OpenAI Connector Promoted to GA — Preview Flag Removed

The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub. Read More →

BitSight Function App Connector: UI Updated to Reflect Log Ingestion API Authentication Requirements

The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements. Read More →

QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot

Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts – this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion. Read More →

Microsoft Entra ID Assets Connector Gains Owner and Sponsor Relationship Tables

Two new identity graph tables – EntraOwners and EntraSponsors – are now available in the Microsoft Entra ID Assets connector, expanding the identity relationship data surface for investigating account takeover and privilege escalation paths. Read More →

New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →

Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths

A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →

Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules

Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations. Read More →

Trend Micro Vision One Connector: Indonesia Region Support Added, Deployments in ID Site Were Unable to Ingest

The Trend Micro Vision One Function App connector gains support for the Indonesia (id) API region, resolving a complete ingestion gap for customers deployed on api.id.xdr.trendmicro.com. Read More →

Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry

Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use. Read More →

Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel

The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry – closing a significant blind spot for backup infrastructure security monitoring. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Illumio Insights Graph Connector: DCR Type Mismatches Were Blocking All Ingestion

The IllumioInsightsGraph CCF connector had column type mismatches between the table schema and DCR transform that caused ingestion failures – this fix corrects TimeGenerated from string to datetime and multiple numeric fields from long to int, but introduces overflow risk for byte counters in high-volume environments. Read More →

Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API

The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API – deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated. Read More →

GitHub Audit Log Azure Storage Connector: SAS Token Guidance Added to Prevent Credential Rotation Gaps

The GitHub Audit Log Azure Blob Storage connector now includes setup guidance on SAS token signing methods and recommends using Stored Access Policies to enable seamless credential rotation without reissuing tokens. Read More →

New BlueVoyant CCF Connector Brings Anthropic Claude Compliance Activity into Microsoft Sentinel

BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel. Read More →

CyberArk Audit Connector: Function App Runtime Updated to Python 3.12

The CyberArk Audit Function App connector has been updated from Python 3.10 (EOL) to Python 3.12, replacing all bundled dependency packages and deployment templates accordingly. Read More →

MuleSoft CloudHub Logs Connector: Empty Instruction Block Removed to Restore Marketplace Publishing

The MuleSoft CloudHub Logs CCF connector definition had an empty instructions array blocking marketplace validation—this fix removes it, restoring publishability with no change to ingestion logic or detection coverage. Read More →

New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull

A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring. Read More →

Premium MDTI Connector Removed from Threat Intelligence Solution During MDTI Convergence

Premium Microsoft Defender Threat Intelligence connector no longer available in Threat Intelligence (NEW) solution v3.0.19 as part of MDTI convergence effort. Read More →

QualysVM Connector Enhanced with QDS Score Parameter

Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection. Read More →