Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

Microsoft Copilot Connector: Updated Product Scope Description

Clarifies connector description to specify M365 Copilot and Security Copilot coverage alongside general improvements. Read More →

A365 Observability Connector: New AI Agent Telemetry Visibility in Microsoft Sentinel

New data connector for AI agent behavior monitoring brings telemetry from A365, AI Foundry, and Copilot into Microsoft Sentinel for security investigations. Read More →

Microsoft Entra ID Assets: Device and Organizational Contact Visibility Expansion

Two new asset tables (EntraDevices, EntraOrgContacts) added to Microsoft Entra ID connector for BloodHound graph building and complete asset enumeration. Read More →

Azure DevOps Auditing Solution: Description Text Cleanup and Repackaging

Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references. Read More →

Microsoft Defender XDR: SUNSPOT Detection Rule Documentation Update

Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →

Microsoft Defender XDR: Teams Hunting Queries Version Number Fix

Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

Microsoft Copilot Connector — Critical Table Name Update from LLMActivity to CopilotActivity

Microsoft Copilot connector fixes critical table reference issue, standardizing on official CopilotActivity table name across all components. Read More →

ASIM Authentication Parsers: Hostname Resolution and Alias Fixes

Fixes SrcHostname resolution logic and IpAddr aliases in Microsoft Windows Event and SSH authentication parsers. Read More →

Microsoft Teams Security: 9 Additional Hunting Queries for Advanced Threat Detection

Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis. Read More →

Microsoft Teams Security: 7 New Hunting Queries for URL Threat Detection

New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams. Read More →

VMware ESXi SSH Brute Force Detection Plus Multi-Solution Updates

New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions. Read More →