SOC Prime CCF: Three New Detection Rules for Platform Security Events

SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →

Claroty Analytic Rule: Critical Typo Fix Restores Threat Detection Logic

Fixed critical typo in Claroty threat detection rule where “Treat” was incorrectly used instead of “Threat” in both rule name and KQL logic. Read More →

Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibility

New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →

Detection Template Validation: connectorId Enforcement Added to Review Process

Detection authoring guidelines now require validation of connectorId values against the official repository allowlist to prevent invalid connector references. Read More →

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Anomalous Single Factor Sign-in Detection: Version Metadata Update

Version bump to 1.0.6 for Anomalous Single Factor Sign-in detection rule with no logic changes. Read More →

Microsoft Threat Intelligence: Detection Logic Optimization Risks in Domain/URL Mapping Rule

Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks. Read More →

GitHub 2FA Detection Restored: Critical Blind Spot Fixed After Parser Migration

GitHub Enterprise 2FA disablement detection rule was completely broken due to deprecated table reference — restored monitoring for T1562 defense impairment. Read More →

Threat Intelligence: Duo Security IP Detection Updated for ASIM Schema Compliance

IPEntity_DuoSecurity detection migrated from legacy DuoSecurityAuthentication_CL table to normalized CiscoDuo ASIM schema. Read More →

XBOW Autonomous Security Platform: Function App Connector and Detection Rules

New XBOW solution provides asset inventory, vulnerability finding correlation, and automated security assessment visibility through Function App ingestion and four analytic rules. Read More →

Datawiza Solution: New Detection for Server Error Spike Monitoring

Datawiza solution adds server error spike detection to identify potential DDoS attacks or system misconfigurations. Read More →

Commvault Connector: Migration from Legacy Sentinel API to Modern Logs Ingestion Architecture

Commvault Security IQ connector migrated from deprecated Log Analytics API to Azure Monitor Logs Ingestion API with DCE/DCR architecture. Read More →

CTM360 HackerView: Connector Ingestion Restored After Complete Deployment Failure

CTM360 HackerView Function App connector was completely broken due to backup flag logic errors, preventing all threat intelligence ingestion until this fix. Read More →

CyberArk Audit: New CCF Connector Alternative Replaces Function App Dependency

CyberArk adds CCF-based connector to eliminate Azure Functions dependency for audit data ingestion. Read More →

IONIX: Migration to CCF RestApiPoller with Enhanced Data Deduplication

Major migration from HTTP Data Collector API to CCF RestApiPoller enabling automatic polling with query-time deduplication for IONIX attack surface management data. Read More →

Global Secure Access: Critical Fix for Abnormal Deny Rate Detection Baseline Computation

Critical fix aligns queryPeriod with 5-day learning window, restoring proper baseline computation for abnormal deny rate detection. Read More →

Threat Intelligence: URL IOC Detection Added for Web Session Monitoring

New Analytic Rule enables detection of malicious URLs from threat feeds in web traffic, closing coverage gap for URL-based indicators. Read More →

Visa Threat Intelligence Solution: Initial Package Release with IOC Detection Rules

New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes. Read More →

Azure Firewall: Five New IDPS Analytic Rules for Advanced Threat Detection

Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts. Read More →