Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection

Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage. Read More →

Solutions Analyzer v9.8: Connector Discovery Accuracy and Documentation Deep-Links

Enhanced Solutions Analyzer tooling improves connector discovery accuracy and adds artifact deep-linking for external integrations. Read More →

ASIM Parser Testing: Bitdefender GravityZone Validation Conflict Resolved

Removes duplicate CustomFunction test shim causing KQL validation failures after parser merge. Read More →

Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers

Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks. Read More →

Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files

Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting. Read More →

Cisco Umbrella CCF: Public Preview Expands Data Visibility with 10 New Log Tables

New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection. Read More →

ASIM Parser Development Automation: GitHub Copilot Skills for Accelerated Detection Engineering

GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers. Read More →

42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector

Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss. Read More →

Bitdefender GravityZone Solution v3.0.1 Adds Incident Analytics for Endpoint and Email Protection

Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →

ASIM AlertEvent Support Added for Bitdefender GravityZone Security Platform

New parsers enable normalization of Bitdefender GravityZone alert data into Microsoft Sentinel ASIM schema for unified threat detection. Read More →

BitSight: Function App to CCF Migration Restores Third-Party Risk Visibility

Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →

GitHub Actions Security: npm Scripts Disabled and Workflow Permissions Tightened

CI hardening prevents npm lifecycle script execution and restricts slash-command dispatch to authorized repository members only. Read More →

ASIM AssetEntity Schema: Three New Fields Added in v1.0.0 Release

ASIM AssetEntity schema upgraded to v1.0.0 with three new fields for enhanced entity correlation and snapshot tracking. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

Microsoft Entra ID Table Rename: Hunting Queries Updated for Current Schema

12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references. Read More →

Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

GitHub Actions Security: Fork PR Workflow Hardened Against Supply Chain Attacks

CI/CD security enhancement prevents automatic execution of untrusted fork code by implementing strict SafeToRun label gating. Read More →

Salesforce Service Cloud Connector: Enhanced Event Log Coverage and Multi-Domain Support

Major connector upgrade introduces comprehensive event field collection and multi-tenant monitoring capabilities. Read More →

GitHub Webhook V2 Connector: CLv2 Migration Ensures Continued GitHub Advanced Security Ingestion

New CLv2-based GitHub Webhook connector replaces deprecated CLv1 API to maintain ingestion of code scanning, Dependabot, and secret scanning alerts. Read More →