Deployment source moved to stable Microsoft repo, custom table schemas fixed, and Function App ingestion enhanced for reliable attack path visibility. Read More →

Fixed critical data type mismatch in VMware vCenter authentication parser that caused DvcId field queries to fail. Read More →

Updated Data Connector description in Visa Threat Intelligence solution to resolve certification failure. Read More →

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams. Read More →

Solutions Analyzer was double-counting connectors in CCF v2 solutions due to azuredeploy wrapper files creating phantom duplicates. Read More →

MISP threat intelligence connector was broken due to incorrect table reference — deployments had zero indicator ingestion until this fix. Read More →

New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →

Microsoft’s TAXII Export connector for Threat Intelligence objects is now GA, removing preview limitations for production TI sharing workflows. Read More →

Major connector upgrade introduces comprehensive event field collection and multi-tenant monitoring capabilities. Read More →

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Joe Sandbox solution updated to v3.0.1 with Azure template fixes, updated storage API versions, and improved IOC processing in playbooks. Read More →

Abnormal Security CCF connector v3.0.1 fixes table column naming to match Microsoft Log Analytics output, restoring access to previously missing metadata fields. Read More →

Critical configuration fix resolves parameter name mismatch that prevented Azure DevOps audit log ingestion entirely. Read More →

CrowdStrike’s Function App-based data replicator was incorrectly deprecated and has been restored to active status to maintain government deployment support. Read More →

Upwind connector Function App deployment was failing due to incorrect zip structure and ARM template configuration - fixed with flat zip layout and implicit hosting plan. Read More →

Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings. Read More →

Fixed DCR transformKql failures for Type field and invalid data types that were preventing Cloudflare log ingestion. Read More →

Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes. Read More →

Version bump to 2.1.1 with efficiency improvements noted but no connector logic changes. Read More →