<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Critical-Fix on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/critical-fix/</link><description>Recent content in Critical-Fix on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Thu, 09 Jul 2026 22:44:23 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/critical-fix/index.xml" rel="self" type="application/rss+xml"/><item><title>SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</link><pubDate>Thu, 09 Jul 2026 22:44:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</guid><description>The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced.</description></item><item><title>Azure Firewall ASIM DNS Parsers: Silent Union Failure Fixed for Resource-Specific Log Mode</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14609/</link><pubDate>Thu, 09 Jul 2026 22:21:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14609/</guid><description>When Azure Firewall is configured to send logs only to the resource-specific AZFWDnsQuery table, the AzureDiagnostics branch of both ASimDnsAzureFirewall and vimDnsAzureFirewall parsers was aborting with a scalar resolution error, dropping all DNS query data from those branches entirely.</description></item><item><title>Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</link><pubDate>Thu, 09 Jul 2026 04:22:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</guid><description>The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts.</description></item><item><title>Azure WAF Log4j Detection Restored: Field Reference Errors Silenced the Rule Since v1.0.5</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</link><pubDate>Tue, 07 Jul 2026 13:22:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</guid><description>A broken column_ifexists reference caused the Azure WAF Log4j detection rule to silently miss exploit traffic in details_message and details_msg fields &amp;ndash; any deployment running v1.0.5 had a gap in Log4Shell (CVE-2021-44228) coverage via WAF logs.</description></item><item><title>WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</link><pubDate>Tue, 07 Jul 2026 12:06:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</guid><description>The WithSecureElementsCCF connector has been non-functional since initial release &amp;ndash; both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector.</description></item><item><title>Checkmarx Audit Ingestion Playbook: Pagination Fix, Deployment Simplification, and RBAC Enforcement</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14505/</link><pubDate>Thu, 02 Jul 2026 08:55:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14505/</guid><description>The AS-Checkmarx-Audit-Ingestion Playbook receives pagination loop fixes and a collapsed single-deployment model &amp;ndash; teams running the old multi-step deployment may have incomplete audit event ingestion.</description></item><item><title>DocuSign Connector: Az Module Upgrade Restores PowerShell 7.2+ Function App Compatibility</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14572/</link><pubDate>Thu, 02 Jul 2026 04:18:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14572/</guid><description>The DocuSign Security Events Function App connector was failing to load Az module cmdlets on PowerShell 7.2+ runtimes; bumping the dependency from Az 5.* to 11.* restores ingestion.</description></item><item><title>Cisco Umbrella CCF Connector GA Promotion Fixes Template Variable Rendering in UI Queries</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</link><pubDate>Wed, 01 Jul 2026 19:55:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</guid><description>The Cisco Umbrella CCF connector graduates to GA while also resolving broken template variable references that caused Content Hub connectivity checks and sample queries to malfunction.</description></item><item><title>Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</link><pubDate>Wed, 01 Jul 2026 06:13:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</guid><description>A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record.</description></item><item><title>Semperis Lightning Connector: TLS Certificate Verification Restored Across All API Calls</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</link><pubDate>Tue, 30 Jun 2026 07:59:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</guid><description>The Semperis Lightning data connector was making all outbound API requests with TLS verification disabled (verify=False), exposing token acquisition and all data collection calls to man-in-the-middle attacks; this fix re-enables certificate validation across seven affected modules.</description></item><item><title>Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</link><pubDate>Tue, 30 Jun 2026 06:22:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</guid><description>A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API.</description></item><item><title>Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</link><pubDate>Mon, 29 Jun 2026 09:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</guid><description>Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts.</description></item><item><title>TacitRed Defender TI Playbook: Fixing Content Hub Deployment Failure on Hyphenated Workspace Names</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-13639/</link><pubDate>Wed, 24 Jun 2026 09:19:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-13639/</guid><description>TacitRed Defender Threat Intelligence v3.0.2 fixes an InvalidTemplate ARM error that blocked Content Hub deployment entirely on any workspace with a hyphenated name, plus resolves a sovereign cloud storage endpoint bug and adds required post-deployment RBAC guidance.</description></item><item><title>QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</link><pubDate>Wed, 24 Jun 2026 08:17:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</guid><description>Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts &amp;ndash; this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion.</description></item><item><title>Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</link><pubDate>Tue, 23 Jun 2026 12:08:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</guid><description>Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations.</description></item><item><title>Illumio Insights Graph Connector: DCR Type Mismatches Were Blocking All Ingestion</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14518/</link><pubDate>Fri, 19 Jun 2026 11:11:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14518/</guid><description>The IllumioInsightsGraph CCF connector had column type mismatches between the table schema and DCR transform that caused ingestion failures &amp;ndash; this fix corrects TimeGenerated from string to datetime and multiple numeric fields from long to int, but introduces overflow risk for byte counters in high-volume environments.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</link><pubDate>Fri, 19 Jun 2026 09:00:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</guid><description>The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API &amp;ndash; deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated.</description></item><item><title>Vaikora-AzureSecurityCenter: Three Analytic Rules and Playbook Completely Non-Functional Since Initial Deployment</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14366/</link><pubDate>Thu, 18 Jun 2026 12:25:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14366/</guid><description>The v3.0.0 solution was built against a fabricated alert API schema &amp;ndash; the playbook crashed on ingestion, all three Analytic Rules queried a table that was never populated, and two install paths wrote to divergent tables, meaning zero Vaikora AI agent threat data reached Microsoft Sentinel from day one.</description></item><item><title>Vaikora-SentinelOne Playbook: Broken IOC Push Restored After HTTP 422 API Rejection</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14364/</link><pubDate>Thu, 18 Jun 2026 12:25:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14364/</guid><description>The v3.0.0 playbook always appended an empty agent_id= parameter, causing the Vaikora API to reject every poll request with HTTP 422, silently halting all IOC delivery to SentinelOne Threat Intelligence since initial deployment.</description></item><item><title>Vaikora-CrowdStrike Playbook: Silent IOC Pipeline Failure Fixed for Monitor All Agents Mode</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14365/</link><pubDate>Thu, 18 Jun 2026 09:50:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14365/</guid><description>When VaikoraAgentId was left blank to monitor all agents, every HTTP 422 rejection from the Vaikora API silently dropped all IOCs - no high/critical-risk actions ever reached CrowdStrike Falcon.</description></item><item><title>ASIM Parser CI Workflows Fixed: File-Not-Found Errors Were Silently Skipping All Parser Tests</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14499/</link><pubDate>Tue, 16 Jun 2026 22:44:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14499/</guid><description>The ASIM parser schema and data ingestion test workflows were failing to read parser YAML and sample data files at runtime due to broken URL-based file access; this fix switches to local filesystem reads, restoring test coverage for all modified ASIM parsers.</description></item><item><title>ZeroFox Threat Intelligence: Marketplace Packaging Fix Restores Customer Access</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14461/</link><pubDate>Mon, 15 Jun 2026 12:23:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14461/</guid><description>Critical solution ID mismatch prevented customers from installing ZeroFox Threat Intelligence connector from marketplace.</description></item><item><title>ASIM Template Validation: Reliability Fix for Flaky Test Results and Performance Optimization</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14469/</link><pubDate>Fri, 12 Jun 2026 20:19:55 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14469/</guid><description>ASIM parser validation workflow updated to use local repository files instead of raw GitHub URLs, fixing malformed URL issues causing test failures.</description></item><item><title>Imperva Cloud WAF: Critical Parsing Fix Restores Visibility for Complex Events</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14456/</link><pubDate>Thu, 11 Jun 2026 18:14:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14456/</guid><description>Imperva Cloud WAF connector switched to CommonEventFormatTransformer, fixing data ingestion failures for logs containing embedded quotes and pipes in CEF events.</description></item><item><title>Cisco ETD: Migration to Message Event Logs API with Enhanced Email Security Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14290/</link><pubDate>Wed, 10 Jun 2026 10:40:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14290/</guid><description>Labeled P0 — assess deployment or pipeline breakage risk explicitly. Complete connector overhaul migrates to new Message Event Logs REST API providing enhanced email visibility beyond convicted messages.</description></item><item><title>Bitdefender GravityZone Parser: Critical Fix for Network Sandboxing Event Parsing Failure</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14412/</link><pubDate>Wed, 10 Jun 2026 06:42:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14412/</guid><description>ASIM parser for Bitdefender GravityZone was failing due to missing type cast, preventing ingestion of network sandboxing alerts.</description></item><item><title>Pathlock TDnR Connector: Critical JSON Fix Restores Deployment Capability</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14426/</link><pubDate>Tue, 09 Jun 2026 07:47:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14426/</guid><description>Invalid JSON in Pathlock TDnR connector definition blocked deployment via strict parsers — critical fix for P0 issue.</description></item><item><title>Cisco Meraki Parser: Critical Self-Reference Recursion Fixed After v3.0.5 Packaging Error</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14435/</link><pubDate>Tue, 09 Jun 2026 06:46:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14435/</guid><description>Restores Cisco Meraki parser functionality by fixing table reference error that caused recursive failure and broke all downstream queries.</description></item><item><title>Vaikora Connector: Zero Data Ingestion Fixed After DCR Stream Mapping Failure</title><link>http://sentinelchangelog.net/posts/2026-06-08-pr-14363/</link><pubDate>Mon, 08 Jun 2026 06:40:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-08-pr-14363/</guid><description>Critical fix restores Vaikora AI agent behavioral data after complete ingestion failure caused by DCR stream column mismatch.</description></item><item><title>Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</link><pubDate>Fri, 05 Jun 2026 10:14:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</guid><description>Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks.</description></item><item><title>Check Point ASIM NetworkSession Parser: DeviceVendor Field Matching Fix</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-13776/</link><pubDate>Fri, 05 Jun 2026 08:25:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-13776/</guid><description>Check Point firewall ASIM parser updated to handle both &amp;ldquo;Check Point&amp;rdquo; and &amp;ldquo;CheckPoint&amp;rdquo; DeviceVendor field values, fixing parsing failures introduced in PR #12056.</description></item><item><title>BeyondTrust PM Cloud: Function App Reliability Fix Prevents Timeout on Large Event Backlogs</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14386/</link><pubDate>Fri, 05 Jun 2026 05:11:12 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14386/</guid><description>Critical fix prevents BeyondTrust PM Cloud Function App timer functions from hanging when processing large event backlogs, restoring data ingestion reliability.</description></item><item><title>42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</link><pubDate>Fri, 29 May 2026 16:38:05 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</guid><description>Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss.</description></item><item><title>Microsoft Entra ID OAuth Consent Query: Fixing Zero-Result Bug in High-Risk Permission Detection</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</link><pubDate>Wed, 27 May 2026 13:38:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</guid><description>Corrects broken hunting query that returned no results due to incorrect property name filter.</description></item><item><title>Fortinet FortiGate Playbook: Function App Authentication Security Hardening</title><link>http://sentinelchangelog.net/posts/2026-05-25-pr-14316/</link><pubDate>Mon, 25 May 2026 06:58:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-25-pr-14316/</guid><description>Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure.</description></item><item><title>Function App Security: Access Control Hardening Across Multiple Data Connectors</title><link>http://sentinelchangelog.net/posts/2026-05-18-pr-14284/</link><pubDate>Mon, 18 May 2026 10:00:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-18-pr-14284/</guid><description>Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability.</description></item><item><title>Abnormal Security CCF Connector: Critical Fix Restores Email Threat Detection After Complete Ingestion Failure</title><link>http://sentinelchangelog.net/posts/2026-05-13-pr-14216/</link><pubDate>Wed, 13 May 2026 05:15:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-13-pr-14216/</guid><description>Fixes DCR transform errors, table deployment issues, and stream routing that prevented all data ingestion from Abnormal Security&amp;rsquo;s CCF Push connector since v3.0.0 launch.</description></item><item><title>Vaikora Azure Security Center: Microsoft Marketplace Certification Fix</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14211/</link><pubDate>Thu, 07 May 2026 11:58:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14211/</guid><description>Reverts solution ID to match Partner Center offer name after Marketplace certification failure under policy 300.4.1.1.</description></item><item><title>Recorded Future Identity Playbook: ARM Template Deploy Failure Fixed</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14197/</link><pubDate>Thu, 07 May 2026 10:53:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14197/</guid><description>Fixes broken deployment of RFI-confirm-EntraID-risky-user playbook that failed with InvalidTemplate error due to stale action references.</description></item><item><title>Cyjax Connector: Security and Code Quality Fixes Applied</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14193/</link><pubDate>Thu, 07 May 2026 07:12:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14193/</guid><description>Addressed lint issues, package vulnerabilities, and code vulnerabilities in Cyjax threat intelligence connector.</description></item><item><title>Cisco Duo Connector: API Throttling Resilience Improved for Log Ingestion</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14204/</link><pubDate>Thu, 07 May 2026 04:48:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14204/</guid><description>Doubled retry delay to 120 seconds to address Duo API throttling requirements preventing log collection.</description></item><item><title>Workspace Usage Workbook: IsBillable Column Display Labels Corrected</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14214/</link><pubDate>Thu, 07 May 2026 04:36:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14214/</guid><description>Fixed inverted display labels in WorkspaceUsage workbook where billing status showed opposite values.</description></item><item><title>GitHub Actions Security: Fork PR Workflow Hardened Against Supply Chain Attacks</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-14220/</link><pubDate>Wed, 06 May 2026 13:23:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-14220/</guid><description>CI/CD security enhancement prevents automatic execution of untrusted fork code by implementing strict SafeToRun label gating.</description></item><item><title>GitHub Advanced Security Parser Migration: CLv2 Compatibility and Schema Updates</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-14209/</link><pubDate>Wed, 06 May 2026 09:39:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-14209/</guid><description>Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments.</description></item><item><title>VMware vCenter ASIM Parser: DvcId Type Correction Prevents Query Failures</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14182/</link><pubDate>Tue, 05 May 2026 23:34:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14182/</guid><description>Fixed critical data type mismatch in VMware vCenter authentication parser that caused DvcId field queries to fail.</description></item><item><title>Solutions Analyzer: Fix Connector Overcount in CCF v2 Solutions</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14184/</link><pubDate>Tue, 05 May 2026 08:00:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14184/</guid><description>Solutions Analyzer was double-counting connectors in CCF v2 solutions due to azuredeploy wrapper files creating phantom duplicates.</description></item><item><title>MISP2Sentinel: Critical Table Reference Fix for Upload Indicators API</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14091/</link><pubDate>Tue, 05 May 2026 07:18:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14091/</guid><description>MISP threat intelligence connector was broken due to incorrect table reference — deployments had zero indicator ingestion until this fix.</description></item><item><title>Joe Sandbox Solution: ARM Template Fixes and IOC Handling Improvements</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14130/</link><pubDate>Mon, 04 May 2026 12:39:49 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14130/</guid><description>Joe Sandbox solution updated to v3.0.1 with Azure template fixes, updated storage API versions, and improved IOC processing in playbooks.</description></item><item><title>Azure DevOps Auditing: Fixing Broken Connector After Parameter Mismatch</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14090/</link><pubDate>Mon, 04 May 2026 06:56:16 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14090/</guid><description>Critical configuration fix resolves parameter name mismatch that prevented Azure DevOps audit log ingestion entirely.</description></item><item><title>Upwind Connector: Function App Deployment Fixed After Broken Code Deployment</title><link>http://sentinelchangelog.net/posts/2026-05-01-pr-14158/</link><pubDate>Fri, 01 May 2026 06:48:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-01-pr-14158/</guid><description>Upwind connector Function App deployment was failing due to incorrect zip structure and ARM template configuration - fixed with flat zip layout and implicit hosting plan.</description></item></channel></rss>