SOC Prime CCF: Three New Detection Rules for Platform Security Events
SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →
SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →
Fixed critical typo in Claroty threat detection rule where “Treat” was incorrectly used instead of “Threat” in both rule name and KQL logic. Read More →
New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →
Detection authoring guidelines now require validation of connectorId values against the official repository allowlist to prevent invalid connector references. Read More →
New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →
blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →
Version bump to 1.0.6 for Anomalous Single Factor Sign-in detection rule with no logic changes. Read More →
Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks. Read More →
GitHub Enterprise 2FA disablement detection rule was completely broken due to deprecated table reference — restored monitoring for T1562 defense impairment. Read More →
IPEntity_DuoSecurity detection migrated from legacy DuoSecurityAuthentication_CL table to normalized CiscoDuo ASIM schema. Read More →
New XBOW solution provides asset inventory, vulnerability finding correlation, and automated security assessment visibility through Function App ingestion and four analytic rules. Read More →
Datawiza solution adds server error spike detection to identify potential DDoS attacks or system misconfigurations. Read More →
Commvault Security IQ connector migrated from deprecated Log Analytics API to Azure Monitor Logs Ingestion API with DCE/DCR architecture. Read More →
CTM360 HackerView Function App connector was completely broken due to backup flag logic errors, preventing all threat intelligence ingestion until this fix. Read More →
CyberArk adds CCF-based connector to eliminate Azure Functions dependency for audit data ingestion. Read More →
Major migration from HTTP Data Collector API to CCF RestApiPoller enabling automatic polling with query-time deduplication for IONIX attack surface management data. Read More →
Critical fix aligns queryPeriod with 5-day learning window, restoring proper baseline computation for abnormal deny rate detection. Read More →
New Analytic Rule enables detection of malicious URLs from threat feeds in web traffic, closing coverage gap for URL-based indicators. Read More →
New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes. Read More →
Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts. Read More →