Google Directory Solution: New Playbook Integration with Extended Security Scope
Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →
Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →
NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →
New PowerShell assessment tool identifies migration blockers for Sentinel-to-Defender portal transitions. Read More →
SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →
ElasticAgent connector migrated to CCF framework to maintain system monitoring capability as HTTP Collector API approaches deprecation. Read More →
Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →
New ASIM parser normalizes VMware ESXi authentication events to enable centralized logon monitoring for hypervisor infrastructure. Read More →
New ASIM parser enables normalized threat detection from Cisco Secure Endpoint via CCF ingestion to CiscoSecureEndpointEventsV2_CL table. Read More →
Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns. Read More →
New Salesforce Audit Logs connector provides visibility into administrative changes and user authentication events across Salesforce orgs. Read More →
Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →
Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques. Read More →
Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →
Surfaces rapid ASN changes between interactive and non-interactive sign-ins within 10 minutes, indicating potential post-compromise token misuse. Read More →
ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams. Read More →
New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →
Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →
Logic App Playbook introduced to poll Vaikora AI agent signals and push high-risk actions as Custom IOCs to CrowdStrike Falcon for automated threat prevention. Read More →
Data443 introduces Vaikora AI agent behavioral signal integration with SentinelOne threat intelligence via a 6-hour polling playbook. Read More →
New solution provides real-time IP enrichment to detect VPN, residential proxy, and bot automation traffic in incidents and alerts. Read More →