Snowflake detection rule now filters out events lacking QueryExecutionStatus to prevent false alerts from data loading operations. Read More →

CreateSolutionV3 script now supports offline semantic versioning with local version management alongside existing catalog API mode. Read More →

Four OAuth-based data connectors now support dynamic redirect URIs, eliminating manual Azure portal configuration requirements. Read More →

OpenSSH authentication parser now correctly extracts source IP addresses from “Invalid user” events regardless of port format. Read More →

Legacy npm 6.14.18 dependency causing validation failures replaced with modern Node.js 20 LTS setup and deterministic builds. Read More →

GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →

Versasec CMS solution packaging updated to meet Content Hub publishing requirements. Read More →

ARM template toolkit validation failure resolved by centralizing hardcoded step identifiers into reusable variables. Read More →

Linux su parser significantly enhanced to capture failed su attempts, correct event classification from Elevation to Logon, and improve field mappings for comprehensive privilege escalation monitoring. Read More →

Palo Alto Cortex Data Lake authentication parser enhanced with schema compliance improvements, performance optimizations, and corrected field mappings for better data fidelity. Read More →

Microsoft 365 Defender authentication parser improved ASIM compliance by removing unnormalized columns and relocating process/hash metadata to AdditionalFields structure. Read More →

Renamed BeyondTrust PM Cloud workbook preview images from Dark/Light to Black/White convention and added BeyondTrust logo asset for UI consistency. Read More →

Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references. Read More →

Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →

Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →

Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →

Cyberint threat intelligence connector restored from complete ingestion failure caused by malformed API endpoint and duplicate schema nesting blocking IOC data collection. Read More →

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

NIST SP 800-53 and Zero Trust compliance workbooks updated with current Microsoft Defender for Office 365 documentation links following EOP rebrand. Read More →

SSH authentication parser now accurately identifies logon methods (password, PKI, PAM) and adds improved field mappings for better authentication visibility. Read More →