FortiGate ASIM Authentication Parser: New Visibility for Fortinet Administrative Access Events
New ASIM parser adds normalised authentication monitoring for FortiGate administrator login and logout events. Read More →
GitHub Workflows: Code Injection Risk Mitigation via Environment Variable Security Fix
Fixed code injection vulnerabilities in CI workflows by replacing direct GitHub context interpolation with safer environment variable patterns. Read More →
Databahn Solution: Branding Consistency Fix
Fixed naming inconsistencies across Databahn solution metadata files to standardize on lowercase ‘b’ branding. Read More →
Commvault Connector: Migration from Legacy Sentinel API to Modern Logs Ingestion Architecture
Commvault Security IQ connector migrated from deprecated Log Analytics API to Azure Monitor Logs Ingestion API with DCE/DCR architecture. Read More →
Microsoft Entra ID Assets: Device and Organizational Contact Visibility Expansion
Two new asset tables (EntraDevices, EntraOrgContacts) added to Microsoft Entra ID connector for BloodHound graph building and complete asset enumeration. Read More →
Visa Threat Intelligence Connector: Template Consistency Fix Addresses Installation Issues
Corrects solution name and ID mismatches in Visa TI connector templates that were causing installation failures. Read More →
Azure Key Vault ASIM Parser: New Audit Event Normalization for Critical Key Management Monitoring
Azure Key Vault audit events can now be analyzed using ASIM schema, enabling standardized detection across vault, secret, key, and certificate operations. Read More →
NetApp Ransomware Resilience: New Automated Incident Response Solution
NetApp introduces modular playbooks for automated ransomware protection, enabling SOC teams to investigate, snapshot, and isolate compromised storage volumes via Microsoft Sentinel integration. Read More →
IPinfo Solution: Three New Data Connectors with Enhanced OAuth Authentication
IPinfo v3.0.3 adds Core, Plus, and Residential Proxy data connectors with robust Azure AD OAuth exception handling to prevent authentication blind spots. Read More →
AWS Athena Function App: Resolving Extension Bundle Compatibility and Query Result Parsing
AWS Athena Function App connector updated to Azure Functions v4+ bundle and fixed Python query parsing logic that previously failed on empty result data. Read More →
Recorded Future Playbooks: Threat Intelligence Integration Discontinued Due to Microsoft API Deprecation
Microsoft has deprecated the Graph Security tiIndicators API, rendering Recorded Future’s automated threat intelligence ingestion playbooks non-functional. Read More →
Feedly Threat Intelligence: Migration from Azure Functions to Native CCF Connector
Modernizes Feedly threat intelligence ingestion by removing Azure Function dependencies and migrating to native Sentinel CCF polling for IoC feeds. Read More →
CyeraDSPM Connector: Eliminates Legacy Azure Functions Deployment Path
Removes deprecated Azure Functions connector from CyeraDSPM solution, streamlining to single CCF-based ingestion to prevent marketplace deployment failures. Read More →
ASIM Asset Entity Schema: New Schema Foundation for Asset Management
Introduces complete ASIM Asset Entity schema with parsers, empty templates, and CI integration to enable asset-centric security monitoring. Read More →
CrowdStrike API Connector: Critical Fix Restores Full Alert and Detection Data Ingestion
CrowdStrike API connector fix implements nested API calls to retrieve complete alert/detection details after prior version only captured alert IDs. Read More →
AMA Version Tracking: New Function for Azure Monitor Agent Deployment Management
New KQL function enables SOC teams to audit Azure Monitor Agent versions across their Sentinel deployment for maintenance and security compliance tracking. Read More →
AI Agents Hunting Query: Schema Field Case Correction Enables Query Execution
Fixed IdentityInfo field reference from AccountUPN to AccountUpn to resolve KQL validation failure and restore query functionality. Read More →
Dataminr Pulse Connector: Extension Bundle Updated to Prevent Deployment Failures
Function App extension bundle upgraded from deprecated v3 to v4 to restore connector deployment capability. Read More →
TacitRed CrowdStrike Playbook: Authentication Fix for Multi-Region API Endpoints
Fixed hardcoded CrowdStrike API URL default causing authentication failures for customers in US-1 and EU-1 regions. Read More →
TacitRed SentinelOne Playbook: Critical API Fix Restores IOC Automation After HTTP 500 Failures
Fixed broken TacitRed playbook that was failing with HTTP 500 errors when posting IOCs to SentinelOne due to missing account scope parameter. Read More →