Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection

Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage. Read More →

MuleSoft CloudHub: CCF Alerts Connector Expands DevOps Monitoring Coverage

New CCF connector adds alert ingestion capability to existing MuleSoft CloudHub logs solution, enabling comprehensive application lifecycle monitoring. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

Salesforce Service Cloud: New ASIM WebSession Parser Enables Normalized API/Web Request Monitoring

ASIM WebSession parser for Salesforce Service Cloud normalizes API and web session logs into standardized schema, enabling unified monitoring across SaaS platforms. Read More →

MuleSoft CloudHub: CCF Push Connector Eliminates API Rate Limits and Duplicate Data Issues

MuleSoft deploys real-time Log4j HTTP appender connector via CCF, offering customers performance alternative to existing Azure Function connector. Read More →

Microsoft 365 Audit Pipeline: Two New CCF Connectors Fill Copilot, DLP, and Specialty Workload Visibility Gap

New dual-connector CCF solution ingests 30 Microsoft 365 audit workloads including Copilot interactions, DLP events, and 29 specialty services into a unified 321-column schema. Read More →

Pathlock TD&R: Major Detection Coverage Expansion with 77 New SAP-Focused Analytic Rules

Pathlock Threat Detection & Response adds 77 comprehensive SAP security analytic rules covering ABAP changes, user activities, system modifications, and financial data access. Read More →

GitHub Audit Log Connector: Azure Storage Integration Addresses API Rate Limits

New Azure Storage-based GitHub Enterprise audit log connector overcomes CCF API rate limitations through Event Grid blob notifications. Read More →

Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files

Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting. Read More →

Microsoft Agent Identities Connector: New Entra Non-Human Identity Asset Visibility (Preview)

Agent 365 solution adds new Microsoft Agent Identities connector for tracking agent blueprints and non-human identity assets across four data tables. Read More →

Cisco Umbrella CCF: Public Preview Expands Data Visibility with 10 New Log Tables

New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection. Read More →

ASIM Parser Development Automation: GitHub Copilot Skills for Accelerated Detection Engineering

GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers. Read More →

Entra ID Post-Credential Activity Detection: Service Principal Staging and Privileged Role Escalation

Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse. Read More →

Gentlemen Ransomware Campaign: New Hunting Queries for EtherRAT/TukTuk IOCs and Web3 C2 Infrastructure

Two hunting queries added targeting Gentlemen ransomware campaign artifacts including payload hashes and decentralized Web3/SaaS C2 infrastructure used by EtherRAT and TukTuk malware. Read More →

LockBit Hunting Query: ActiveMQ Exploit IoC Detection Added

New hunting query provides hash-based detection for LockBit ransomware artifacts deployed via Apache ActiveMQ CVE-2023-46604 exploitation. Read More →

Airlock Digital Solution: Application Control Visibility for Endpoint Security

New CCF connector enables ingestion of Airlock Digital application control logs, providing execution monitoring and file activity visibility to detect unauthorized software execution. Read More →

AWS Security Hub Compliance Workbook: Comprehensive Security Posture Visualization Now Available

New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management. Read More →

NordStellar CCF Push Connector: Real-time Threat Intelligence Integration Now Available

New NordStellar solution delivers real-time threat intelligence and exposure monitoring via CCF Push architecture to unified NordStellar_CL table. Read More →

Entra ID Identity Boundary Expansion: Three New Hunting Queries for Stealthy Persistence

Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts. Read More →

ASIM AlertEvent Support Added for Bitdefender GravityZone Security Platform

New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection. Read More →