Microsoft Entra ID: New Hunting Query Detects Post-Compromise Token Abuse via ASN Mismatches

Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

AI Agents Hunting Query: Schema Field Case Correction Enables Query Execution

Fixed IdentityInfo field reference from AccountUPN to AccountUpn to resolve KQL validation failure and restore query functionality. Read More →

Azure Activity: Hunting Query Documentation Enhancement for Custom Script Extensions

Minor documentation improvement clarifying protected settings visibility in Custom Script Extension hunting query. Read More →

Microsoft Defender XDR Solution: Punycode Hunting Query Added for Lookalike Domain Detection

Microsoft Defender XDR solution v3.0.14 adds hunting query targeting Punycode character abuse in lookalike domain attacks. Read More →

Microsoft Defender XDR: New Hunting Query for Punycode Lookalike Domain Phishing

Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →

Microsoft Defender XDR: SUNSPOT Detection Rule Documentation Update

Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →

New Solution: JoeSandbox Threat Intelligence and Malware Analysis Platform Integration

Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →

Microsoft Defender XDR: Teams Hunting Queries Version Number Fix

Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

Schema Correction: MITRE ATT&CK Field Name Fix Across Multiple Solutions

Critical schema update replaces deprecated requiredTechniques field with correct relevantTechniques field in analytic rules. Read More →

Fortigate ASIM Parser: Field Name Consistency Fix for Network Session Schema

Field name inconsistencies in Fortigate ASIM parsers corrected to ensure proper schema compliance and data normalization. Read More →

Critical Cloudflare Analytics Rules: Enhanced URL Entity Mapping and Repository Maintenance

P0-labeled update improves URL entity mapping in Cloudflare detection rules alongside extensive repository maintenance and validation improvements. Read More →

Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration

Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →

UEBA Essentials: Five New Hunting Queries for Advanced Anomaly Analysis and Threat Triage

UEBA Essentials v4.1.0 adds five targeted hunting queries for high-score anomaly triage, trend analysis, template distribution, user-centric investigation, and malicious source IP identification. Read More →