SentinelOne CCF Connector Upgraded to Multi-Instance for MSSP Deployments

The SentinelOne CCF connector now supports multiple simultaneous instances via a grid/context-pane UX, enabling MSSPs to ingest from multiple SentinelOne tenants without deploying duplicate solutions. Read More →

CCF Solution Packaging Tool Gains Five New Auth Type Handlers

The createCCPConnector.ps1 solution packaging script now supports CiscoDuo, CommVault, VisaXpayToken, BarracudaWAF, and EdgeGrid auth types, unblocking connector packaging for products using these authentication schemes. Read More →

Zimperium MTD Gains Incident Log Ingestion via Two New CCF Tables

The Zimperium Mobile Threat Defense CCF connector now ingests mobile incident data into two new custom tables, extending threat visibility beyond raw threat events to correlated incident and mitigation workflows. Read More →

QualysVM Connector Enhanced with QDS Score Parameter

Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection. Read More →

Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API

New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic. Read More →

Palo Alto XDR ASIM Parser: Normalizing Cortex XDR Alert Data for Cross-Platform Detection

New ASIM AlertEvent parser brings Palo Alto Cortex XDR alert normalization to Microsoft Sentinel via CCF connector. Read More →

UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage

Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics. Read More →

Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel

New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events. Read More →

Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring

Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility. Read More →

CCF Blob Connector Accelerator: Developer Reference Implementation for Event-Driven Log Ingestion

New tool provides ISV partners with complete end-to-end CCF StorageAccountBlobContainer connector pattern including automated deployment and reference solution. Read More →

Imperva Cloud WAF: Critical Parsing Fix Restores Visibility for Complex Events

Imperva Cloud WAF connector switched to CommonEventFormatTransformer, fixing data ingestion failures for logs containing embedded quotes and pipes in CEF events. Read More →

Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection

Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage. Read More →

MuleSoft CloudHub: CCF Alerts Connector Expands DevOps Monitoring Coverage

New CCF connector adds alert ingestion capability to existing MuleSoft CloudHub logs solution, enabling comprehensive application lifecycle monitoring. Read More →

Cisco ETD: Migration to Message Event Logs API with Enhanced Email Security Visibility

Labeled P0 — assess deployment or pipeline breakage risk explicitly. Complete connector overhaul migrates to new Message Event Logs REST API providing enhanced email visibility beyond convicted messages. Read More →

Contrast ADR: Enhanced Attack Event Schema with Code Location and Vector Analysis Fields

CCF connector schema updated to capture additional attack context with codeLocation, vectorAnalysis, and request_parameters fields for improved threat analysis. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

MuleSoft CloudHub: CCF Push Connector Eliminates API Rate Limits and Duplicate Data Issues

MuleSoft deploys real-time Log4j HTTP appender connector via CCF, offering customers performance alternative to existing Azure Function connector. Read More →

Microsoft 365 Audit Pipeline: Two New CCF Connectors Fill Copilot, DLP, and Specialty Workload Visibility Gap

New dual-connector CCF solution ingests 30 Microsoft 365 audit workloads including Copilot interactions, DLP events, and 29 specialty services into a unified 321-column schema. Read More →

Cyren Threat Intelligence: Data Fidelity Fix Corrects IP Field Pollution by URL UUIDs

DCR transform fix stops storing malware URL UUIDs in IP fields — improves data quality for threat intelligence queries. Read More →

Pathlock TDnR Connector: Critical JSON Fix Restores Deployment Capability

Invalid JSON in Pathlock TDnR connector definition blocked deployment via strict parsers — critical fix for P0 issue. Read More →