Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking. Read More →

XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility. Read More →

ESET connector switches from unreliable timestamp filtering to delta tokens, closing potential data loss gaps during high-volume ingestion periods. Read More →

Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection. Read More →

New CCF-based connector ingests Illumio AI-powered threat discovery reports with network flow analysis, geographic context, and MITRE ATT&CK framework integration. Read More →

Fortra Agari transitions from Azure Functions to CCF framework, restoring Brand Protection, Phishing Defense, and Phishing Response visibility with DCR-based ingestion. Read More →

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability. Read More →

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →

NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →

New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions. Read More →

SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →

Microsoft renamed the A365 Observability solution to Agent 365 for marketing alignment with no functional changes. Read More →

ElasticAgent connector migrated to CCF framework to maintain system monitoring capability as HTTP Collector API approaches deprecation. Read More →

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

New ASIM parser normalizes VMware ESXi authentication events to enable centralized logon monitoring for hypervisor infrastructure. Read More →

New ASIM parser enables normalized threat detection from Cisco Secure Endpoint via CCF ingestion to CiscoSecureEndpointEventsV2_CL table. Read More →

QualysVM solution packaging corrects downgraded ARM template API versions that could impact deployment reliability. Read More →

Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns. Read More →