New Solution: meshStack Platform Event Logs Integration for Cloud Governance

meshStack event logging connector enables cloud platform governance monitoring by ingesting developer platform events into Microsoft Sentinel. Read More →

CyberArk EPM Connector: Critical Package Fix Restores Function App Deployment

Missing .python_packages dependency added to function app package, resolving deployment failures that blocked connector installations. Read More →

Oracle Cloud Infrastructure Connector: Group Cursor Support for OCI Streaming

OCI connector now supports Group Cursor mode alongside Individual Cursor for improved streaming partition consumption flexibility. Read More →

Rapid7 InsightVM Data Connector: Azure Functions Extension Bundle Upgrade to 4.x

Rapid7 InsightVM Function App connector updated to use latest 4.x Azure Functions extension bundles from deprecated 3.x version. Read More →

OAuth Data Connectors: Dynamic Redirect URI Support Simplifies Authentication Setup

Four OAuth-based data connectors now support dynamic redirect URIs, eliminating manual Azure portal configuration requirements. Read More →

GitHub Enterprise Cloud Connector: Audit Log Data Ingestion Now Generally Available

GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →

New Solution: JoeSandbox Threat Intelligence and Malware Analysis Platform Integration

Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →

Check Point Cyberint IOC Connector: Critical Data Ingestion Restoration

Cyberint threat intelligence connector restored from complete ingestion failure caused by malformed API endpoint and duplicate schema nesting blocking IOC data collection. Read More →

Armis IoT Security Solution: Enhanced Log Ingestion and Data Collection Rule Integration

Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →

Snowflake Connector: Data Ingestion Timing Fix and Parser Field Corrections

Snowflake connector updated with 120-minute ingestion delay and corrected timestamp parsing to address customer-reported data gaps. Read More →

Major Solution Release: Cyble Vision and Tropico Solutions Added Plus Multi-Solution Updates

Large release adds two new threat intelligence solutions (Cyble Vision, Tropico) and updates to 15+ existing solutions across the repository. Read More →

Miro Solution: New Enterprise Collaboration Security and Compliance Monitoring

New Miro solution added with CCF connectors for audit logs and content logs to enable collaboration platform security monitoring. Read More →

New Cyble Vision Threat Intelligence Solution: Comprehensive CCF-Based Alert Platform

Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →

Trend Micro Vision One — urllib3 Security Update Fixes Critical DoS Vulnerabilities

Dependency update from urllib3 1.26.20 to 2.6.0 addresses two high-severity CVEs preventing DoS attacks via decompression bombs and content encoding chains. Read More →

ESET Protect Platform Connector: urllib3 Security Update for CVE Fixes

Updated urllib3 dependency to v2.6.0 to address two high-severity CVEs affecting HTTP decompression handling. Read More →

Microsoft Copilot Connector — Critical Table Name Update from LLMActivity to CopilotActivity

Microsoft Copilot connector fixes critical table reference issue, standardizing on official CopilotActivity table name across all components. Read More →

Ermes Browser Security Connector — Enhanced Data Fidelity and Multi-Tenant Support

CCF connector update fixes timestamp extraction, adds configurable API endpoints, and expands log data collection for better event visibility. Read More →

Lookout Mobile Security: Parser Fixes and Executive Dashboard Enhancement

Lookout solution updated to v3.0.1 with parser fixes, comprehensive security dashboards, and enhanced analytic rules. Read More →

Fortigate ASIM Parser: Field Name Consistency Fix for Network Session Schema

Field name inconsistencies in Fortigate ASIM parsers corrected to ensure proper schema compliance and data normalization. Read More →

Proofpoint POD: Fixing WebSocket Connector to Eliminate Duplicate Data Ingestion

Removed time-based query parameters from Proofpoint On-Demand Email Security connector to prevent duplicate data ingestion caused by time rounding overlaps. Read More →