ASIM AlertEvent: Microsoft Defender XDR Parser Enhanced with Improved Field Mappings
Microsoft Defender XDR AlertEvent parsers updated with optimized KQL logic, corrected field mappings, and enhanced IP address collection. Read More →
Changelog
Solutions Analyzer: Enhanced Documentation with Lake-Only Ingestion and Statistics Features
Comprehensive documentation tool update adds lake-only ingestion tracking, collection methods index, and enhanced connector association analysis. Read More →
New Solution: TacitRed Defender Threat Intelligence Integration
Official TacitRed Defender TI solution from Data443 enables automated sync of compromised credentials to Microsoft Defender Threat Intelligence. Read More →
TacitRed SentinelOne Solution: Partner Center Metadata Alignment and Template Fixes
TacitRed SentinelOne solution metadata updated for Partner Center alignment with ARM template variable corrections. Read More →
TacitRed Threat Intelligence Solution: Partner Center Metadata Alignment
TacitRed solution metadata updated for Partner Center publisherId.offerId alignment. Read More →
CyberArk EPM Connector: Critical Package Fix Restores Function App Deployment
Missing .python_packages dependency added to function app package, resolving deployment failures that blocked connector installations. Read More →
ASIM Sudo Authentication Parser: Schema Version 0.1.4 Compliance and Field Mapping Enhancements
ASIM sudo parser updated to schema 0.1.4 with improved field mappings, severity normalization, and code deduplication. Read More →
Oracle Cloud Infrastructure Connector: Group Cursor Support for OCI Streaming
OCI connector now supports Group Cursor mode alongside Individual Cursor for improved streaming partition consumption flexibility. Read More →
Rapid7 InsightVM Data Connector: Azure Functions Extension Bundle Upgrade to 4.x
Rapid7 InsightVM Function App connector updated to use latest 4.x Azure Functions extension bundles from deprecated 3.x version. Read More →
Microsoft Defender XDR: New Hunting Query for Punycode Lookalike Domain Phishing
Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →
Snowflake Multiple Failed Queries Detection: Fixed False Positives from Load Operations
Snowflake detection rule now filters out events lacking QueryExecutionStatus to prevent false alerts from data loading operations. Read More →
Solution Package Tool: Local Version Bumping Mode Added for Offline Development
CreateSolutionV3 script now supports offline semantic versioning with local version management alongside existing catalog API mode. Read More →
OAuth Data Connectors: Dynamic Redirect URI Support Simplifies Authentication Setup
Four OAuth-based data connectors now support dynamic redirect URIs, eliminating manual Azure portal configuration requirements. Read More →
ASIM SSH Authentication Parser: Improved Invalid User Event Parsing
OpenSSH authentication parser now correctly extracts source IP addresses from “Invalid user” events regardless of port format. Read More →
CI Pipeline: Sample Data Validation Workflow Modernized to Node.js 20
Legacy npm 6.14.18 dependency causing validation failures replaced with modern Node.js 20 LTS setup and deterministic builds. Read More →
GitHub Enterprise Cloud Connector: Audit Log Data Ingestion Now Generally Available
GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →
Versasec CMS Solution: Publishing Configuration Updates
Versasec CMS solution packaging updated to meet Content Hub publishing requirements. Read More →
BigID DSPM: P0 ARM Template Fix Addresses Deployment Failure
ARM template toolkit validation failure resolved by centralizing hardcoded step identifiers into reusable variables. Read More →
ASIM Authentication Parser: Linux Su Command Enhanced with Failed Authentication Support
Linux su parser significantly enhanced to capture failed su attempts, correct event classification from Elevation to Logon, and improve field mappings for comprehensive privilege escalation monitoring. Read More →
ASIM Authentication Parser: Palo Alto Cortex Data Lake Performance and Schema Fixes
Palo Alto Cortex Data Lake authentication parser enhanced with schema compliance improvements, performance optimizations, and corrected field mappings for better data fidelity. Read More →