New Mimecast Email Security Connector: CCF Push Replaces Legacy Function App with Credential-less Ingestion

A new Content Hub solution delivers credential-less Mimecast event ingestion via CCF Push directly to a custom MimecastEvents_CL table, with 7 KQL parser views maintaining backward compatibility with legacy Function App column schemas. Read More →

Forescout Host Property Monitor Migrates to CCF Push Connector with Three New Custom Tables

The Forescout Host Property Monitor solution (v3.1.0) adds a CCF push connector backed by a new DCR with three custom streams — deployments that have not upgraded retain the old connector but miss richer endpoint telemetry now available in the new tables. Read More →

Google Threat Intelligence ASIM AlertEvent Parser: Relevance System Alerts Now Normalised

New ASIM AlertEvent parsers add native normalisation for Google Threat Intelligence Relevance System Alerts, making GTI alert data available to all source-agnostic detections using the imAlertEvent and ASimAlertEvent schemas. Read More →

Cisco Secure Endpoint ASIM AlertEvent Parser: Missing Mandatory Fields Causing Data Fidelity Gap

TimeGenerated and Type fields were absent from the Cisco Secure Endpoint ASIM AlertEvent parser output, causing null returns for all rows referencing these now-mandatory schema fields in downstream queries. Read More →

New ASIM AgentEvent Parser Unlocks Anthropic Claude Compliance Log Normalization

Two new ASIM AgentEvent parsers normalize Anthropic Claude Compliance API logs (via BlueVoyant CCF connector) into the ASIM AgentEvent schema, enabling unified hunting across AI agent activity events. Read More →

Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries

Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context. Read More →

New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF

A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel

A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel. Read More →

SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)

The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced. Read More →

Azure Firewall ASIM DNS Parsers: Silent Union Failure Fixed for Resource-Specific Log Mode

When Azure Firewall is configured to send logs only to the resource-specific AZFWDnsQuery table, the AzureDiagnostics branch of both ASimDnsAzureFirewall and vimDnsAzureFirewall parsers was aborting with a scalar resolution error, dropping all DNS query data from those branches entirely. Read More →

Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration

Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated. Read More →

Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations

The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts. Read More →

Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory

The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility. Read More →

Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability

The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

Untitled

test Affected Files .script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json DataConnectors/Frends iPaaS/README.md Read More →

SIGNL4 Connector Docs Refreshed to Flag Legacy Status and Point to Current Integration Path

The SIGNL4 data connector UI instructions have been rewritten to label the connector as legacy and redirect operators to the native SIGNL4 Microsoft Sentinel connector app, dropping outdated Azure Graph Security API setup steps. Read More →

Imperva Cloud WAF CCF Connector Graduates to General Availability

The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes. Read More →

eDCRule Solution: Partner Center Metadata and Logo Corrected for Content Hub Publishing

Fixes publisherId alignment and swaps the logo reference from the Microsoft Sentinel default to the eDC company logo to pass Partner Center validation – no detection content was changed. Read More →