<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>New on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/new/</link><description>Recent content in New on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 16:24:01 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/new/index.xml" rel="self" type="application/rss+xml"/><item><title>New ASIM AgentEvent Parser Unlocks Anthropic Claude Compliance Log Normalization</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14578/</link><pubDate>Fri, 10 Jul 2026 16:24:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14578/</guid><description>Two new ASIM AgentEvent parsers normalize Anthropic Claude Compliance API logs (via BlueVoyant CCF connector) into the ASIM AgentEvent schema, enabling unified hunting across AI agent activity events.</description></item><item><title>New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</link><pubDate>Fri, 10 Jul 2026 06:24:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</guid><description>A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</link><pubDate>Fri, 10 Jul 2026 00:13:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</guid><description>A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>Untitled</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</link><pubDate>Wed, 08 Jul 2026 05:12:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14630/</guid><description>&lt;p&gt;test&lt;/p&gt;
&lt;h2 id="affected-files"&gt;Affected Files&lt;/h2&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;.script/tests/KqlvalidationsTests/CustomTables/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_CL.json
DataConnectors/Frends iPaaS/FrendsAuditLogs_Sentinel_CCF.json
DataConnectors/Frends iPaaS/README.md
&lt;/code&gt;&lt;/pre&gt;</description></item><item><title>New CCF Connector Builder Accelerator: AI-Assisted End-to-End Pull Connector Generation for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</link><pubDate>Tue, 07 Jul 2026 13:50:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14567/</guid><description>Adds a GitHub Copilot agent accelerator to the Tools/ directory that automates generation of the four CCF connector files (polling config, DCR, table schema, connector definition) from any REST API documentation &amp;ndash; lowering the barrier for partners building custom data connectors.</description></item><item><title>Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</link><pubDate>Fri, 03 Jul 2026 12:30:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</guid><description>A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility.</description></item><item><title>New Hunting Query: BadUSB HID Injection via certutil LOLBIN Detected Through explorer.exe Parent Signal</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14600/</link><pubDate>Fri, 03 Jul 2026 07:48:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14600/</guid><description>A new hunting query surfaces BadUSB payloads that abuse certutil.exe or cmd.exe via the WIN+R Run dialog by keying on explorer.exe as the initiating process &amp;ndash; a signal absent from existing generic certutil LOLBin detections.</description></item><item><title>ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</link><pubDate>Thu, 02 Jul 2026 19:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</guid><description>A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector.</description></item><item><title>AWS S3 Connector: CloudFormation IaC Templates Added for Repeatable AWS-Side Deployment</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14557/</link><pubDate>Wed, 01 Jul 2026 07:59:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14557/</guid><description>Four CloudFormation templates (CloudTrail, CloudWatch, VPC Flow Logs, GuardDuty) and an OIDC trust template now provide enterprise-grade IaC deployment of the AWS-side resources required by the Microsoft Sentinel Amazon Web Services S3 connector, complementing the existing PowerShell setup flow.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</link><pubDate>Wed, 01 Jul 2026 07:05:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</guid><description>A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs.</description></item><item><title>WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</link><pubDate>Wed, 01 Jul 2026 06:14:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</guid><description>A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments.</description></item><item><title>New ASIM NetworkSession Parser for Cisco FTD Extends Network Visibility via AMA Connector</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14569/</link><pubDate>Tue, 30 Jun 2026 22:04:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14569/</guid><description>Cisco Firepower Threat Defense (FTD) logs ingested via the Cisco ASA/FTD AMA connector can now be normalised into the ASIM NetworkSession schema, enabling source-agnostic detections and hunting queries to run against FTD firewall and IDS events.</description></item><item><title>New ASIM Authentication Parser for Cisco Firepower Threat Defense Closes Syslog Auth Visibility Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14581/</link><pubDate>Tue, 30 Jun 2026 16:24:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14581/</guid><description>A new ASIM Authentication parser for Cisco FTD normalises SSH login success and failure events from Syslog into the imAuthentication/ASimAuthentication schema, enabling source-agnostic detection coverage for Cisco firewall authentication activity.</description></item><item><title>New Workbook: Hybrid Attack Kill-Chain Hunting Across Cloud and On-Prem Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</link><pubDate>Mon, 29 Jun 2026 06:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</guid><description>A new behavior-led hunting workbook registers in Microsoft Sentinel covering end-to-end hybrid identity attack scenarios across 7 MITRE ATT&amp;amp;CK phases, correlating signals from Entra ID, Azure, on-prem AD, and Defender XDR.</description></item><item><title>New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</link><pubDate>Mon, 29 Jun 2026 04:21:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</guid><description>A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID &amp;ndash; covering full kill chains that individual, single-source detections routinely miss.</description></item><item><title>Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</link><pubDate>Fri, 26 Jun 2026 05:11:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</guid><description>A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory &amp;ndash; including IP, hostname, OS, severity, and vulnerability counts &amp;ndash; into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel.</description></item><item><title>New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</link><pubDate>Thu, 25 Jun 2026 11:56:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</guid><description>A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table &amp;ndash; covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection &amp;ndash; plus an incident-response Playbook and a quarantine dashboard Workbook.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item><item><title>iboss Solution 3.1.3: New Malware and C2 Analytic Rules for Web Gateway Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14525/</link><pubDate>Thu, 25 Jun 2026 06:26:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14525/</guid><description>iboss Solution 3.1.3 ships two new Scheduled Analytic Rules that surface malware detections and C2 communications flagged by the iboss gateway, closing a detection gap for organizations relying solely on raw CommonSecurityLog ingestion.</description></item><item><title>New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</link><pubDate>Wed, 24 Jun 2026 05:54:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-13721/</guid><description>A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>New ASIM AlertEvent Parser for Google SecOps Extends Normalised Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14221/</link><pubDate>Tue, 23 Jun 2026 21:29:46 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14221/</guid><description>A new ASIM AlertEvent parser pair normalises Google SecOps Detection Alerts from the DetectionAlerts_CL custom table into the ASIM AlertEvent schema, enabling source-agnostic alert hunting and cross-platform detection rules against Google SecOps data.</description></item><item><title>Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</link><pubDate>Tue, 23 Jun 2026 05:05:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</guid><description>Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use.</description></item><item><title>Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</link><pubDate>Mon, 22 Jun 2026 15:53:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</guid><description>The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry &amp;ndash; closing a significant blind spot for backup infrastructure security monitoring.</description></item><item><title>CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</link><pubDate>Fri, 19 Jun 2026 23:45:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</guid><description>A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>Netskope Security Cloud Joins ASIM AlertEvent Schema â Threats Now Normalised from NetskopeAlerts_CL</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14493/</link><pubDate>Wed, 17 Jun 2026 18:29:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14493/</guid><description>A new ASIM AlertEvent parser for Netskope Security Cloud normalises DLP, malware, C2, IPS, compromised credential, UBA, and policy alerts from the NetskopeAlerts_CL table into the standard AlertEvent schema, enabling source-agnostic detections and hunting across Netskope data.</description></item><item><title>New BlueVoyant CCF Connector Brings Anthropic Claude Compliance Activity into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14446/</link><pubDate>Wed, 17 Jun 2026 11:45:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14446/</guid><description>BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel.</description></item><item><title>New eDCRule Solution: 10 Entra ID and Azure Subscription Analytic Rules for Privilege Escalation and Identity Abuse Detection</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</link><pubDate>Wed, 17 Jun 2026 05:44:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</guid><description>A new community solution adds 10 scheduled Analytic Rules (plus Chinese-localized counterparts) targeting Microsoft Entra ID privilege escalation, OAuth token abuse, federation trust tampering, and Azure VM Run Command abuse correlated with UEBA signals.</description></item><item><title>New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14440/</link><pubDate>Wed, 17 Jun 2026 05:03:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14440/</guid><description>A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring.</description></item><item><title>Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</link><pubDate>Mon, 15 Jun 2026 03:10:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</guid><description>New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic.</description></item><item><title>Palo Alto XDR ASIM Parser: Normalizing Cortex XDR Alert Data for Cross-Platform Detection</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</link><pubDate>Fri, 12 Jun 2026 21:43:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</guid><description>New ASIM AlertEvent parser brings Palo Alto Cortex XDR alert normalization to Microsoft Sentinel via CCF connector.</description></item><item><title>UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</link><pubDate>Fri, 12 Jun 2026 10:15:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</guid><description>Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics.</description></item><item><title>Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</link><pubDate>Fri, 12 Jun 2026 07:51:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</guid><description>New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events.</description></item><item><title>Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</link><pubDate>Fri, 12 Jun 2026 07:00:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</guid><description>Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers.</description></item><item><title>CCF Blob Connector Accelerator: Developer Reference Implementation for Event-Driven Log Ingestion</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14313/</link><pubDate>Fri, 12 Jun 2026 04:45:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14313/</guid><description>New tool provides ISV partners with complete end-to-end CCF StorageAccountBlobContainer connector pattern including automated deployment and reference solution.</description></item><item><title>Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</link><pubDate>Thu, 11 Jun 2026 08:21:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</guid><description>Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage.</description></item><item><title>MuleSoft CloudHub: CCF Alerts Connector Expands DevOps Monitoring Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14447/</link><pubDate>Wed, 10 Jun 2026 14:07:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14447/</guid><description>New CCF connector adds alert ingestion capability to existing MuleSoft CloudHub logs solution, enabling comprehensive application lifecycle monitoring.</description></item><item><title>StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</link><pubDate>Wed, 10 Jun 2026 10:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</guid><description>Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration.</description></item><item><title>Salesforce Service Cloud: New ASIM WebSession Parser Enables Normalized API/Web Request Monitoring</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14424/</link><pubDate>Tue, 09 Jun 2026 20:35:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14424/</guid><description>ASIM WebSession parser for Salesforce Service Cloud normalizes API and web session logs into standardized schema, enabling unified monitoring across SaaS platforms.</description></item><item><title>MuleSoft CloudHub: CCF Push Connector Eliminates API Rate Limits and Duplicate Data Issues</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14413/</link><pubDate>Tue, 09 Jun 2026 16:31:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14413/</guid><description>MuleSoft deploys real-time Log4j HTTP appender connector via CCF, offering customers performance alternative to existing Azure Function connector.</description></item><item><title>Microsoft 365 Audit Pipeline: Two New CCF Connectors Fill Copilot, DLP, and Specialty Workload Visibility Gap</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-13431/</link><pubDate>Tue, 09 Jun 2026 09:50:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-13431/</guid><description>New dual-connector CCF solution ingests 30 Microsoft 365 audit workloads including Copilot interactions, DLP events, and 29 specialty services into a unified 321-column schema.</description></item><item><title>Pathlock TD&amp;R: Major Detection Coverage Expansion with 77 New SAP-Focused Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14265/</link><pubDate>Fri, 05 Jun 2026 05:38:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14265/</guid><description>Pathlock Threat Detection &amp;amp; Response adds 77 comprehensive SAP security analytic rules covering ABAP changes, user activities, system modifications, and financial data access.</description></item><item><title>GitHub Audit Log Connector: Azure Storage Integration Addresses API Rate Limits</title><link>http://sentinelchangelog.net/posts/2026-06-04-pr-14408/</link><pubDate>Thu, 04 Jun 2026 20:19:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-04-pr-14408/</guid><description>New Azure Storage-based GitHub Enterprise audit log connector overcomes CCF API rate limitations through Event Grid blob notifications.</description></item><item><title>Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files</title><link>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</link><pubDate>Thu, 04 Jun 2026 10:47:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</guid><description>Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting.</description></item><item><title>Microsoft Agent Identities Connector: New Entra Non-Human Identity Asset Visibility (Preview)</title><link>http://sentinelchangelog.net/posts/2026-06-03-pr-14326/</link><pubDate>Wed, 03 Jun 2026 06:01:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-03-pr-14326/</guid><description>Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables.</description></item><item><title>Cisco Umbrella CCF: Public Preview Expands Data Visibility with 10 New Log Tables</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14378/</link><pubDate>Mon, 01 Jun 2026 14:34:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14378/</guid><description>New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection.</description></item></channel></rss>