<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Parsers on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/parsers/</link><description>Recent content in Parsers on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 16:24:56 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/parsers/index.xml" rel="self" type="application/rss+xml"/><item><title>Cisco Secure Endpoint ASIM AlertEvent Parser: Missing Mandatory Fields Causing Data Fidelity Gap</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14631/</link><pubDate>Fri, 10 Jul 2026 16:24:56 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14631/</guid><description>TimeGenerated and Type fields were absent from the Cisco Secure Endpoint ASIM AlertEvent parser output, causing null returns for all rows referencing these now-mandatory schema fields in downstream queries.</description></item><item><title>New ASIM AgentEvent Parser Unlocks Anthropic Claude Compliance Log Normalization</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14578/</link><pubDate>Fri, 10 Jul 2026 16:24:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14578/</guid><description>Two new ASIM AgentEvent parsers normalize Anthropic Claude Compliance API logs (via BlueVoyant CCF connector) into the ASIM AgentEvent schema, enabling unified hunting across AI agent activity events.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</link><pubDate>Fri, 10 Jul 2026 00:13:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</guid><description>A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel.</description></item><item><title>SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</link><pubDate>Thu, 09 Jul 2026 22:44:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</guid><description>The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced.</description></item><item><title>Azure Firewall ASIM DNS Parsers: Silent Union Failure Fixed for Resource-Specific Log Mode</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14609/</link><pubDate>Thu, 09 Jul 2026 22:21:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14609/</guid><description>When Azure Firewall is configured to send logs only to the resource-specific AZFWDnsQuery table, the AzureDiagnostics branch of both ASimDnsAzureFirewall and vimDnsAzureFirewall parsers was aborting with a scalar resolution error, dropping all DNS query data from those branches entirely.</description></item><item><title>Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</link><pubDate>Thu, 09 Jul 2026 22:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</guid><description>Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</link><pubDate>Thu, 02 Jul 2026 19:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</guid><description>A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector.</description></item><item><title>GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</link><pubDate>Thu, 02 Jul 2026 11:15:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</guid><description>The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</link><pubDate>Wed, 01 Jul 2026 07:05:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</guid><description>A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs.</description></item><item><title>Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</link><pubDate>Wed, 01 Jul 2026 06:13:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</guid><description>A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record.</description></item><item><title>New ASIM NetworkSession Parser for Cisco FTD Extends Network Visibility via AMA Connector</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14569/</link><pubDate>Tue, 30 Jun 2026 22:04:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14569/</guid><description>Cisco Firepower Threat Defense (FTD) logs ingested via the Cisco ASA/FTD AMA connector can now be normalised into the ASIM NetworkSession schema, enabling source-agnostic detections and hunting queries to run against FTD firewall and IDS events.</description></item><item><title>New ASIM Authentication Parser for Cisco Firepower Threat Defense Closes Syslog Auth Visibility Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14581/</link><pubDate>Tue, 30 Jun 2026 16:24:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14581/</guid><description>A new ASIM Authentication parser for Cisco FTD normalises SSH login success and failure events from Syslog into the imAuthentication/ASimAuthentication schema, enabling source-agnostic detection coverage for Cisco firewall authentication activity.</description></item><item><title>ASIM Schema Docs Pruned -- Canonical Definitions Moved to Microsoft Learn</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14586/</link><pubDate>Tue, 30 Jun 2026 16:15:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14586/</guid><description>Nine ASIM schema YAML files and a parsers list have been removed from the repo as the canonical schema definitions are now hosted on Microsoft Learn, with two new schemas (Agent Event and Asset Entity) documented in the README.</description></item><item><title>Salesforce Service Cloud ASIM Authentication Parser: Extended to Cover CCF V2/V3 Connector Tables</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14215/</link><pubDate>Fri, 26 Jun 2026 17:34:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14215/</guid><description>The ASIM Authentication parser for Salesforce Service Cloud now normalises logs from the V2 and V3 CCF connector tables &amp;ndash; environments using the updated codeless connectors were previously producing zero normalised authentication events.</description></item><item><title>Cisco ISE ASIM Auth Parser: Regex Fix Restores EventOriginalType Extraction Across Log Format Variants</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14554/</link><pubDate>Thu, 25 Jun 2026 18:49:15 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14554/</guid><description>A broken regex in both the ASimAuthenticationCiscoISE and vimAuthenticationCiscoISE parsers caused EventOriginalType to return null for Cisco ISE syslog messages that include extended timestamp/sequence prefixes, silently dropping event classification for those log variants.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item><item><title>Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</link><pubDate>Thu, 25 Jun 2026 09:31:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</guid><description>The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser.</description></item><item><title>Fortinet FortiGate ASIM Auth Parser: Failed and System-Success Login Events Were Silently Dropped</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14548/</link><pubDate>Wed, 24 Jun 2026 16:48:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14548/</guid><description>The FortiGate ASIM Authentication parser was silently discarding event:system failed and event:system success log types, creating a blind spot for credential-based attacks and successful system authentications on FortiGate devices.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>New ASIM AlertEvent Parser for Google SecOps Extends Normalised Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14221/</link><pubDate>Tue, 23 Jun 2026 21:29:46 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14221/</guid><description>A new ASIM AlertEvent parser pair normalises Google SecOps Detection Alerts from the DetectionAlerts_CL custom table into the ASIM AlertEvent schema, enabling source-agnostic alert hunting and cross-platform detection rules against Google SecOps data.</description></item><item><title>Halcyon Anti-Ransomware: New CCF v2 Connector and OCSF Parsers Unlock Full Endpoint Telemetry</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</link><pubDate>Tue, 23 Jun 2026 05:05:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14460/</guid><description>Halcyon Solution v3.2.0 ships a new CCF-based v2 Data Connector with two dedicated custom tables (HalcyonEventsV2_CL, HalcyonAlertUpdatesV2_CL) ingesting OCSF-formatted endpoint telemetry, plus eight class-scoped parsers that surface process, file, network, DNS, kernel, auth, application, and alert data for immediate query use.</description></item><item><title>New ASIM WebSession Parser Brings AWS WAF Traffic into Normalized Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14496/</link><pubDate>Mon, 22 Jun 2026 21:57:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14496/</guid><description>AWS WAF web session logs can now be ingested and normalized via the ASIM WebSession schema, enabling source-agnostic detections against WAF allow/block/challenge/captcha decisions from the AWSWAF table.</description></item><item><title>Veeam Backup and Replication CCF Connector Now in Public Preview: Six Security Data Streams Added to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</link><pubDate>Mon, 22 Jun 2026 15:53:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14462/</guid><description>The Veeam CCF connector enters Public Preview, bringing six new custom log tables covering malware detection, security compliance, authorization events, Veeam ONE alarms, Coveware ransomware findings, and session telemetry &amp;ndash; closing a significant blind spot for backup infrastructure security monitoring.</description></item><item><title>CrowdStrike Falcon AlertEvent ASIM Parser: Falcon Detections Now Normalised into Unified Alert Schema</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</link><pubDate>Fri, 19 Jun 2026 23:45:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14488/</guid><description>A new ASIM AlertEvent parser for CrowdStrike Falcon ingested via CCF normalises detection data from the CrowdStrikeDetections table into the ASIM AlertEvent schema, enabling source-agnostic detection and hunting queries across EDR alert data.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</link><pubDate>Fri, 19 Jun 2026 09:00:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</guid><description>The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API &amp;ndash; deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated.</description></item><item><title>Netskope Security Cloud Joins ASIM AlertEvent Schema â Threats Now Normalised from NetskopeAlerts_CL</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14493/</link><pubDate>Wed, 17 Jun 2026 18:29:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14493/</guid><description>A new ASIM AlertEvent parser for Netskope Security Cloud normalises DLP, malware, C2, IPS, compromised credential, UBA, and policy alerts from the NetskopeAlerts_CL table into the standard AlertEvent schema, enabling source-agnostic detections and hunting across Netskope data.</description></item><item><title>ASIM Parser CI Workflows Fixed: File-Not-Found Errors Were Silently Skipping All Parser Tests</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14499/</link><pubDate>Tue, 16 Jun 2026 22:44:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14499/</guid><description>The ASIM parser schema and data ingestion test workflows were failing to read parser YAML and sample data files at runtime due to broken URL-based file access; this fix switches to local filesystem reads, restoring test coverage for all modified ASIM parsers.</description></item><item><title>Palo Alto XDR ASIM Parser: Normalizing Cortex XDR Alert Data for Cross-Platform Detection</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</link><pubDate>Fri, 12 Jun 2026 21:43:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14401/</guid><description>New ASIM AlertEvent parser brings Palo Alto Cortex XDR alert normalization to Microsoft Sentinel via CCF connector.</description></item><item><title>ASIM Template Validation: Reliability Fix for Flaky Test Results and Performance Optimization</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14469/</link><pubDate>Fri, 12 Jun 2026 20:19:55 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14469/</guid><description>ASIM parser validation workflow updated to use local repository files instead of raw GitHub URLs, fixing malformed URL issues causing test failures.</description></item><item><title>ASIM Validator Infrastructure: Schema Testing Migrated to Remote Download Pattern</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14473/</link><pubDate>Fri, 12 Jun 2026 19:59:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14473/</guid><description>ASIM parser validation tooling updated to download ASimSchemaTester from GitHub instead of using hardcoded inline function.</description></item><item><title>Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</link><pubDate>Fri, 12 Jun 2026 07:00:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</guid><description>Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers.</description></item><item><title>Field Effect MDR Integration: New CCF Connector Delivers Cloud-Based Threat Detection</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</link><pubDate>Thu, 11 Jun 2026 08:21:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14046/</guid><description>Field Effect MDR solution adds Microsoft Sentinel ingestion for ARO (Automated Response Operations) alerts via CCF, expanding managed detection coverage.</description></item><item><title>MuleSoft CloudHub: CCF Alerts Connector Expands DevOps Monitoring Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14447/</link><pubDate>Wed, 10 Jun 2026 14:07:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14447/</guid><description>New CCF connector adds alert ingestion capability to existing MuleSoft CloudHub logs solution, enabling comprehensive application lifecycle monitoring.</description></item><item><title>StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</link><pubDate>Wed, 10 Jun 2026 10:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</guid><description>Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration.</description></item><item><title>Bitdefender GravityZone Parser: Critical Fix for Network Sandboxing Event Parsing Failure</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14412/</link><pubDate>Wed, 10 Jun 2026 06:42:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14412/</guid><description>ASIM parser for Bitdefender GravityZone was failing due to missing type cast, preventing ingestion of network sandboxing alerts.</description></item><item><title>Salesforce Service Cloud: New ASIM WebSession Parser Enables Normalized API/Web Request Monitoring</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14424/</link><pubDate>Tue, 09 Jun 2026 20:35:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14424/</guid><description>ASIM WebSession parser for Salesforce Service Cloud normalizes API and web session logs into standardized schema, enabling unified monitoring across SaaS platforms.</description></item><item><title>Cisco Meraki Parser: Critical Self-Reference Recursion Fixed After v3.0.5 Packaging Error</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14435/</link><pubDate>Tue, 09 Jun 2026 06:46:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14435/</guid><description>Restores Cisco Meraki parser functionality by fixing table reference error that caused recursive failure and broke all downstream queries.</description></item><item><title>ASIM Parser Testing: Bitdefender GravityZone Validation Conflict Resolved</title><link>http://sentinelchangelog.net/posts/2026-06-08-pr-14411/</link><pubDate>Mon, 08 Jun 2026 21:41:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-08-pr-14411/</guid><description>Removes duplicate CustomFunction test shim causing KQL validation failures after parser merge.</description></item><item><title>Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</link><pubDate>Fri, 05 Jun 2026 10:14:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</guid><description>Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks.</description></item><item><title>Check Point ASIM NetworkSession Parser: DeviceVendor Field Matching Fix</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-13776/</link><pubDate>Fri, 05 Jun 2026 08:25:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-13776/</guid><description>Check Point firewall ASIM parser updated to handle both &amp;ldquo;Check Point&amp;rdquo; and &amp;ldquo;CheckPoint&amp;rdquo; DeviceVendor field values, fixing parsing failures introduced in PR #12056.</description></item><item><title>Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</link><pubDate>Fri, 05 Jun 2026 05:39:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</guid><description>Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities.</description></item><item><title>CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</link><pubDate>Fri, 05 Jun 2026 05:38:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</guid><description>CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security.</description></item><item><title>Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files</title><link>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</link><pubDate>Thu, 04 Jun 2026 10:47:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</guid><description>Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting.</description></item><item><title>ASIM Authentication Parsers: Palo Alto Data Fidelity Fix for DvcIpAddr Field</title><link>http://sentinelchangelog.net/posts/2026-06-02-pr-14396/</link><pubDate>Tue, 02 Jun 2026 21:22:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-02-pr-14396/</guid><description>ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap.</description></item><item><title>Cisco Umbrella CCF: Public Preview Expands Data Visibility with 10 New Log Tables</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14378/</link><pubDate>Mon, 01 Jun 2026 14:34:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14378/</guid><description>New Codeless Connector Framework introduces comprehensive log coverage across DNS, web traffic, cloud firewall, admin audit, DLP, file events, IPS, VPN and Zero Trust access for enhanced threat detection.</description></item><item><title>ASIM Parser Development Automation: GitHub Copilot Skills for Accelerated Detection Engineering</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14383/</link><pubDate>Fri, 29 May 2026 23:39:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14383/</guid><description>GitHub Copilot agent skills now automate the complete ASIM parser creation workflow, reducing parser development time from days to hours for security engineers.</description></item></channel></rss>