http://sentinelchangelog.net/posts/Recent content in Changelog on sentinelchangelog.netHugo -- 0.157.0enWed, 03 Jun 2026 17:34:45 +0000http://sentinelchangelog.net/posts/2026-06-03-pr-14397/Wed, 03 Jun 2026 17:34:45 +0000http://sentinelchangelog.net/posts/2026-06-03-pr-14397/BitSight solution support tier updated from Microsoft to Partner with version downgrade to 3.2.0.http://sentinelchangelog.net/posts/2026-06-03-pr-14326/Wed, 03 Jun 2026 06:01:01 +0000http://sentinelchangelog.net/posts/2026-06-03-pr-14326/Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables.http://sentinelchangelog.net/posts/2026-06-02-pr-14396/Tue, 02 Jun 2026 21:22:50 +0000http://sentinelchangelog.net/posts/2026-06-02-pr-14396/ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap.http://sentinelchangelog.net/posts/2026-06-01-pr-14378/Mon, 01 Jun 2026 14:34:58 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14378/New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection.http://sentinelchangelog.net/posts/2026-06-01-pr-14347/Mon, 01 Jun 2026 05:33:21 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14347/OCI connector UI updated with explicit IAM policy requirements for stream consumption authorization alongside API signing key authentication.http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.http://sentinelchangelog.net/posts/2026-05-29-pr-14383/Fri, 29 May 2026 23:39:29 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14383/GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers.http://sentinelchangelog.net/posts/2026-05-29-pr-14210/Fri, 29 May 2026 16:38:05 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14210/Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss.http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Fri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse.http://sentinelchangelog.net/posts/2026-05-29-pr-13905/Fri, 29 May 2026 08:53:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-13905/Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details.http://sentinelchangelog.net/posts/2026-05-29-pr-14338/Fri, 29 May 2026 08:24:12 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14338/Two hunting queries added targeting Gentlemen ransomware campaign artifacts including payload hashes and decentralized Web3/SaaS C2 infrastructure used by EtherRAT and TukTuk malware.http://sentinelchangelog.net/posts/2026-05-29-pr-14359/Fri, 29 May 2026 08:08:57 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14359/Microsoft Sentinel Logstash plugin updated to v2.2.1 with improved batch logging and comprehensive security warnings for vulnerable Logstash versions.http://sentinelchangelog.net/posts/2026-05-29-pr-14353/Fri, 29 May 2026 08:07:57 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14353/Workspace Usage Report workbook bumped to v1.6.5 with updated description mentioning Microsoft Sentinel and Defender support.http://sentinelchangelog.net/posts/2026-05-29-pr-14350/Fri, 29 May 2026 05:32:22 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14350/New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation.http://sentinelchangelog.net/posts/2026-05-28-pr-14370/Thu, 28 May 2026 20:59:38 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14370/CrowdStrike API connector now supports multiple domain configurations with unique aliases, enabling organizations to ingest data from different CrowdStrike instances simultaneously.http://sentinelchangelog.net/posts/2026-05-28-pr-14330/Thu, 28 May 2026 17:08:04 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14330/New CCF connector enables ingestion of Airlock Digital application control logs, providing execution monitoring and file activity visibility to detect unauthorized software execution.http://sentinelchangelog.net/posts/2026-05-28-pr-13870/Thu, 28 May 2026 12:40:08 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-13870/New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management.http://sentinelchangelog.net/posts/2026-05-28-pr-14198/Thu, 28 May 2026 12:05:41 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14198/New NordStellar solution delivers real-time threat intelligence and exposure monitoring via CCF Push architecture to unified NordStellar_CL table.http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Thu, 28 May 2026 11:14:14 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts.http://sentinelchangelog.net/posts/2026-05-28-pr-14264/Thu, 28 May 2026 10:37:30 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14264/AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans.http://sentinelchangelog.net/posts/2026-05-28-pr-13299/Thu, 28 May 2026 05:19:38 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-13299/Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation.http://sentinelchangelog.net/posts/2026-05-28-pr-13330/Thu, 28 May 2026 05:16:16 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-13330/New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection.http://sentinelchangelog.net/posts/2026-05-27-pr-14360/Wed, 27 May 2026 23:10:06 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14360/Sonrai Security compliance tickets now integrate directly with Microsoft Sentinel through a new CCF push connector.http://sentinelchangelog.net/posts/2026-05-27-pr-14356/Wed, 27 May 2026 19:04:26 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14356/Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion.http://sentinelchangelog.net/posts/2026-05-27-pr-14258/Wed, 27 May 2026 15:42:07 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14258/VMware Workspace ONE Unified Endpoint Management platform now available in Microsoft Sentinel via CCF connector for device compliance monitoring and shadow IT detection.http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Wed, 27 May 2026 13:41:06 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors.http://sentinelchangelog.net/posts/2026-05-27-pr-14336/Wed, 27 May 2026 13:38:59 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14336/Adds hunting query to detect hardware keystroke injectors spawning PowerShell through explorer.exe with evasion patterns.http://sentinelchangelog.net/posts/2026-05-27-pr-14334/Wed, 27 May 2026 13:38:30 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14334/Corrects broken hunting query that returned no results due to incorrect property name filter.http://sentinelchangelog.net/posts/2026-05-27-pr-14246/Wed, 27 May 2026 10:09:18 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14246/Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references.http://sentinelchangelog.net/posts/2026-05-27-pr-14308/Wed, 27 May 2026 08:59:01 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14308/New hunting query identifies short-lived code signing certificates (≤14 days) on non-developer endpoints to detect Fox Tempest MSaaS operations.http://sentinelchangelog.net/posts/2026-05-27-pr-14337/Wed, 27 May 2026 08:36:31 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14337/New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams.http://sentinelchangelog.net/posts/2026-05-27-pr-14267/Wed, 27 May 2026 06:35:46 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14267/Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use.http://sentinelchangelog.net/posts/2026-05-27-pr-14324/Wed, 27 May 2026 06:10:29 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14324/CI hardening prevents npm lifecycle script execution and restricts slash-command dispatch to authorized repository members only.http://sentinelchangelog.net/posts/2026-05-26-pr-14333/Tue, 26 May 2026 09:05:22 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14333/New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks.http://sentinelchangelog.net/posts/2026-05-26-pr-14312/Tue, 26 May 2026 08:18:37 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14312/ASIM AssetEntity schema upgraded to v1.0.0 with three new fields for enhanced entity correlation and snapshot tracking.http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Tue, 26 May 2026 08:14:04 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs.http://sentinelchangelog.net/posts/2026-05-26-pr-14340/Tue, 26 May 2026 06:30:21 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14340/New hunting query identifies delivered emails using raw IPv4 addresses as URL domains to detect phishing campaigns bypassing domain reputation systems.http://sentinelchangelog.net/posts/2026-05-26-pr-14240/Tue, 26 May 2026 06:12:52 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14240/Three hunting queries targeting silent defense weakening techniques and off-hours privilege escalation in Entra ID environments.http://sentinelchangelog.net/posts/2026-05-26-pr-14341/Tue, 26 May 2026 05:29:06 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14341/Three new hunting queries detect LSASS memory dumping using behavioral physics rather than brittle timing or tool names.http://sentinelchangelog.net/posts/2026-05-26-pr-14254/Tue, 26 May 2026 05:11:32 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14254/Updated BloodHound Enterprise solution logo to current SpecterOps branding.http://sentinelchangelog.net/posts/2026-05-25-pr-14316/Mon, 25 May 2026 06:58:27 +0000http://sentinelchangelog.net/posts/2026-05-25-pr-14316/Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure.http://sentinelchangelog.net/posts/2026-05-25-pr-14121/Mon, 25 May 2026 05:24:48 +0000http://sentinelchangelog.net/posts/2026-05-25-pr-14121/Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook.http://sentinelchangelog.net/posts/2026-05-21-pr-14281/Thu, 21 May 2026 12:50:47 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14281/New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques.http://sentinelchangelog.net/posts/2026-05-21-pr-14314/Thu, 21 May 2026 12:14:25 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14314/New hunting query detects fileless .NET execution even when attackers patch ETW by monitoring kernel-level .NET runtime DLL loading in native processes and untrusted paths.http://sentinelchangelog.net/posts/2026-05-21-pr-14268/Thu, 21 May 2026 12:01:33 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14268/Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections.http://sentinelchangelog.net/posts/2026-05-21-pr-14257/Thu, 21 May 2026 04:14:42 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14257/New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios.http://sentinelchangelog.net/posts/2026-05-20-pr-14277/Wed, 20 May 2026 22:32:31 +0000http://sentinelchangelog.net/posts/2026-05-20-pr-14277/OpenAI chat completions data now ingests to ASimAgentEventLogs standard table, enabling standardized AI usage monitoring and cross-product correlation.http://sentinelchangelog.net/posts/2026-05-20-pr-14297/Wed, 20 May 2026 15:59:25 +0000http://sentinelchangelog.net/posts/2026-05-20-pr-14297/SailPoint IdentityNow solution metadata updated for Microsoft-published Public Preview release with no functional changes to identity monitoring capabilities.http://sentinelchangelog.net/posts/2026-05-20-pr-13658/Wed, 20 May 2026 09:16:04 +0000http://sentinelchangelog.net/posts/2026-05-20-pr-13658/Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking.