<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>DataConnectors on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/dataconnectors/</link><description>Recent content in DataConnectors on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 06:24:39 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/dataconnectors/index.xml" rel="self" type="application/rss+xml"/><item><title>New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</link><pubDate>Fri, 10 Jul 2026 06:24:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</guid><description>A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</link><pubDate>Fri, 10 Jul 2026 00:13:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</guid><description>A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel.</description></item><item><title>SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</link><pubDate>Thu, 09 Jul 2026 22:44:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</guid><description>The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced.</description></item><item><title>Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</link><pubDate>Thu, 09 Jul 2026 22:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</guid><description>Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated.</description></item><item><title>Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</link><pubDate>Thu, 09 Jul 2026 04:22:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</guid><description>The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts.</description></item><item><title>Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</link><pubDate>Wed, 08 Jul 2026 21:22:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</guid><description>The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility.</description></item><item><title>Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</link><pubDate>Wed, 08 Jul 2026 11:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</guid><description>The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>Untitled</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</link><pubDate>Wed, 08 Jul 2026 05:12:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</guid><description>&lt;p&gt;test&lt;/p&gt;
&lt;h2 id="affected-files"&gt;Affected Files&lt;/h2&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;.script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json
DataConnectors/Frends iPaaS/README.md
&lt;/code&gt;&lt;/pre&gt;</description></item><item><title>SIGNL4 Connector Docs Refreshed to Flag Legacy Status and Point to Current Integration Path</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14613/</link><pubDate>Wed, 08 Jul 2026 05:07:16 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14613/</guid><description>The SIGNL4 data connector UI instructions have been rewritten to label the connector as legacy and redirect operators to the native SIGNL4 Microsoft Sentinel connector app, dropping outdated Azure Graph Security API setup steps.</description></item><item><title>Imperva Cloud WAF CCF Connector Graduates to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</link><pubDate>Tue, 07 Jul 2026 21:34:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</guid><description>The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes.</description></item><item><title>New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</link><pubDate>Tue, 07 Jul 2026 13:50:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</guid><description>Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation &amp;ndash; lowering the barrier for partners building custom data connectors.</description></item><item><title>WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</link><pubDate>Tue, 07 Jul 2026 12:06:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</guid><description>The WithSecureElementsCCF connector has been non-functional since initial release &amp;ndash; both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector.</description></item><item><title>Microsoft Entra ID Assets: EntraEligibleMembers Table Pulled Before GA</title><link>http://sentinelchangelog.net/posts/2026-07-06-pr-14602/</link><pubDate>Mon, 06 Jul 2026 11:07:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-06-pr-14602/</guid><description>The EntraEligibleMembers (Preview) table added in v3.3.0 has been removed in this hotfix, eliminating that data source from the connector definition until a stable release.</description></item><item><title>Three Solutions Packaging Fix: Mulesoft, Trend Micro, and ESET UI Metadata Corrected</title><link>http://sentinelchangelog.net/posts/2026-07-06-pr-14618/</link><pubDate>Mon, 06 Jul 2026 10:59:56 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-06-pr-14618/</guid><description>Duplicated connector count blocks in solution UI descriptions and a connector count mismatch are corrected across three solutions, with no detection logic or data ingestion changes.</description></item><item><title>Logstash Output Plugin Ruby Version Formally Deprecated - Java Version Now Canonical</title><link>http://sentinelchangelog.net/posts/2026-07-06-pr-14597/</link><pubDate>Mon, 06 Jul 2026 06:01:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-06-pr-14597/</guid><description>The Ruby-based Microsoft Sentinel Logstash output plugin (1.x.x) is now officially deprecated and its documentation separated from the active Java-based version (2.x.x), clarifying which plugin operators should be running.</description></item><item><title>Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</link><pubDate>Fri, 03 Jul 2026 12:30:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</guid><description>A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility.</description></item><item><title>ESET PROTECT Platform Connector: Dependency Rollback Including Cryptography Downgrade Warrants Review</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</link><pubDate>Fri, 03 Jul 2026 11:07:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</guid><description>The ESET PROTECT Platform Function App connector rolls back several Python dependencies to lower versions, including cryptography from 48.0.0 to 43.0.1, without documented CVE justification &amp;ndash; operators should verify no security regressions are introduced.</description></item><item><title>Wiz Connector Overhaul: Agentless DCR Push Integration Adds Detections Stream, Eliminates Function App Attack Surface</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</link><pubDate>Fri, 03 Jul 2026 09:26:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</guid><description>Wiz v3.0.1 replaces the legacy Azure Function pull connector with a native DCR push integration, adding a new WizDetectionsV3_CL data stream and removing the need for customer-hosted infrastructure or shared workspace keys.</description></item><item><title>BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</link><pubDate>Fri, 03 Jul 2026 07:29:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</guid><description>The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data.</description></item><item><title>ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</link><pubDate>Thu, 02 Jul 2026 19:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</guid><description>A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector.</description></item><item><title>GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</link><pubDate>Thu, 02 Jul 2026 11:15:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</guid><description>The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs.</description></item><item><title>DocuSign Connector: Az Module Upgrade Restores PowerShell 7.2+ Function App Compatibility</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14572/</link><pubDate>Thu, 02 Jul 2026 04:18:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14572/</guid><description>The DocuSign Security Events Function App connector was failing to load Az module cmdlets on PowerShell 7.2+ runtimes; bumping the dependency from Az 5.* to 11.* restores ingestion.</description></item><item><title>Cisco Umbrella CCF Connector GA Promotion Fixes Template Variable Rendering in UI Queries</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</link><pubDate>Wed, 01 Jul 2026 19:55:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</guid><description>The Cisco Umbrella CCF connector graduates to GA while also resolving broken template variable references that caused Content Hub connectivity checks and sample queries to malfunction.</description></item><item><title>Rapid7 InsightVM CCF Connector Promoted to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</link><pubDate>Wed, 01 Jul 2026 19:47:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</guid><description>The Rapid7 InsightVM CCF data connector moves out of Public Preview to GA, updating the API version to the stable 2025-09-01 release.</description></item><item><title>AWS S3 Connector: CloudFormation IaC Templates Added for Repeatable AWS-Side Deployment</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14557/</link><pubDate>Wed, 01 Jul 2026 07:59:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14557/</guid><description>Four CloudFormation templates (CloudTrail, CloudWatch, VPC Flow Logs, GuardDuty) and an OIDC trust template now provide enterprise-grade IaC deployment of the AWS-side resources required by the Microsoft Sentinel Amazon Web Services S3 connector, complementing the existing PowerShell setup flow.</description></item><item><title>New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</link><pubDate>Wed, 01 Jul 2026 07:05:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</guid><description>A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs.</description></item><item><title>WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</link><pubDate>Wed, 01 Jul 2026 06:14:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</guid><description>A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments.</description></item><item><title>Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</link><pubDate>Wed, 01 Jul 2026 06:13:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</guid><description>A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record.</description></item><item><title>Darktrace CCF Connector: Setup Guide Link Updated to Customer Portal</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</link><pubDate>Tue, 30 Jun 2026 09:08:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</guid><description>Version 3.1.1 fixes a broken documentation link in the connector UI, replacing the prior URL with the Darktrace customer portal guides page (&lt;a href="https://customerportal.darktrace.com/guides"&gt;https://customerportal.darktrace.com/guides&lt;/a&gt;) after a manual validation failure.</description></item><item><title>Semperis Lightning Connector: TLS Certificate Verification Restored Across All API Calls</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</link><pubDate>Tue, 30 Jun 2026 07:59:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</guid><description>The Semperis Lightning data connector was making all outbound API requests with TLS verification disabled (verify=False), exposing token acquisition and all data collection calls to man-in-the-middle attacks; this fix re-enables certificate validation across seven affected modules.</description></item><item><title>Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</link><pubDate>Tue, 30 Jun 2026 06:22:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</guid><description>A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</link><pubDate>Mon, 29 Jun 2026 13:21:35 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</guid><description>The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life.</description></item><item><title>Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</link><pubDate>Mon, 29 Jun 2026 09:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</guid><description>Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts.</description></item><item><title>Microsoft Entra ID Assets Connector: EntraEligibleMembers Table Added (Preview)</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</link><pubDate>Mon, 29 Jun 2026 08:58:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</guid><description>The Microsoft Entra ID Assets connector gains a new EntraEligibleMembers table checkbox in the portal, expanding Privileged Identity Management (PIM) visibility for eligible role assignment tracking.</description></item><item><title>Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</link><pubDate>Fri, 26 Jun 2026 05:11:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</guid><description>A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory &amp;ndash; including IP, hostname, OS, severity, and vulnerability counts &amp;ndash; into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel.</description></item><item><title>Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</link><pubDate>Thu, 25 Jun 2026 11:35:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</guid><description>Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts &amp;ndash; data that was previously absent from incident context.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item><item><title>Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</link><pubDate>Thu, 25 Jun 2026 09:31:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</guid><description>The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser.</description></item><item><title>OpenAI Connector Promoted to GA — Preview Flag Removed</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14549/</link><pubDate>Wed, 24 Jun 2026 17:12:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14549/</guid><description>The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub.</description></item><item><title>BitSight Function App Connector: UI Updated to Reflect Log Ingestion API Authentication Requirements</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14487/</link><pubDate>Wed, 24 Jun 2026 08:31:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14487/</guid><description>The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements.</description></item><item><title>QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</link><pubDate>Wed, 24 Jun 2026 08:17:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14541/</guid><description>Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts &amp;ndash; this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion.</description></item><item><title>Microsoft Entra ID Assets Connector Gains Owner and Sponsor Relationship Tables</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14540/</link><pubDate>Wed, 24 Jun 2026 06:03:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14540/</guid><description>Two new identity graph tables &amp;ndash; EntraOwners and EntraSponsors &amp;ndash; are now available in the Microsoft Entra ID Assets connector, expanding the identity relationship data surface for investigating account takeover and privilege escalation paths.</description></item><item><title>New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</link><pubDate>Wed, 24 Jun 2026 05:54:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</guid><description>A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</link><pubDate>Tue, 23 Jun 2026 12:08:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</guid><description>Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations.</description></item><item><title>Trend Micro Vision One Connector: Indonesia Region Support Added, Deployments in ID Site Were Unable to Ingest</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14533/</link><pubDate>Tue, 23 Jun 2026 06:01:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14533/</guid><description>The Trend Micro Vision One Function App connector gains support for the Indonesia (id) API region, resolving a complete ingestion gap for customers deployed on api.id.xdr.trendmicro.com.</description></item><item><title>Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</link><pubDate>Tue, 23 Jun 2026 05:05:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</guid><description>Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use.</description></item><item><title>Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</link><pubDate>Mon, 22 Jun 2026 15:53:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</guid><description>The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry &amp;ndash; closing a significant blind spot for backup infrastructure security monitoring.</description></item></channel></rss>