<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Detections on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/detections/</link><description>Recent content in Detections on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/detections/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>Azure WAF Log4j Detection Restored: Field Reference Errors Silenced the Rule Since v1.0.5</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</link><pubDate>Tue, 07 Jul 2026 13:22:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</guid><description>A broken column_ifexists reference caused the Azure WAF Log4j detection rule to silently miss exploit traffic in details_message and details_msg fields &amp;ndash; any deployment running v1.0.5 had a gap in Log4Shell (CVE-2021-44228) coverage via WAF logs.</description></item><item><title>Azure WAF Log4j Detection: Schema Gap Closed for details_message_s and details_msg_s Fields</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</link><pubDate>Tue, 07 Jul 2026 11:52:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</guid><description>The AzureWAFmatching_log4j_vuln Analytic Rule was silently missing CVE-2021-44228 exploit attempts in WAF logs that surfaced details_message_s via AdditionalFields or used the details_msg_s column variant, leaving a schema-dependent blind spot in Log4Shell detection.</description></item><item><title>Recorded Future: Defender Portal Migration Breaks Incident Creation -- Playbooks Redesigned Around Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</link><pubDate>Fri, 03 Jul 2026 09:26:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</guid><description>Recorded Future v3.2.20 removes direct incident creation from four playbooks (now incompatible with the unified Microsoft Defender portal) and introduces new Analytic Rules to restore incident generation from custom log tables.</description></item><item><title>Entra ID Brute-Force Detection: Sort Order Fix Corrects Anomaly Decomposition Input</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</link><pubDate>Fri, 03 Jul 2026 06:43:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</guid><description>The BruteForceAgainstanEntraAuthenticatedWindowsDevice Analytic Rule was building unsorted time-series arrays for series_decompose_anomalies, meaning anomaly detection results could be incorrect or inconsistent across executions &amp;ndash; this fix enforces chronological ordering and stable serialization before make_list.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</link><pubDate>Thu, 25 Jun 2026 11:56:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</guid><description>A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table &amp;ndash; covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection &amp;ndash; plus an incident-response Playbook and a quarantine dashboard Workbook.</description></item><item><title>Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</link><pubDate>Thu, 25 Jun 2026 11:35:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</guid><description>Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts &amp;ndash; data that was previously absent from incident context.</description></item><item><title>iboss Solution 3.1.3: New Malware and C2 Analytic Rules for Web Gateway Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14525/</link><pubDate>Thu, 25 Jun 2026 06:26:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14525/</guid><description>iboss Solution 3.1.3 ships two new Scheduled Analytic Rules that surface malware detections and C2 communications flagged by the iboss gateway, closing a detection gap for organizations relying solely on raw CommonSecurityLog ingestion.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</link><pubDate>Tue, 23 Jun 2026 12:08:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</guid><description>Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations.</description></item><item><title>SilkTyphoon Child Process Detection: Duplicate Connector Mapping Removed</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14428/</link><pubDate>Mon, 22 Jun 2026 10:12:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14428/</guid><description>The SilkTyphoonNewUMServiceChildProcess Analytic Rule carried a duplicate and mistyped connector entry (SecurityEvents instead of SecurityEvent) that could cause connector validation errors or unexpected behaviour in environments relying on connector dependency resolution.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>Vaikora-AzureSecurityCenter: Three Analytic Rules and Playbook Completely Non-Functional Since Initial Deployment</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14366/</link><pubDate>Thu, 18 Jun 2026 12:25:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14366/</guid><description>The v3.0.0 solution was built against a fabricated alert API schema &amp;ndash; the playbook crashed on ingestion, all three Analytic Rules queried a table that was never populated, and two install paths wrote to divergent tables, meaning zero Vaikora AI agent threat data reached Microsoft Sentinel from day one.</description></item><item><title>CiscoSEG and Infoblox NIOS Package Template Sync — Metadata and Version Normalisation</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14497/</link><pubDate>Thu, 18 Jun 2026 09:32:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14497/</guid><description>Package template refresh for CiscoSEG (3.0.5), Infoblox NIOS (3.0.5), and Windows Server DNS (3.0.1) solutions with no changes to detection logic, parser content, or connector ingestion configuration.</description></item><item><title>Microsoft Defender XDR: OAuth and Device-Code Phishing Hunting Queries Unblocked After ARM-TTK Pipeline Failure</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</link><pubDate>Thu, 18 Jun 2026 05:58:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</guid><description>Two Defender XDR hunting queries targeting OAuth consent and device-code phishing were blocked from pipeline validation due to ARM-TTK hardcoded URI false positives; KQL refactored to construct URLs via strcat(), restoring deployment and preserving detection semantics.</description></item><item><title>New eDCRule Solution: 10 Entra ID and Azure Subscription Analytic Rules for Privilege Escalation and Identity Abuse Detection</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</link><pubDate>Wed, 17 Jun 2026 05:44:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</guid><description>A new community solution adds 10 scheduled Analytic Rules (plus Chinese-localized counterparts) targeting Microsoft Entra ID privilege escalation, OAuth token abuse, federation trust tampering, and Azure VM Run Command abuse correlated with UEBA signals.</description></item><item><title>Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</link><pubDate>Mon, 15 Jun 2026 03:10:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</guid><description>New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic.</description></item><item><title>UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</link><pubDate>Fri, 12 Jun 2026 10:15:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</guid><description>Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics.</description></item><item><title>Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</link><pubDate>Fri, 12 Jun 2026 07:51:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</guid><description>New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events.</description></item><item><title>Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</link><pubDate>Fri, 12 Jun 2026 07:00:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</guid><description>Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers.</description></item><item><title>Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</link><pubDate>Thu, 11 Jun 2026 13:00:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</guid><description>Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs.</description></item><item><title>SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14429/</link><pubDate>Thu, 11 Jun 2026 09:19:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14429/</guid><description>Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques.</description></item><item><title>SAP BTP: Enhanced Cloud Integration Deployment Detection with Audit Configuration Events</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14430/</link><pubDate>Thu, 11 Jun 2026 09:18:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14430/</guid><description>SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments.</description></item><item><title>Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</link><pubDate>Thu, 11 Jun 2026 08:21:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</guid><description>Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage.</description></item><item><title>StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</link><pubDate>Wed, 10 Jun 2026 10:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</guid><description>Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration.</description></item><item><title>Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links</title><link>http://sentinelchangelog.net/posts/2026-06-08-pr-14362/</link><pubDate>Mon, 08 Jun 2026 09:50:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-08-pr-14362/</guid><description>Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents.</description></item><item><title>Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</link><pubDate>Fri, 05 Jun 2026 10:14:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</guid><description>Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks.</description></item><item><title>Pathlock TD&amp;R: Major Detection Coverage Expansion with 77 New SAP-Focused Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14265/</link><pubDate>Fri, 05 Jun 2026 05:38:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14265/</guid><description>Pathlock Threat Detection &amp;amp; Response adds 77 comprehensive SAP security analytic rules covering ABAP changes, user activities, system modifications, and financial data access.</description></item><item><title>Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files</title><link>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</link><pubDate>Thu, 04 Jun 2026 10:47:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</guid><description>Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting.</description></item><item><title>Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</link><pubDate>Mon, 01 Jun 2026 04:39:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</guid><description>Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.</description></item><item><title>42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</link><pubDate>Fri, 29 May 2026 16:38:05 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</guid><description>Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss.</description></item><item><title>Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</link><pubDate>Fri, 29 May 2026 08:53:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</guid><description>Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details.</description></item><item><title>Bitdefender GravityZone Solution v3.0.1 Adds Incident Analytics for Endpoint and Email Protection</title><link>http://sentinelchangelog.net/posts/2026-05-28-pr-13299/</link><pubDate>Thu, 28 May 2026 05:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-28-pr-13299/</guid><description>Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation.</description></item><item><title>CrowdStrike Content Doctor Enhancement: Improved Detection Logic and Alert Customization</title><link>http://sentinelchangelog.net/posts/2026-05-21-pr-14268/</link><pubDate>Thu, 21 May 2026 12:01:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-21-pr-14268/</guid><description>Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections.</description></item><item><title>XBOW: API Version 2026-04-01 Upgrade Enriches Assessment Data with Attack Credits and Events</title><link>http://sentinelchangelog.net/posts/2026-05-20-pr-14145/</link><pubDate>Wed, 20 May 2026 06:13:05 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-20-pr-14145/</guid><description>XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility.</description></item><item><title>AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings</title><link>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</link><pubDate>Mon, 18 May 2026 07:30:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</guid><description>Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.</description></item><item><title>SailPoint IdentityNow: New CCF Connector with Dual Parser Support (v3.0.1)</title><link>http://sentinelchangelog.net/posts/2026-05-15-pr-14235/</link><pubDate>Fri, 15 May 2026 07:10:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-15-pr-14235/</guid><description>SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments.</description></item><item><title>Red Sift Solution: New CCF Data Connector and Email Security Detections</title><link>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</link><pubDate>Thu, 14 May 2026 10:01:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</guid><description>Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios.</description></item><item><title>Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</link><pubDate>Tue, 12 May 2026 09:22:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</guid><description>Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces.</description></item><item><title>Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events</title><link>http://sentinelchangelog.net/posts/2026-05-12-pr-14108/</link><pubDate>Tue, 12 May 2026 08:58:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-12-pr-14108/</guid><description>Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision.</description></item><item><title>Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-13820/</link><pubDate>Wed, 06 May 2026 09:37:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-13820/</guid><description>Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context.</description></item><item><title>Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14107/</link><pubDate>Tue, 05 May 2026 09:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14107/</guid><description>Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring.</description></item><item><title>Vaikora AI Agent Security Monitoring for Defender for Cloud</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-13986/</link><pubDate>Tue, 05 May 2026 07:17:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-13986/</guid><description>New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring.</description></item><item><title>Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage</title><link>http://sentinelchangelog.net/posts/2026-04-30-pr-14162/</link><pubDate>Thu, 30 Apr 2026 11:04:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-30-pr-14162/</guid><description>Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes.</description></item><item><title>Okta Detection Rule: Fixed Blind Spot After Connector Migration to OktaV2_CL</title><link>http://sentinelchangelog.net/posts/2026-04-28-pr-14137/</link><pubDate>Tue, 28 Apr 2026 11:12:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-28-pr-14137/</guid><description>Critical Okta detection was broken after connector migration — now uses OktaSSO parser to restore session impersonation monitoring.</description></item><item><title>Vaikora Solution: New AI Agent Governance Connector for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-04-27-pr-13983/</link><pubDate>Mon, 27 Apr 2026 06:25:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-27-pr-13983/</guid><description>New CCF connector ingests Vaikora AI agent behavioral signals with 3 detection rules for policy violations, anomalies, and high-risk actions.</description></item><item><title>Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes</title><link>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</link><pubDate>Fri, 24 Apr 2026 05:26:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</guid><description>Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture.</description></item></channel></rss>