Comprehensive update to the Sentinel Training Lab with improved detection entity correlation, new cost management capabilities, and standardized naming conventions. Read More →

ASIM Process Event parser parameter names corrected to match documentation, fixing filtering logic discrepancies that could affect query performance and parser interoperability. Read More →

Censys solution adds playbook and workbook for automated infrastructure pivoting and pivot analysis visualization using the Pivot Analysis API. Read More →

Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type. Read More →

New Python-based data collector extracts custom QRadar detection rules and building blocks for migration-ready analysis and conversion to Microsoft Sentinel. Read More →

Removes unsupported secureData configuration preventing Blacklens ASM connector deployments from completing successfully. Read More →

SAP agentless solution updated to version 1.1.10 with security and usability improvements, plus official release status designation. Read More →

New SAP playbook enables automated user blocking via Teams adaptive cards with enhanced support for complex multi-alert incidents from Microsoft Defender XDR. Read More →

D3 Smart SOAR solution now includes an Analytic Rule to automatically detect and escalate High or Critical severity incidents from SOAR platform data. Read More →

Cisco ISE Administrator authentication parser fixes swap incorrect SrcIpAddr and TargetIpAddr mappings that broke network forensics queries. Read More →

Critical fixes to VMware vCenter authentication parser resolve incorrect field mappings that broke queries referencing User and DvcId fields. Read More →

Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion. Read More →

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Microsoft has deprecated Azure Function-based connectors for Okta SSO, SentinelOne, Sophos Endpoint Protection, and VMware Carbon Black Cloud in favor of CCF alternatives. Read More →

Legacy Azure Function connectors for Atlassian Jira, Auth0, Box, and CrowdStrike are now deprecated as solutions transition to the modern CCF architecture. Read More →

New watchlist filters out 7 known-benign status codes from Conditional Access bypass detection to reduce false positives from legitimate MFA prompts and session expiration events. Read More →

meshStack solution updated publisher ID to match Partner Center configuration, ensuring compliance with Microsoft certification requirements. Read More →

A batching bug in the BeyondTrust PM Cloud connector was causing 413 errors and incomplete endpoint security event ingestion when payload sizes exceeded Log Analytics limits. Read More →

KQL queries in the Azure Security Benchmark workbook now properly filter by selected compliance domains. Read More →

New CCF push connector for Tanium enables endpoint compliance, threat response, and patch data ingestion via DCR streams. Read More →