Fixes DCR transform errors, table deployment issues, and stream routing that prevented all data ingestion from Abnormal Security’s CCF Push connector since v3.0.0 launch. Read More →

New Salesforce Audit Logs connector provides visibility into administrative changes and user authentication events across Salesforce orgs. Read More →

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

Five NXLog partner solutions removed from Content Hub, eliminating data connector support for BSM macOS, FIM, Linux Audit, AIX Audit, and DNS monitoring across Unix/Linux environments. Read More →

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Reverts solution ID to match Partner Center offer name after Marketplace certification failure under policy 300.4.1.1. Read More →

Fixes broken deployment of RFI-confirm-EntraID-risky-user playbook that failed with InvalidTemplate error due to stale action references. Read More →

Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques. Read More →

Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →

Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →

Data fidelity fix converts Unix epoch millisecond fields to datetime, resolving duplicate typed columns that broke query functionality in Dynatrace parsers. Read More →

Addressed lint issues, package vulnerabilities, and code vulnerabilities in Cyjax threat intelligence connector. Read More →

Doubled retry delay to 120 seconds to address Duo API throttling requirements preventing log collection. Read More →

Fixed inverted display labels in WorkspaceUsage workbook where billing status showed opposite values. Read More →

Missing TargetUserSessionId field in Microsoft 365 Defender ASIM ProcessEvent parsers has been restored, fixing queries that previously returned null for this session correlation field. Read More →

CI/CD security enhancement prevents automatic execution of untrusted fork code by implementing strict SafeToRun label gating. Read More →

Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments. Read More →

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Workbook no longer flags legitimate rule template and active rule pairs as having different query text due to whitespace sensitivity. Read More →