<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>CCF on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/ccf/</link><description>Recent content in CCF on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 06:24:39 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/ccf/index.xml" rel="self" type="application/rss+xml"/><item><title>New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</link><pubDate>Fri, 10 Jul 2026 06:24:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</guid><description>A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</link><pubDate>Fri, 10 Jul 2026 00:13:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</guid><description>A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel.</description></item><item><title>SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</link><pubDate>Thu, 09 Jul 2026 22:44:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</guid><description>The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced.</description></item><item><title>Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</link><pubDate>Thu, 09 Jul 2026 22:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</guid><description>Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated.</description></item><item><title>Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</link><pubDate>Thu, 09 Jul 2026 04:22:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</guid><description>The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts.</description></item><item><title>Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</link><pubDate>Wed, 08 Jul 2026 21:22:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</guid><description>The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility.</description></item><item><title>Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</link><pubDate>Wed, 08 Jul 2026 11:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</guid><description>The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>Untitled</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</link><pubDate>Wed, 08 Jul 2026 05:12:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</guid><description>&lt;p&gt;test&lt;/p&gt;
&lt;h2 id="affected-files"&gt;Affected Files&lt;/h2&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;.script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json
DataConnectors/Frends iPaaS/README.md
&lt;/code&gt;&lt;/pre&gt;</description></item><item><title>Imperva Cloud WAF CCF Connector Graduates to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</link><pubDate>Tue, 07 Jul 2026 21:34:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</guid><description>The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes.</description></item><item><title>New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</link><pubDate>Tue, 07 Jul 2026 13:50:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</guid><description>Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation &amp;ndash; lowering the barrier for partners building custom data connectors.</description></item><item><title>WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</link><pubDate>Tue, 07 Jul 2026 12:06:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</guid><description>The WithSecureElementsCCF connector has been non-functional since initial release &amp;ndash; both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector.</description></item><item><title>Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</link><pubDate>Fri, 03 Jul 2026 12:30:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</guid><description>A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility.</description></item><item><title>BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</link><pubDate>Fri, 03 Jul 2026 07:29:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</guid><description>The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data.</description></item><item><title>ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</link><pubDate>Thu, 02 Jul 2026 19:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</guid><description>A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector.</description></item><item><title>GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</link><pubDate>Thu, 02 Jul 2026 11:15:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</guid><description>The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs.</description></item><item><title>Cisco Umbrella CCF Connector GA Promotion Fixes Template Variable Rendering in UI Queries</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</link><pubDate>Wed, 01 Jul 2026 19:55:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</guid><description>The Cisco Umbrella CCF connector graduates to GA while also resolving broken template variable references that caused Content Hub connectivity checks and sample queries to malfunction.</description></item><item><title>Rapid7 InsightVM CCF Connector Promoted to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</link><pubDate>Wed, 01 Jul 2026 19:47:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</guid><description>The Rapid7 InsightVM CCF data connector moves out of Public Preview to GA, updating the API version to the stable 2025-09-01 release.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</link><pubDate>Wed, 01 Jul 2026 07:05:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</guid><description>A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs.</description></item><item><title>WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</link><pubDate>Wed, 01 Jul 2026 06:14:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</guid><description>A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments.</description></item><item><title>Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</link><pubDate>Wed, 01 Jul 2026 06:13:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</guid><description>A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record.</description></item><item><title>Darktrace CCF Connector: Setup Guide Link Updated to Customer Portal</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</link><pubDate>Tue, 30 Jun 2026 09:08:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</guid><description>Version 3.1.1 fixes a broken documentation link in the connector UI, replacing the prior URL with the Darktrace customer portal guides page (&lt;a href="https://customerportal.darktrace.com/guides"&gt;https://customerportal.darktrace.com/guides&lt;/a&gt;) after a manual validation failure.</description></item><item><title>Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</link><pubDate>Tue, 30 Jun 2026 06:22:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</guid><description>A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API.</description></item><item><title>Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</link><pubDate>Fri, 26 Jun 2026 05:11:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</guid><description>A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory &amp;ndash; including IP, hostname, OS, severity, and vulnerability counts &amp;ndash; into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item><item><title>Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</link><pubDate>Thu, 25 Jun 2026 09:31:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</guid><description>The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser.</description></item><item><title>OpenAI Connector Promoted to GA — Preview Flag Removed</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14549/</link><pubDate>Wed, 24 Jun 2026 17:12:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14549/</guid><description>The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub.</description></item><item><title>QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</link><pubDate>Wed, 24 Jun 2026 08:17:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</guid><description>Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts &amp;ndash; this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion.</description></item><item><title>New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</link><pubDate>Wed, 24 Jun 2026 05:54:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</guid><description>A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</link><pubDate>Tue, 23 Jun 2026 05:05:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</guid><description>Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use.</description></item><item><title>Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</link><pubDate>Mon, 22 Jun 2026 15:53:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</guid><description>The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry &amp;ndash; closing a significant blind spot for backup infrastructure security monitoring.</description></item><item><title>CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</link><pubDate>Fri, 19 Jun 2026 23:45:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</guid><description>A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data.</description></item><item><title>Illumio Insights Graph Connector: DCR Type Mismatches Were Blocking All Ingestion</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14518/</link><pubDate>Fri, 19 Jun 2026 11:11:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14518/</guid><description>The IllumioInsightsGraph CCF connector had column type mismatches between the table schema and DCR transform that caused ingestion failures &amp;ndash; this fix corrects TimeGenerated from string to datetime and multiple numeric fields from long to int, but introduces overflow risk for byte counters in high-volume environments.</description></item><item><title>GitHub Audit Log Azure Storage Connector: SAS Token Guidance Added to Prevent Credential Rotation Gaps</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14517/</link><pubDate>Thu, 18 Jun 2026 20:05:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14517/</guid><description>The GitHub Audit Log Azure Blob Storage connector now includes setup guidance on SAS token signing methods and recommends using Stored Access Policies to enable seamless credential rotation without reissuing tokens.</description></item><item><title>New BlueVoyant CCF Connector Brings Anthropic Claude Compliance Activity into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14446/</link><pubDate>Wed, 17 Jun 2026 11:45:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14446/</guid><description>BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel.</description></item><item><title>MuleSoft CloudHub Logs Connector: Empty Instruction Block Removed to Restore Marketplace Publishing</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14477/</link><pubDate>Wed, 17 Jun 2026 06:53:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14477/</guid><description>The MuleSoft CloudHub Logs CCF connector definition had an empty instructions array blocking marketplace validationâthis fix removes it, restoring publishability with no change to ingestion logic or detection coverage.</description></item><item><title>New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14440/</link><pubDate>Wed, 17 Jun 2026 05:03:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14440/</guid><description>A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring.</description></item><item><title>SentinelOne CCF Connector Upgraded to Multi-Instance for MSSP Deployments</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14406/</link><pubDate>Tue, 16 Jun 2026 21:24:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14406/</guid><description>The SentinelOne CCF connector now supports multiple simultaneous instances via a grid/context-pane UX, enabling MSSPs to ingest from multiple SentinelOne tenants without deploying duplicate solutions.</description></item><item><title>CCF Solution Packaging Tool Gains Five New Auth Type Handlers</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14500/</link><pubDate>Tue, 16 Jun 2026 20:55:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14500/</guid><description>The createCCPConnector.ps1 solution packaging script now supports CiscoDuo, CommVault, VisaXpayToken, BarracudaWAF, and EdgeGrid auth types, unblocking connector packaging for products using these authentication schemes.</description></item><item><title>Zimperium MTD Gains Incident Log Ingestion via Two New CCF Tables</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14382/</link><pubDate>Tue, 16 Jun 2026 06:03:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14382/</guid><description>The Zimperium Mobile Threat Defense CCF connector now ingests mobile incident data into two new custom tables, extending threat visibility beyond raw threat events to correlated incident and mitigation workflows.</description></item><item><title>QualysVM Connector Enhanced with QDS Score Parameter</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14381/</link><pubDate>Mon, 15 Jun 2026 06:38:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14381/</guid><description>Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection.</description></item><item><title>Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</link><pubDate>Mon, 15 Jun 2026 03:10:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</guid><description>New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic.</description></item><item><title>Palo Alto XDR ASIM Parser: Normalizing Cortex XDR Alert Data for Cross-Platform Detection</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</link><pubDate>Fri, 12 Jun 2026 21:43:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</guid><description>New ASIM AlertEvent parser brings Palo Alto Cortex XDR alert normalization to Microsoft Sentinel via CCF connector.</description></item><item><title>UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</link><pubDate>Fri, 12 Jun 2026 10:15:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</guid><description>Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics.</description></item><item><title>Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</link><pubDate>Fri, 12 Jun 2026 07:51:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</guid><description>New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events.</description></item><item><title>Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</link><pubDate>Fri, 12 Jun 2026 07:01:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</guid><description>Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility.</description></item><item><title>CCF Blob Connector Accelerator: Developer Reference Implementation for Event-Driven Log Ingestion</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14313/</link><pubDate>Fri, 12 Jun 2026 04:45:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14313/</guid><description>New tool provides ISV partners with complete end-to-end CCF StorageAccountBlobContainer connector pattern including automated deployment and reference solution.</description></item></channel></rss>