UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage

Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics. Read More →

Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel

New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context

Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs. Read More →

SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion

Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques. Read More →

SAP BTP: Enhanced Cloud Integration Deployment Detection with Audit Configuration Events

SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments. Read More →

Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection

Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links

Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents. Read More →

Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers

Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks. Read More →

Pathlock TD&R: Major Detection Coverage Expansion with 77 New SAP-Focused Analytic Rules

Pathlock Threat Detection & Response adds 77 comprehensive SAP security analytic rules covering ABAP changes, user activities, system modifications, and financial data access. Read More →

Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files

Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector

Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss. Read More →

Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)

Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →

Bitdefender GravityZone Solution v3.0.1 Adds Incident Analytics for Endpoint and Email Protection

Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →

CrowdStrike Content Doctor Enhancement: Improved Detection Logic and Alert Customization

Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →

XBOW: API Version 2026-04-01 Upgrade Enriches Assessment Data with Attack Credits and Events

XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

SailPoint IdentityNow: New CCF Connector with Dual Parser Support (v3.0.1)

SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →