Microsoft 365 Defender authentication parser improved ASIM compliance by removing unnormalized columns and relocating process/hash metadata to AdditionalFields structure. Read More →
Renamed BeyondTrust PM Cloud workbook preview images from Dark/Light to Black/White convention and added BeyondTrust logo asset for UI consistency. Read More →
Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references. Read More →
Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →
Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →
Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →
Cyberint threat intelligence connector restored from complete ingestion failure caused by malformed API endpoint and duplicate schema nesting blocking IOC data collection. Read More →
Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →
NIST SP 800-53 and Zero Trust compliance workbooks updated with current Microsoft Defender for Office 365 documentation links following EOP rebrand. Read More →
SSH authentication parser now accurately identifies logon methods (password, PKI, PAM) and adds improved field mappings for better authentication visibility. Read More →
Azure NTANetAnalytics parser now correctly maps source and destination IP addresses from PublicIPs fields when primary IP fields are empty, closing a data fidelity blind spot. Read More →
Oracle Cloud Infrastructure connector package repair addresses polling configuration naming issue preventing proper deployment. Read More →
Documentation maintenance removing broken link from VMware ESXi solution. Read More →
New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability. Read More →
AWS S3 Server Access Logs CloudFormation template receives critical security update restricting SQS queue principal from wildcard to S3 service only. Read More →
Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →
Critical schema update replaces deprecated requiredTechniques field with correct relevantTechniques field in analytic rules. Read More →
Threat Intelligence solution updated with standardised severity field naming and query performance improvements in IP entity analytics. Read More →
Snowflake connector updated with 120-minute ingestion delay and corrected timestamp parsing to address customer-reported data gaps. Read More →
Large release adds two new threat intelligence solutions (Cyble Vision, Tropico) and updates to 15+ existing solutions across the repository. Read More →