Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

Vaikora AI Agent Security Monitoring for Defender for Cloud

New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →

Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage

Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes. Read More →

Okta Detection Rule: Fixed Blind Spot After Connector Migration to OktaV2_CL

Critical Okta detection was broken after connector migration — now uses OktaSSO parser to restore session impersonation monitoring. Read More →

Vaikora Solution: New AI Agent Governance Connector for Microsoft Sentinel

New CCF connector ingests Vaikora AI agent behavioral signals with 3 detection rules for policy violations, anomalies, and high-risk actions. Read More →

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

Recorded Future Identity: Prepares for Microsoft Defender Portal Migration by Deprecating Legacy Incident Creation

Recorded Future Identity solution deprecates Logic Apps-based incident creation and introduces Analytic Rules for Microsoft Defender Portal compatibility. Read More →

SAP ETD Cloud: User Account Correlation Now Available After Data Collection Gap

SAP ETD alerts now surface user account names and email addresses for incident correlation, filling a critical entity mapping gap that prevented effective identity-based investigations. Read More →

Global Secure Access: Threat Intelligence Detection Restored After URL Regex Failure

Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type. Read More →

D3 Smart SOAR: New Detection for High/Critical Severity Incidents

D3 Smart SOAR solution now includes an Analytic Rule to automatically detect and escalate High or Critical severity incidents from SOAR platform data. Read More →

Check Point Cyberint: Bi-Directional Alert Sync and Critical Data Ingestion Fix

Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion. Read More →

Contrast ADR: CCF Connector Deployment Unlocks Application Attack Visibility

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Microsoft Entra ID Conditional Access Bypass Detection: False Positive Reduction via Benign Status Code Watchlist

New watchlist filters out 7 known-benign status codes from Conditional Access bypass detection to reduce false positives from legitimate MFA prompts and session expiration events. Read More →

Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion

Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →

Threat Intelligence Domain-to-SecurityAlert Rule: Fixes Recursive Alert Loop with Self-Exclusion Filter

Threat Intelligence domain mapping rule updated to prevent infinite alert loops by excluding its own alerts from the source data. Read More →