Vectra XDR: Log Ingestion API Migration and Enhanced API v3.4 Support with New Playbook Capabilities

Vectra XDR solution updated to API v3.4 with Log Ingestion API support, three new playbooks for PCAP download and detection management. Read More →

Business Email Compromise: Fixed Alert Display Variable Reference

Corrected alert display format to use correct variable name CountOfDocs instead of non-existent number_of_files_accessed. Read More →

Salesforce Service Cloud: Critical Detection Rule Fixes for TimestampDerived Field

Essential bug fixes for Salesforce Service Cloud detection rules resolving datetime conversion issues that prevented rule creation. Read More →

VMware ESXi SSH Brute Force Detection Plus Multi-Solution Updates

New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →

Threat Intelligence Detection: Critical Timing Fix for Cloud App Email Indicators

TI analytic rule query periods reduced from 10 days to 1 hour to prevent false negatives from timing mismatches. Read More →

CyberArk Audit: Enhanced Detection Rules with Custom Data Field Analysis

CyberArk Audit solution updated with improved analytics rules leveraging custom data fields for better privileged access monitoring. Read More →

AWS and VMware ESXi: Three New Analytic Rules for Execution, Exfiltration, and Lateral Movement

Three new Analytic Rules added across AWS CloudTrail and VMware ESXi — detecting EC2 startup script tampering (T1059), anonymous S3 object exfiltration (T1530), and SSH enablement on ESXi hosts (T1021). Read More →

Multiple Solution Updates: GKE GA Promotion and SAP ETD Investigation Capability

Google Kubernetes Engine connector promoted to GA while SAP ETD Cloud gains investigation data ingestion and enhanced detection coverage. Read More →

Samsung Knox Asset Intelligence: DCR Schema Reduction and Rule Removal

Knox connector DCR updated to remove 13 event types, with corresponding analytic rule deleted due to missing data source. Read More →

Network Session Anomaly Detection: Simplified EPS Threshold Logic

Two network session analytic rules updated with unified EPS threshold and simplified query logic for improved maintainability. Read More →

BloodHound Enterprise Solution: Major v2.0 Upgrade with 105 New Detection Rules

Complete solution overhaul adds 105 analytic rules, new workbooks, and updated data connector with Azure Function v2 for enhanced Active Directory threat detection. Read More →

Snowflake Security Detection Restoration: Critical Field Name Standardisation Fixes Query Failures

Comprehensive field name standardisation in Snowflake detection rules resolves widespread query failures caused by parser schema mismatches, restoring database activity monitoring. Read More →

QualysVM CCF Migration: Schema Update Fixes Data Parsing and Entity Mapping Failures

QualysVM solution migration to CCF connector resolves critical schema mismatches causing detection failures and incorrect entity mapping for vulnerability data. Read More →

Lumen Threat Intelligence Solution: Comprehensive New Threat Feed Integration

Complete new solution with 10 analytic rules, hunting queries, workbook, and Azure Durable Function connector for Lumen threat intelligence integration. Read More →

Veeam Enterprise Solution: Major Enhancement with 137+ Detection Rules and Advanced Data Collection

Comprehensive Veeam solution update adds extensive security monitoring with 137+ new detection rules, enhanced function app data connector, and streamlined deployment. Read More →

Contrast ADR Solution: Refined Alert Formatting and Detection Logic Updates

Six Contrast ADR analytic rules updated with improved alert descriptions and custom table schema changes for better incident clarity. Read More →

NordPass Solution: Data Breach Scanner Detection Rules and Enhanced Connector Logic

Two new analytic rules detect domain and user data breaches on the dark web, with enhanced ingestion logic for NordPass Data Breach Scanner integration. Read More →

Veeam Solution: New Backup Security Monitoring with Malware Detection and Compliance Analysis

New Veeam solution added providing comprehensive security monitoring for backup infrastructure with malware scanning, compliance analysis, and threat detection capabilities. Read More →

Threat Intelligence DNS Detection: Alert Description Field Mapping Fix Enables Threat Context

Threat Intelligence imDns_IPEntity_DnsEvents rule updated to fix alert description field mapping from non-existent Type to ThreatType, restoring threat classification in DNS alerts. Read More →

Azure Firewall Detection: Critical Time Range Fix Prevents Overlapping Alerts and Query Failures

Azure Firewall Abnormal Port to Protocol rule updated to fix brittle time range handling that caused duplicate alerts and failed detection when runtime was modified. Read More →