OpenAI Connector Promoted to GA — Preview Flag Removed
The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub. Read More →
The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub. Read More →
The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements. Read More →
Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts – this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion. Read More →
Two new identity graph tables – EntraOwners and EntraSponsors – are now available in the Microsoft Entra ID Assets connector, expanding the identity relationship data surface for investigating account takeover and privilege escalation paths. Read More →
A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →
A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →
Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations. Read More →
The Trend Micro Vision One Function App connector gains support for the Indonesia (id) API region, resolving a complete ingestion gap for customers deployed on api.id.xdr.trendmicro.com. Read More →
Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use. Read More →
The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry – closing a significant blind spot for backup infrastructure security monitoring. Read More →
A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →
The IllumioInsightsGraph CCF connector had column type mismatches between the table schema and DCR transform that caused ingestion failures – this fix corrects TimeGenerated from string to datetime and multiple numeric fields from long to int, but introduces overflow risk for byte counters in high-volume environments. Read More →
The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API – deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated. Read More →
The GitHub Audit Log Azure Blob Storage connector now includes setup guidance on SAS token signing methods and recommends using Stored Access Policies to enable seamless credential rotation without reissuing tokens. Read More →
BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel. Read More →
The CyberArk Audit Function App connector has been updated from Python 3.10 (EOL) to Python 3.12, replacing all bundled dependency packages and deployment templates accordingly. Read More →
The MuleSoft CloudHub Logs CCF connector definition had an empty instructions array blocking marketplace validationâthis fix removes it, restoring publishability with no change to ingestion logic or detection coverage. Read More →
A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring. Read More →
Premium Microsoft Defender Threat Intelligence connector no longer available in Threat Intelligence (NEW) solution v3.0.19 as part of MDTI convergence effort. Read More →
Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection. Read More →