Sonrai Security CCF Connector: New Cloud Security Posture Visibility
Sonrai Security compliance tickets now integrate directly with Microsoft Sentinel through a new CCF push connector. Read More →
Sonrai Security compliance tickets now integrate directly with Microsoft Sentinel through a new CCF push connector. Read More →
VMware Workspace ONE Unified Endpoint Management platform now available in Microsoft Sentinel via CCF connector for device compliance monitoring and shadow IT detection. Read More →
Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations. Read More →
Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors. Read More →
Adds hunting query to detect hardware keystroke injectors spawning PowerShell through explorer.exe with evasion patterns. Read More →
New hunting query identifies short-lived code signing certificates (≤14 days) on non-developer endpoints to detect Fox Tempest MSaaS operations. Read More →
New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams. Read More →
New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks. Read More →
Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs. Read More →
New hunting query identifies delivered emails using raw IPv4 addresses as URL domains to detect phishing campaigns bypassing domain reputation systems. Read More →
Three hunting queries targeting silent defense weakening techniques and off-hours privilege escalation in Entra ID environments. Read More →
Three new hunting queries detect LSASS memory dumping using behavioral physics rather than brittle timing or tool names. Read More →
Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook. Read More →
New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques. Read More →
New hunting query detects fileless .NET execution even when attackers patch ETW by monitoring kernel-level .NET runtime DLL loading in native processes and untrusted paths. Read More →
New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios. Read More →
Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking. Read More →
Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection. Read More →
New CCF-based connector ingests Illumio AI-powered threat discovery reports with network flow analysis, geographic context, and MITRE ATT&CK framework integration. Read More →
Fortra Agari transitions from Azure Functions to CCF framework, restoring Brand Protection, Phishing Defense, and Phishing Response visibility with DCR-based ingestion. Read More →