SAP Solution: Agentless Package Upgraded to Log Analytics v2 API
SAP agentless package updated to use Log Analytics v2 API for heartbeats and added audit log user exclusion capabilities. Read More →
Changelog
Proofpoint POD: Fixing WebSocket Connector to Eliminate Duplicate Data Ingestion
Removed time-based query parameters from Proofpoint On-Demand Email Security connector to prevent duplicate data ingestion caused by time rounding overlaps. Read More →
SOC Prime Platform: New CCF Connector for Audit Log Visibility
New SOC Prime Platform audit logs data connector added using CCF framework, providing visibility into SOC Prime TDM platform user activities and administrative actions. Read More →
ASIM WebSession Parser: Fixed Broken Azure Firewall Template Reference
Corrected case-sensitive path reference that was preventing Azure Firewall WebSession parser deployment. Read More →
ProofPoint TAP Solution: Fixed ARM Template Validation Failures
Resolved ARM-TTK validation errors preventing ProofPoint TAP solution deployment. Read More →
SentinelSOARessentials: New Entity Analyzer Playbooks for Incident Response
Three new entity analyzer playbooks added with HTTP, URL, and incident triggers for automated URL and user entity enrichment. Read More →
Cyera DSPM Solution: Marketplace Preparation and Configuration Updates
Marketplace preparation updates including publisher ID changes, logo corrections, and DCR configuration fixes for Cyera DSPM solution. Read More →
AWS CloudTrail Connector: Fixed Script Logic and Command Syntax Errors
Corrected PowerShell variable scoping and AWS CLI command syntax in CloudTrail configuration script. Read More →
Corelight Network Monitoring: Six New Aggregation Parsers for Enhanced Analytics
Added six new aggregation parsers for Corelight sensor data including DNS, HTTP, files, connections, SSL, and weird events with improved CIM mapping. Read More →
AbuseIPDB Playbooks: Typo Fixes and Logo Source Update
Minor documentation and configuration fixes for AbuseIPDB playbooks including corrected image source and typo corrections. Read More →
GDPR Workbook: Expanded Asset Coverage Beyond On-Prem Hosts
GDPR compliance workbook now monitors security alerts across Azure, AWS, GCP, and blob storage assets, not just traditional servers. Read More →
Critical Cloudflare Analytics Rules: Enhanced URL Entity Mapping and Repository Maintenance
P0-labeled update improves URL entity mapping in Cloudflare detection rules alongside extensive repository maintenance and validation improvements. Read More →
Azure Firewall ASIM Parsers: Enhanced Detection Coverage for Six New Log Types
New ASIM normalisation parsers added for six Azure Firewall log tables, expanding detection coverage for network sessions, DNS queries, and web traffic analysis. Read More →
Cisco Umbrella Connector: Schema v14 Compatibility and Documentation Updates
Updates Cisco Umbrella Function App connectors to support log schema version 14 with enhanced workspace key documentation. Read More →
Anomalous Single Factor Sign-in Detection: Critical Logic Revert Due to False Positives
Reverts detection rule logic changes due to GitHub issue reporting incorrect filtering logic causing operational problems. Read More →
Solutions Analyzer Tool: Automated Connector Documentation Generation
Solutions Analyzer tool enhanced to generate markdown documentation files for all 1000+ connectors in addition to CSV output. Read More →
ZeroFox CCF Connector: KQL Query Restoration and Multi-Solution Maintenance
ZeroFox CCF connector receives missing KQL query fixes alongside packaging updates across 8+ solutions. Read More →
Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration
Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →
ASIM Authentication Parsers: Hostname Resolution and Alias Fixes
Fixes SrcHostname resolution logic and IpAddr aliases in Microsoft Windows Event and SSH authentication parsers. Read More →
Linux Support for Sentinel Transition Helper: Cross-Platform SOC Analysis Tool
Added Linux-compatible version of Sentinel Transition Helper script using Azure CLI for cross-platform SOC environment analysis. Read More →