Global Secure Access: Enhanced Threat Intelligence Correlation and MCP Monitoring

New analytic rules correlate threat intelligence indicators with GSA traffic while MCP Servers Dashboard provides Model Context Protocol server monitoring. Read More →

Snowflake Multiple Failed Queries Detection: Fixed False Positives from Load Operations

Snowflake detection rule now filters out events lacking QueryExecutionStatus to prevent false alerts from data loading operations. Read More →

GitHub Enterprise Cloud Connector: Audit Log Data Ingestion Now Generally Available

GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →

Microsoft Defender XDR: SUNSPOT Detection Rule Documentation Update

Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

SAP BTP: 10 New Enterprise Security Detections for Cloud Integration and Identity Service

New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability. Read More →

Schema Correction: MITRE ATT&CK Field Name Fix Across Multiple Solutions

Critical schema update replaces deprecated requiredTechniques field with correct relevantTechniques field in analytic rules. Read More →

Threat Intelligence: Alert Severity Field Standardisation and Query Optimisation

Threat Intelligence solution updated with standardised severity field naming and query performance improvements in IP entity analytics. Read More →

New Cyble Vision Threat Intelligence Solution: Comprehensive CCF-Based Alert Platform

Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →

GCP IAM Detection Logic Fixed — Correcting Service Account Key Detection Gaps

Two GCP IAM analytic rules had syntax errors preventing proper detection of token generation and key enumeration attacks. Read More →

Contrast ADR Detection: Fixed Field Reference Causing Query Failures

Corrected field name from incident_id_s to incidentId_s in Contrast EDR detection rule. Read More →

Lookout Mobile Security: Parser Fixes and Executive Dashboard Enhancement

Lookout solution updated to v3.0.1 with parser fixes, comprehensive security dashboards, and enhanced analytic rules. Read More →

Critical Cloudflare Analytics Rules: Enhanced URL Entity Mapping and Repository Maintenance

P0-labeled update improves URL entity mapping in Cloudflare detection rules alongside extensive repository maintenance and validation improvements. Read More →

Anomalous Single Factor Sign-in Detection: Critical Logic Revert Due to False Positives

Reverts detection rule logic changes due to GitHub issue reporting incorrect filtering logic causing operational problems. Read More →

Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration

Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →

New Quokka Qscout Mobile App Security Solution: Mobile Threat Detection Visibility

CCF connector and detection rule for Quokka Qscout mobile app security analysis platform provides visibility into malicious mobile application findings. Read More →

Threat Intelligence: Critical Logic Fix Stops False Alerts on Revoked Indicators

Broken condition in CloudAppEvents threat intelligence detection fixed to prevent firing on revoked/deleted indicators. Read More →

Threat Intelligence: AppService HTTP Logs Detection Restored After Missing Column Fix

Critical fix for broken IP entity detection rule that was missing AlertPriority column causing template failures. Read More →

Squadra Technologies SecRMM: Compliance Update Adds Required Detection Rule

SecRMM solution updated to v3.0.0 with mandatory analytic rule for removable storage monitoring to meet Microsoft Sentinel compliance requirements. Read More →

GCP Security Command Center: New Detection Suite for Cloud Misconfigurations

New Solution delivers 5 Analytic Rules and 5 Hunting Queries to detect GCP security misconfigurations including unrestricted API keys, disabled security features, and risky IAM configurations. Read More →