Google Directory Solution: New Playbook Integration with Extended Security Scope

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

New Strider Shield Threat Intelligence Connector for Email Security Monitoring

NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →

Microsoft Sentinel to Defender Portal Migration Readiness Tool

New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions. Read More →

SailPoint IdentityNow: New CCF Connector with Dual Parser Support (v3.0.1)

SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →

Elastic Agent CCF Connector: Replacing Deprecated HTTP Collector API

ElasticAgent connector migrated to CCF framework to maintain system monitoring capability as HTTP Collector API approaches deprecation. Read More →

Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

VMware ESXi: ASIM Authentication Parser for Host Access Monitoring

New ASIM parser normalizes VMware ESXi authentication events to enable centralized logon monitoring for hypervisor infrastructure. Read More →

Cisco Secure Endpoint: ASIM AlertEvent Parser for Cloud-Based Threat Detection

New ASIM parser enables normalized threat detection from Cisco Secure Endpoint via CCF ingestion to CiscoSecureEndpointEventsV2_CL table. Read More →

Entra ID Attack Chain Detection: 5 New Hunting Queries Target Application Layer Persistence

Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns. Read More →

Salesforce Audit Visibility: New CCF Connector for Administrative Change Tracking

New Salesforce Audit Logs connector provides visibility into administrative changes and user authentication events across Salesforce orgs. Read More →

Zimperium MTD: New CCF Push Connector for Mobile Threat Telemetry

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Microsoft Entra ID: Service Principal Credential Manipulation by Rare Actors

Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques. Read More →

Microsoft Entra ID: Hunting Query for Password Spraying Detection via IP Failure Bursts

Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →

Microsoft Entra ID: New Hunting Query Detects Post-Compromise Token Abuse via ASN Mismatches

Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →

ZeroFox Digital Risk Protection: Complete CCF Migration with Dual Solution Architecture

ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams. Read More →

Vaikora AI Agent Security Monitoring for Defender for Cloud

New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

New Vaikora-CrowdStrike Integration: AI Agent Behavioral Signals to Custom IOCs

Logic App Playbook introduced to poll Vaikora AI agent signals and push high-risk actions as Custom IOCs to CrowdStrike Falcon for automated threat prevention. Read More →

Vaikora AI Security: New Logic App Playbook for SentinelOne Threat Intelligence Integration

Data443 introduces Vaikora AI agent behavioral signal integration with SentinelOne threat intelligence via a 6-hour polling playbook. Read More →

New Spur Context API Solution: High-Fidelity IP Intelligence for VPN and Proxy Detection

New solution provides real-time IP enrichment to detect VPN, residential proxy, and bot automation traffic in incidents and alerts. Read More →