Vaikora Solution: New AI Agent Governance Connector for Microsoft Sentinel

New CCF connector ingests Vaikora AI agent behavioral signals with 3 detection rules for policy violations, anomalies, and high-risk actions. Read More →

ASIM Agent Event Schema: New Normalization Framework for Security Agent Monitoring

Microsoft Sentinel gains ASIM Agent Event schema for normalizing security agent events across all vendor platforms. Read More →

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

Halcyon Anti-Ransomware: Connector Overhaul from ASIM to OCSF Schema Architecture

Halcyon connector migrated from direct ASIM ingestion to OCSF schema with ASIM transformation parsers, replacing 5 custom tables with unified HalcyonEvents_CL table. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

SAP ETD Cloud: User Account Correlation Now Available After Data Collection Gap

SAP ETD alerts now surface user account names and email addresses for incident correlation, filling a critical entity mapping gap that prevented effective identity-based investigations. Read More →

D3 Smart SOAR: New Detection for High/Critical Severity Incidents

D3 Smart SOAR solution now includes an Analytic Rule to automatically detect and escalate High or Critical severity incidents from SOAR platform data. Read More →

Contrast ADR: CCF Connector Deployment Unlocks Application Attack Visibility

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Tanium CCF Data Connector: Enhanced Endpoint Visibility with DCR-Based Ingestion

New CCF push connector for Tanium enables endpoint compliance, threat response, and patch data ingestion via DCR streams. Read More →

Palo Alto GlobalProtect: New ASIM Authentication Parser for VPN Monitoring

New ASIM parser normalizes GlobalProtect VPN authentication events from CommonSecurityLog table, enabling unified monitoring of gateway and portal authentication across Palo Alto PAN-OS deployments. Read More →

ASIM Parser Validation: Critical Schemas Added to CI Pipeline

Four ASIM schemas missing from KQL validation pipeline now included, preventing unvalidated parser deployments. Read More →

SOC Prime CCF: Three New Detection Rules for Platform Security Events

SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →

ASIM Authentication Schema: VMware vCenter Parser Enables Authentication Monitoring for On-Premises and Azure VMware Environments

New ASIM parser normalizes VMware vCenter authentication events from syslog streams to enable detection coverage across vSphere environments. Read More →

Cisco IOS: New ASIM Authentication Parser for Network Device Login Monitoring

ASIM authentication parser for Cisco IOS enables normalized monitoring of login, logout, and failed authentication events from network infrastructure devices. Read More →

Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibility

New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →

Detection Template Validation: connectorId Enforcement Added to Review Process

Detection authoring guidelines now require validation of connectorId values against the official repository allowlist to prevent invalid connector references. Read More →

Imperva Cloud WAF: Production Ready CCF Connector with Standard Tables

Imperva Cloud WAF CCF connector migrates from private preview custom tables to public preview standard tables. Read More →

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

ASIM WebSession Parser: New Cisco Umbrella Proxy Log Coverage

New ASIM parser adds web session visibility for Cisco Umbrella proxy logs, normalizing HTTP/HTTPS traffic data to standard schema. Read More →