Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →
New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection. Read More →
Sonrai Security compliance tickets now integrate directly with Microsoft Sentinel through a new CCF push connector. Read More →
Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →
VMware Workspace ONE Unified Endpoint Management platform now available in Microsoft Sentinel via CCF connector for device compliance monitoring and shadow IT detection. Read More →
Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations. Read More →
Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors. Read More →
Adds hunting query to detect hardware keystroke injectors spawning PowerShell through explorer.exe with evasion patterns. Read More →
Corrects broken hunting query that returned no results due to incorrect property name filter. Read More →
Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references. Read More →
New hunting query identifies short-lived code signing certificates (≤14 days) on non-developer endpoints to detect Fox Tempest MSaaS operations. Read More →
New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams. Read More →
Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use. Read More →
CI hardening prevents npm lifecycle script execution and restricts slash-command dispatch to authorized repository members only. Read More →
New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks. Read More →
ASIM AssetEntity schema upgraded to v1.0.0 with three new fields for enhanced entity correlation and snapshot tracking. Read More →
Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs. Read More →
New hunting query identifies delivered emails using raw IPv4 addresses as URL domains to detect phishing campaigns bypassing domain reputation systems. Read More →
Three hunting queries targeting silent defense weakening techniques and off-hours privilege escalation in Entra ID environments. Read More →
Three new hunting queries detect LSASS memory dumping using behavioral physics rather than brittle timing or tool names. Read More →