Changelog

Data fidelity fix converts Unix epoch millisecond fields to datetime, resolving duplicate typed columns that broke query functionality in Dynatrace parsers. Read More →

Addressed lint issues, package vulnerabilities, and code vulnerabilities in Cyjax threat intelligence connector. Read More →

Doubled retry delay to 120 seconds to address Duo API throttling requirements preventing log collection. Read More →

Fixed inverted display labels in WorkspaceUsage workbook where billing status showed opposite values. Read More →

Missing TargetUserSessionId field in Microsoft 365 Defender ASIM ProcessEvent parsers has been restored, fixing queries that previously returned null for this session correlation field. Read More →

CI/CD security enhancement prevents automatic execution of untrusted fork code by implementing strict SafeToRun label gating. Read More →

Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments. Read More →

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Workbook no longer flags legitimate rule template and active rule pairs as having different query text due to whitespace sensitivity. Read More →

Deployment source moved to stable Microsoft repo, custom table schemas fixed, and Function App ingestion enhanced for reliable attack path visibility. Read More →

Fixed critical data type mismatch in VMware vCenter authentication parser that caused DvcId field queries to fail. Read More →

Updated Data Connector description in Visa Threat Intelligence solution to resolve certification failure. Read More →

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams. Read More →

Solutions Analyzer was double-counting connectors in CCF v2 solutions due to azuredeploy wrapper files creating phantom duplicates. Read More →

MISP threat intelligence connector was broken due to incorrect table reference — deployments had zero indicator ingestion until this fix. Read More →

New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →

Microsoft’s TAXII Export connector for Threat Intelligence objects is now GA, removing preview limitations for production TI sharing workflows. Read More →

Major connector upgrade introduces comprehensive event field collection and multi-tenant monitoring capabilities. Read More →

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →