AWS ELB Connector: Public Preview CCF Ingestion for ALB, NLB, and GLB Logs

New CCF connector enables ingestion of AWS Elastic Load Balancer access and flow logs into Microsoft Sentinel for network traffic monitoring and threat detection. Read More →

Upwind Cloud Security: New Data Connector Unlocks Cloud Asset Visibility

New Upwind solution enables ingestion of compute platform assets with risk assessments, vulnerability data, and network exposure metrics. Read More →

ASIM AuditEvent Parser: Azure SQL Security Audit Data Normalized for Detection

New ASIM parser enables normalized analysis of SQL security audit events from SQLSecurityAuditEvents and AzureDiagnostics tables. Read More →

Semperis Lightning: New Active Directory Security Monitoring Platform Added to Content Hub

Semperis Lightning connector brings comprehensive Active Directory tier-0 attack path monitoring and privileged access visibility to Microsoft Sentinel via real-time API ingestion. Read More →

Datawiza Solution: New Detection for Server Error Spike Monitoring

Datawiza solution adds server error spike detection to identify potential DDoS attacks or system misconfigurations. Read More →

GitHub Workflows: Code Injection Risk Mitigation via Environment Variable Security Fix

Fixed code injection vulnerabilities in CI workflows by replacing direct GitHub context interpolation with safer environment variable patterns. Read More →

Commvault Connector: Migration from Legacy Sentinel API to Modern Logs Ingestion Architecture

Commvault Security IQ connector migrated from deprecated Log Analytics API to Azure Monitor Logs Ingestion API with DCE/DCR architecture. Read More →

ASIM Asset Entity Schema: New Schema Foundation for Asset Management

Introduces complete ASIM Asset Entity schema with parsers, empty templates, and CI integration to enable asset-centric security monitoring. Read More →

TheHive Incident Response: New CCF Connector for SOAR Platform Integration

Microsoft Sentinel gains native ingestion from TheHive security incident response platform via CCF connector, enabling case management visibility and response workflow correlation. Read More →

CTM360 HackerView: Connector Ingestion Restored After Complete Deployment Failure

CTM360 HackerView Function App connector was completely broken due to backup flag logic errors, preventing all threat intelligence ingestion until this fix. Read More →

New Trellix Endpoint Security: CCF Connector Unlocks ePO Threat Visibility in Sentinel

New solution delivers Trellix ePO endpoint security events via CCF with OAuth2 authentication and comprehensive threat intelligence data. Read More →

Solutions Analyzer Tools: Kusto Upload, CCF Legacy Support, and Parser Analysis Enhancements

Major tooling update adds Kusto integration, improves CCF connector classification, and fixes ASIM parser documentation generation. Read More →

CognyteLuminar: Deployment Configuration and Soft Link Updates

ARM template deployment links updated and Function App soft links corrected for flex and premium consumption plans. Read More →

Global Secure Access: Enhanced Threat Intelligence Correlation and MCP Monitoring

New analytic rules correlate threat intelligence indicators with GSA traffic while MCP Servers Dashboard provides Model Context Protocol server monitoring. Read More →

CI Pipeline: Sample Data Validation Workflow Modernized to Node.js 20

Legacy npm 6.14.18 dependency causing validation failures replaced with modern Node.js 20 LTS setup and deterministic builds. Read More →

Armis IoT Security Solution: Enhanced Log Ingestion and Data Collection Rule Integration

Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →

Major Solution Release: Cyble Vision and Tropico Solutions Added Plus Multi-Solution Updates

Large release adds two new threat intelligence solutions (Cyble Vision, Tropico) and updates to 15+ existing solutions across the repository. Read More →

New Cyble Vision Threat Intelligence Solution: Comprehensive CCF-Based Alert Platform

Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →

Contrast ADR Detection: Fixed Field Reference Causing Query Failures

Corrected field name from incident_id_s to incidentId_s in Contrast EDR detection rule. Read More →

ProofPoint TAP Detection Rules Updated for v2 Connector Migration

Two ProofPoint TAP Analytic Rules updated to reference ProofpointTAPv2 connector ID, ensuring compatibility with the newer connector version. Read More →