Threat Intelligence: URL IOC Detection Added for Web Session Monitoring
New Analytic Rule enables detection of malicious URLs from threat feeds in web traffic, closing coverage gap for URL-based indicators. Read More →
Changelog
CognyteLuminar: Deployment Configuration and Soft Link Updates
ARM template deployment links updated and Function App soft links corrected for flex and premium consumption plans. Read More →
Zscaler Internet Access: Major Platform Modernization with CloudNSS CCP Connectors
Complete solution overhaul replaces legacy connectors with 15 CloudNSS CCP connectors and 12 OAuth2 playbooks for enhanced Zscaler integration. Read More →
TacitRed CrowdStrike IOC Automation: Critical Deployment Fix and Template Visibility
Fixed InvalidResourceLocation deployment error and missing playbook template discovery for TacitRed CrowdStrike IOC automation solution. Read More →
TacitRed-SentinelOne Solution: Critical Deployment Fix for Content Hub Installation Failures
Fixed InvalidResourceLocation deployment error and removed restrictive domain filter that was preventing TacitRed IOC automation deployments. Read More →
Microsoft Defender XDR Solution: Punycode Hunting Query Added for Lookalike Domain Detection
Microsoft Defender XDR solution v3.0.14 adds hunting query targeting Punycode character abuse in lookalike domain attacks. Read More →
Microsoft Sentinel Logstash Plugin: Passwordless Authentication with Managed Identity Support
Logstash output plugin enhanced with managed identity authentication for Azure VMs, AKS workload identity, and Azure Arc servers. Read More →
Visa Threat Intelligence Solution: Initial Package Release with IOC Detection Rules
New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes. Read More →
JoeSandbox Solution: Updated Deployment Links and Removed Manual Installation Steps
JoeSandbox solution deployment documentation updated with corrected Azure links and streamlined automated deployment options. Read More →
MailRisk CCF Connector: Critical Parameter Syntax Fix for Deployment Failures
Fixed CCF deployment blocking issue in MailRisk connector caused by incorrect ARM template parameter extraction syntax. Read More →
Azure Firewall: Five New IDPS Analytic Rules for Advanced Threat Detection
Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts. Read More →
Lumen Threat Feed: V2 Connector Replaces Deprecated V1.1 with Paginated API Support
Lumen Defender Threat Feed solution updated with V2 connector using new API v3 endpoint, removing deprecated V1.1 connector entirely. Read More →
ASIM User Management: AWS CloudTrail Parser Enables IAM and Cognito Visibility
New ASIM parser normalizes AWS CloudTrail user management events from IAM and Cognito services into Microsoft Sentinel. Read More →
ASIM Authentication Schema: NetworkCleartext SubType Added
ASIM Authentication schema expanded to include NetworkCleartext authentication subtype for cleartext password events. Read More →
Tenable App: Enhanced Rsyslog Configuration with Source IP Filtering
Additional rsyslog configuration files added with source IP filtering capabilities to improve log collection accuracy and data connector UI guidance. Read More →
Documentation Fix: Broken Links Resolved in Microsoft Entra ID and Network Session Essentials
Customer-reported broken links fixed in analytic rule descriptions with corrected MITRE technique references and restored documentation. Read More →
Global Secure Access: Enhanced Threat Intelligence Correlation and MCP Monitoring
New analytic rules correlate threat intelligence indicators with GSA traffic while MCP Servers Dashboard provides Model Context Protocol server monitoring. Read More →
SAP Solution: Agentless Integration Suite Tooling Added for Enhanced ERP Connectivity
New PowerShell tooling enables agentless SAP data collection via Integration Suite with dual-mode credentials and CSV-based destination management. Read More →
Cisco Duo Security: Critical Deployment Fix Resolves Portal Installation Failures
Azure portal deployment failures resolved by fixing empty location parameters and updating Python runtime compatibility to prevent connector breakage. Read More →
New Solution: meshStack Platform Event Logs Integration for Cloud Governance
meshStack event logging connector enables cloud platform governance monitoring by ingesting developer platform events into Microsoft Sentinel. Read More →