Changelog

Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion. Read More →

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Microsoft has deprecated Azure Function-based connectors for Okta SSO, SentinelOne, Sophos Endpoint Protection, and VMware Carbon Black Cloud in favor of CCF alternatives. Read More →

Legacy Azure Function connectors for Atlassian Jira, Auth0, Box, and CrowdStrike are now deprecated as solutions transition to the modern CCF architecture. Read More →

New watchlist filters out 7 known-benign status codes from Conditional Access bypass detection to reduce false positives from legitimate MFA prompts and session expiration events. Read More →

meshStack solution updated publisher ID to match Partner Center configuration, ensuring compliance with Microsoft certification requirements. Read More →

A batching bug in the BeyondTrust PM Cloud connector was causing 413 errors and incomplete endpoint security event ingestion when payload sizes exceeded Log Analytics limits. Read More →

KQL queries in the Azure Security Benchmark workbook now properly filter by selected compliance domains. Read More →

New CCF push connector for Tanium enables endpoint compliance, threat response, and patch data ingestion via DCR streams. Read More →

Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →

Exception handling bug in Vectra XDR data collector prevented proper error propagation during ingestion failures. Read More →

Added ASIM Authentication parser for Cisco ISE administrator authentication events, expanding centralized network device visibility. Read More →

Imperva CCF connector now properly ingests WAF logs containing embedded JSON, preventing data loss during log processing. Read More →

Updates schema version metadata from 0.1.3 to 0.1.4 in FortiGate authentication parsers with no functional changes. Read More →

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

Threat Intelligence domain mapping rule updated to prevent infinite alert loops by excluding its own alerts from the source data. Read More →

Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →

Resolved deployment failure caused by invalid secureData configuration in Logic App Compose action. Read More →

Changed vulnerability export checkpoint field from last_found to indexed_at for customer enhancement. Read More →

Added Log Ingestion API support with OAuth 2.0 authentication — modernizes data ingestion from legacy HTTP Data Collector API. Read More →