Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables

The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed. Read More →

iboss Solution 3.1.3: New Malware and C2 Analytic Rules for Web Gateway Telemetry

iboss Solution 3.1.3 ships two new Scheduled Analytic Rules that surface malware detections and C2 communications flagged by the iboss gateway, closing a detection gap for organizations relying solely on raw CommonSecurityLog ingestion. Read More →

New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →

Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths

A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →

New ASIM AlertEvent Parser for Google SecOps Extends Normalised Detection Coverage

A new ASIM AlertEvent parser pair normalises Google SecOps Detection Alerts from the DetectionAlerts_CL custom table into the ASIM AlertEvent schema, enabling source-agnostic alert hunting and cross-platform detection rules against Google SecOps data. Read More →

Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry

Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use. Read More →

Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel

The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry – closing a significant blind spot for backup infrastructure security monitoring. Read More →

CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema

A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Netskope Security Cloud Joins ASIM AlertEvent Schema — Threats Now Normalised from NetskopeAlerts_CL

A new ASIM AlertEvent parser for Netskope Security Cloud normalises DLP, malware, C2, IPS, compromised credential, UBA, and policy alerts from the NetskopeAlerts_CL table into the standard AlertEvent schema, enabling source-agnostic detections and hunting across Netskope data. Read More →

New BlueVoyant CCF Connector Brings Anthropic Claude Compliance Activity into Microsoft Sentinel

BlueVoyant new Solution adds a CCF-based Data Connector that polls the Anthropic Claude Compliance API every 10 minutes and lands compliance events in the custom table BV_ClaudeCompliance_ComplianceActivities_CL, opening a new AI platform audit surface in Sentinel. Read More →

New eDCRule Solution: 10 Entra ID and Azure Subscription Analytic Rules for Privilege Escalation and Identity Abuse Detection

A new community solution adds 10 scheduled Analytic Rules (plus Chinese-localized counterparts) targeting Microsoft Entra ID privilege escalation, OAuth token abuse, federation trust tampering, and Azure VM Run Command abuse correlated with UEBA signals. Read More →

New AWS Config CCF Connector: Resource Configuration Visibility via Custom API Pull

A new community CCF connector ingests AWS Config configuration item notifications into Microsoft Sentinel via a self-hosted AWS API Gateway/Lambda/DynamoDB backend, populating the AWSConfig_CL table for cloud resource configuration monitoring. Read More →

Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API

New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic. Read More →

Palo Alto XDR ASIM Parser: Normalizing Cortex XDR Alert Data for Cross-Platform Detection

New ASIM AlertEvent parser brings Palo Alto Cortex XDR alert normalization to Microsoft Sentinel via CCF connector. Read More →

UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage

Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics. Read More →

Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel

New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

CCF Blob Connector Accelerator: Developer Reference Implementation for Event-Driven Log Ingestion

New tool provides ISV partners with complete end-to-end CCF StorageAccountBlobContainer connector pattern including automated deployment and reference solution. Read More →

Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection

Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage. Read More →