unvalidated parser deployments. Read More →

CCF connector repair resolves stream naming mismatch that prevented audit data ingestion in affected deployments. Read More →