Changelog

New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions. Read More →

SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →

Microsoft renamed the A365 Observability solution to Agent 365 for marketing alignment with no functional changes. Read More →

ElasticAgent connector migrated to CCF framework to maintain system monitoring capability as HTTP Collector API approaches deprecation. Read More →

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

New ASIM parser normalizes VMware ESXi authentication events to enable centralized logon monitoring for hypervisor infrastructure. Read More →

New ASIM parser enables normalized threat detection from Cisco Secure Endpoint via CCF ingestion to CiscoSecureEndpointEventsV2_CL table. Read More →

QualysVM solution packaging corrects downgraded ARM template API versions that could impact deployment reliability. Read More →

Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns. Read More →

Fixes DCR transform errors, table deployment issues, and stream routing that prevented all data ingestion from Abnormal Security’s CCF Push connector since v3.0.0 launch. Read More →

New Salesforce Audit Logs connector provides visibility into administrative changes and user authentication events across Salesforce orgs. Read More →

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

Five NXLog partner solutions removed from Content Hub, eliminating data connector support for BSM macOS, FIM, Linux Audit, AIX Audit, and DNS monitoring across Unix/Linux environments. Read More →

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Reverts solution ID to match Partner Center offer name after Marketplace certification failure under policy 300.4.1.1. Read More →

Fixes broken deployment of RFI-confirm-EntraID-risky-user playbook that failed with InvalidTemplate error due to stale action references. Read More →

Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques. Read More →

Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →

Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →