New Solution: meshStack Platform Event Logs Integration for Cloud Governance
meshStack event logging connector enables cloud platform governance monitoring by ingesting developer platform events into Microsoft Sentinel. Read More →
meshStack event logging connector enables cloud platform governance monitoring by ingesting developer platform events into Microsoft Sentinel. Read More →
Official TacitRed Defender TI solution from Data443 enables automated sync of compromised credentials to Microsoft Defender Threat Intelligence. Read More →
Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →
CreateSolutionV3 script now supports offline semantic versioning with local version management alongside existing catalog API mode. Read More →
Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →
Large release adds two new threat intelligence solutions (Cyble Vision, Tropico) and updates to 15+ existing solutions across the repository. Read More →
New Miro solution added with CCF connectors for audit logs and content logs to enable collaboration platform security monitoring. Read More →
New Conditional Access SISM workbook added to provide comprehensive CA policy monitoring and Zero Trust analytics. Read More →
Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →
New compliance monitoring solution provides IT systems change tracking and segregation of duties controls for Sarbanes-Oxley compliance programs. Read More →
New SOC Prime Platform audit logs data connector added using CCF framework, providing visibility into SOC Prime TDM platform user activities and administrative actions. Read More →
Three new entity analyzer playbooks added with HTTP, URL, and incident triggers for automated URL and user entity enrichment. Read More →
Added six new aggregation parsers for Corelight sensor data including DNS, HTTP, files, connections, SSL, and weird events with improved CIM mapping. Read More →
New ASIM normalisation parsers added for six Azure Firewall log tables, expanding detection coverage for network sessions, DNS queries, and web traffic analysis. Read More →
Added Linux-compatible version of Sentinel Transition Helper script using Azure CLI for cross-platform SOC environment analysis. Read More →
Released Solutions Analyzer tool for automated discovery and mapping of connector-to-table relationships across Sentinel solutions with CSV reporting. Read More →
PowerShell automation tools added for scalable SAP BTP subaccount onboarding to Microsoft Sentinel, enabling SOC teams to efficiently connect dozens of BTP subaccounts at once. Read More →
CCF connector and detection rule for Quokka Qscout mobile app security analysis platform provides visibility into malicious mobile application findings. Read More →
ZeroFox alert ingestion modernized with CCF-based connector, replacing deprecated CCP framework. Read More →
Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis. Read More →