New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel

A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs. Read More →

WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated

A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments. Read More →

Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed

A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record. Read More →

Darktrace CCF Connector: Setup Guide Link Updated to Customer Portal

Version 3.1.1 fixes a broken documentation link in the connector UI, replacing the prior URL with the Darktrace customer portal guides page (https://customerportal.darktrace.com/guides) after a manual validation failure. Read More →

Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap

A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API. Read More →

Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel

A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory – including IP, hostname, OS, severity, and vulnerability counts – into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel. Read More →

Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables

The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed. Read More →

Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility

The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser. Read More →

OpenAI Connector Promoted to GA — Preview Flag Removed

The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub. Read More →

QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot

Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts – this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion. Read More →

New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →

Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths

A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →

Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry

Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use. Read More →

Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel

The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry – closing a significant blind spot for backup infrastructure security monitoring. Read More →

CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema

A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data. Read More →

Illumio Insights Graph Connector: DCR Type Mismatches Were Blocking All Ingestion

The IllumioInsightsGraph CCF connector had column type mismatches between the table schema and DCR transform that caused ingestion failures – this fix corrects TimeGenerated from string to datetime and multiple numeric fields from long to int, but introduces overflow risk for byte counters in high-volume environments. Read More →

GitHub Audit Log Azure Storage Connector: SAS Token Guidance Added to Prevent Credential Rotation Gaps

The GitHub Audit Log Azure Blob Storage connector now includes setup guidance on SAS token signing methods and recommends using Stored Access Policies to enable seamless credential rotation without reissuing tokens. Read More →

New BlueVoyant CCF Connector Brings Anthropic Claude Compliance Activity into Microsoft Sentinel

BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel. Read More →

MuleSoft CloudHub Logs Connector: Empty Instruction Block Removed to Restore Marketplace Publishing

The MuleSoft CloudHub Logs CCF connector definition had an empty instructions array blocking marketplace validation—this fix removes it, restoring publishability with no change to ingestion logic or detection coverage. Read More →

New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull

A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring. Read More →