Changelog

Updated BloodHound Enterprise solution logo to current SpecterOps branding. Read More →

Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure. Read More →

Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook. Read More →

New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques. Read More →

New hunting query detects fileless .NET execution even when attackers patch ETW by monitoring kernel-level .NET runtime DLL loading in native processes and untrusted paths. Read More →

Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →

New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios. Read More →

OpenAI chat completions data now ingests to ASimAgentEventLogs standard table, enabling standardized AI usage monitoring and cross-product correlation. Read More →

SailPoint IdentityNow solution metadata updated for Microsoft-published Public Preview release with no functional changes to identity monitoring capabilities. Read More →

Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking. Read More →

XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility. Read More →

ESET connector switches from unreliable timestamp filtering to delta tokens, closing potential data loss gaps during high-volume ingestion periods. Read More →

Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection. Read More →

New CCF-based connector ingests Illumio AI-powered threat discovery reports with network flow analysis, geographic context, and MITRE ATT&CK framework integration. Read More →

Fortra Agari transitions from Azure Functions to CCF framework, restoring Brand Protection, Phishing Defense, and Phishing Response visibility with DCR-based ingestion. Read More →

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability. Read More →

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →

NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →