Vectra XDR: Log Ingestion API Migration and Enhanced API v3.4 Support with New Playbook Capabilities
Vectra XDR solution updated to API v3.4 with Log Ingestion API support, three new playbooks for PCAP download and detection management. Read More →
Vectra XDR solution updated to API v3.4 with Log Ingestion API support, three new playbooks for PCAP download and detection management. Read More →
Corrected alert display format to use correct variable name CountOfDocs instead of non-existent number_of_files_accessed. Read More →
Essential bug fixes for Salesforce Service Cloud detection rules resolving datetime conversion issues that prevented rule creation. Read More →
New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →
TI analytic rule query periods reduced from 10 days to 1 hour to prevent false negatives from timing mismatches. Read More →
CyberArk Audit solution updated with improved analytics rules leveraging custom data fields for better privileged access monitoring. Read More →
Three new Analytic Rules added across AWS CloudTrail and VMware ESXi — detecting EC2 startup script tampering (T1059), anonymous S3 object exfiltration (T1530), and SSH enablement on ESXi hosts (T1021). Read More →
Google Kubernetes Engine connector promoted to GA while SAP ETD Cloud gains investigation data ingestion and enhanced detection coverage. Read More →
Knox connector DCR updated to remove 13 event types, with corresponding analytic rule deleted due to missing data source. Read More →
Two network session analytic rules updated with unified EPS threshold and simplified query logic for improved maintainability. Read More →
Complete solution overhaul adds 105 analytic rules, new workbooks, and updated data connector with Azure Function v2 for enhanced Active Directory threat detection. Read More →
Comprehensive field name standardisation in Snowflake detection rules resolves widespread query failures caused by parser schema mismatches, restoring database activity monitoring. Read More →
QualysVM solution migration to CCF connector resolves critical schema mismatches causing detection failures and incorrect entity mapping for vulnerability data. Read More →
Complete new solution with 10 analytic rules, hunting queries, workbook, and Azure Durable Function connector for Lumen threat intelligence integration. Read More →
Comprehensive Veeam solution update adds extensive security monitoring with 137+ new detection rules, enhanced function app data connector, and streamlined deployment. Read More →
Six Contrast ADR analytic rules updated with improved alert descriptions and custom table schema changes for better incident clarity. Read More →
Two new analytic rules detect domain and user data breaches on the dark web, with enhanced ingestion logic for NordPass Data Breach Scanner integration. Read More →
New Veeam solution added providing comprehensive security monitoring for backup infrastructure with malware scanning, compliance analysis, and threat detection capabilities. Read More →
Threat Intelligence imDns_IPEntity_DnsEvents rule updated to fix alert description field mapping from non-existent Type to ThreatType, restoring threat classification in DNS alerts. Read More →
Azure Firewall Abnormal Port to Protocol rule updated to fix brittle time range handling that caused duplicate alerts and failed detection when runtime was modified. Read More →