http://sentinelchangelog.net/tags/playbooks/Recent content in Playbooks on sentinelchangelog.netHugo -- 0.157.0enMon, 25 May 2026 06:58:27 +0000http://sentinelchangelog.net/posts/2026-05-25-pr-14316/Mon, 25 May 2026 06:58:27 +0000http://sentinelchangelog.net/posts/2026-05-25-pr-14316/Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure.http://sentinelchangelog.net/posts/2026-05-25-pr-14121/Mon, 25 May 2026 05:24:48 +0000http://sentinelchangelog.net/posts/2026-05-25-pr-14121/Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook.http://sentinelchangelog.net/posts/2026-05-20-pr-13658/Wed, 20 May 2026 09:16:04 +0000http://sentinelchangelog.net/posts/2026-05-20-pr-13658/Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking.http://sentinelchangelog.net/posts/2026-05-18-pr-14273/Mon, 18 May 2026 12:09:43 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14273/Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation.http://sentinelchangelog.net/posts/2026-05-18-pr-14284/Mon, 18 May 2026 10:00:54 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14284/Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability.http://sentinelchangelog.net/posts/2026-05-12-pr-14126/Tue, 12 May 2026 09:22:23 +0000http://sentinelchangelog.net/posts/2026-05-12-pr-14126/Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces.http://sentinelchangelog.net/posts/2026-05-07-pr-14197/Thu, 07 May 2026 10:53:02 +0000http://sentinelchangelog.net/posts/2026-05-07-pr-14197/Fixes broken deployment of RFI-confirm-EntraID-risky-user playbook that failed with InvalidTemplate error due to stale action references.http://sentinelchangelog.net/posts/2026-05-05-pr-13986/Tue, 05 May 2026 07:17:48 +0000http://sentinelchangelog.net/posts/2026-05-05-pr-13986/New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring.http://sentinelchangelog.net/posts/2026-05-04-pr-14130/Mon, 04 May 2026 12:39:49 +0000http://sentinelchangelog.net/posts/2026-05-04-pr-14130/Joe Sandbox solution updated to v3.0.1 with Azure template fixes, updated storage API versions, and improved IOC processing in playbooks.http://sentinelchangelog.net/posts/2026-04-30-pr-13984/Thu, 30 Apr 2026 06:47:13 +0000http://sentinelchangelog.net/posts/2026-04-30-pr-13984/Logic App Playbook introduced to poll Vaikora AI agent signals and push high-risk actions as Custom IOCs to CrowdStrike Falcon for automated threat prevention.http://sentinelchangelog.net/posts/2026-04-29-pr-13985/Wed, 29 Apr 2026 12:39:43 +0000http://sentinelchangelog.net/posts/2026-04-29-pr-13985/Data443 introduces Vaikora AI agent behavioral signal integration with SentinelOne threat intelligence via a 6-hour polling playbook.http://sentinelchangelog.net/posts/2026-04-29-pr-14148/Wed, 29 Apr 2026 10:42:32 +0000http://sentinelchangelog.net/posts/2026-04-29-pr-14148/New solution provides real-time IP enrichment to detect VPN, residential proxy, and bot automation traffic in incidents and alerts.http://sentinelchangelog.net/posts/2026-04-23-pr-13858/Thu, 23 Apr 2026 05:24:37 +0000http://sentinelchangelog.net/posts/2026-04-23-pr-13858/SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities.http://sentinelchangelog.net/posts/2026-04-22-pr-13902/Wed, 22 Apr 2026 09:06:53 +0000http://sentinelchangelog.net/posts/2026-04-22-pr-13902/New comprehensive Microsoft Sentinel integration adds automated IOC collection, incident enrichment, and interactive threat intelligence dashboards for the Cyjax platform.http://sentinelchangelog.net/posts/2026-04-21-pr-13682/Tue, 21 Apr 2026 10:12:16 +0000http://sentinelchangelog.net/posts/2026-04-21-pr-13682/Recorded Future Identity solution deprecates Logic Apps-based incident creation and introduces Analytic Rules for Microsoft Defender Portal compatibility.http://sentinelchangelog.net/posts/2026-04-20-pr-14056/Mon, 20 Apr 2026 05:13:10 +0000http://sentinelchangelog.net/posts/2026-04-20-pr-14056/Recorded Future adds sandbox region configuration parameter and moves threat intelligence evidence details to comply with STIX standard structure.http://sentinelchangelog.net/posts/2026-04-17-pr-13994/Fri, 17 Apr 2026 07:15:59 +0000http://sentinelchangelog.net/posts/2026-04-17-pr-13994/Censys solution adds playbook and workbook for automated infrastructure pivoting and pivot analysis visualization using the Pivot Analysis API.http://sentinelchangelog.net/posts/2026-04-16-pr-14071/Thu, 16 Apr 2026 05:05:00 +0000http://sentinelchangelog.net/posts/2026-04-16-pr-14071/New SAP playbook enables automated user blocking via Teams adaptive cards with enhanced support for complex multi-alert incidents from Microsoft Defender XDR.http://sentinelchangelog.net/posts/2026-04-15-pr-13790/Wed, 15 Apr 2026 14:01:43 +0000http://sentinelchangelog.net/posts/2026-04-15-pr-13790/Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion.http://sentinelchangelog.net/posts/2026-04-10-pr-13946/Fri, 10 Apr 2026 07:20:38 +0000http://sentinelchangelog.net/posts/2026-04-10-pr-13946/Resolved deployment failure caused by invalid secureData configuration in Logic App Compose action.http://sentinelchangelog.net/posts/2026-04-07-pr-13990/Tue, 07 Apr 2026 13:22:30 +0000http://sentinelchangelog.net/posts/2026-04-07-pr-13990/Critical deployment fix for Cyren-SentinelOne connector that was failing ARM template validation in Content Hub, preventing threat intelligence data ingestion.http://sentinelchangelog.net/posts/2026-04-02-pr-13545/Thu, 02 Apr 2026 06:26:29 +0000http://sentinelchangelog.net/posts/2026-04-02-pr-13545/Added configurable RiskScoreThreshold parameter to prevent low-risk IOCs from generating incident comments.http://sentinelchangelog.net/posts/2026-03-30-pr-13945/Mon, 30 Mar 2026 14:09:23 +0000http://sentinelchangelog.net/posts/2026-03-30-pr-13945/Fixed Policy 300.4.1.1 violation by securing credential parameters in the Cyren-SentinelOne threat intelligence integration Playbook.http://sentinelchangelog.net/posts/2026-03-24-pr-13657/Tue, 24 Mar 2026 04:56:32 +0000http://sentinelchangelog.net/posts/2026-03-24-pr-13657/New Content Hub solution automates IOC ingestion from Cyren CCF feeds (IP reputation and malware URLs) into SentinelOne for automated threat detection and response.http://sentinelchangelog.net/posts/2026-03-18-pr-13752/Wed, 18 Mar 2026 13:27:59 +0000http://sentinelchangelog.net/posts/2026-03-18-pr-13752/Adds comprehensive playbook automation for Censys threat intelligence enrichment, providing IP/domain/certificate context during incident investigation.http://sentinelchangelog.net/posts/2026-03-18-pr-13841/Wed, 18 Mar 2026 07:14:01 +0000http://sentinelchangelog.net/posts/2026-03-18-pr-13841/New playbook for ingesting Checkmarx audit log events into Microsoft Sentinel via DCR/DCE for security event monitoring and compliance.http://sentinelchangelog.net/posts/2026-03-18-pr-13840/Wed, 18 Mar 2026 07:13:30 +0000http://sentinelchangelog.net/posts/2026-03-18-pr-13840/New playbook for ingesting Checkmarx SAST scan findings into Microsoft Sentinel via DCR/DCE for application vulnerability tracking.http://sentinelchangelog.net/posts/2026-03-13-pr-13767/Fri, 13 Mar 2026 07:41:53 +0000http://sentinelchangelog.net/posts/2026-03-13-pr-13767/TacitRed-CrowdStrike playbook updated to include required User-Agent header for CrowdStrike Technology Partner certification compliance.http://sentinelchangelog.net/posts/2026-03-10-pr-13052/Tue, 10 Mar 2026 09:00:53 +0000http://sentinelchangelog.net/posts/2026-03-10-pr-13052/NetApp introduces modular playbooks for automated ransomware protection, enabling SOC teams to investigate, snapshot, and isolate compromised storage volumes via Microsoft Sentinel integration.http://sentinelchangelog.net/posts/2026-03-10-pr-13648/Tue, 10 Mar 2026 06:57:45 +0000http://sentinelchangelog.net/posts/2026-03-10-pr-13648/AWS Athena Function App connector updated to Azure Functions v4+ bundle and fixed Python query parsing logic that previously failed on empty result data.http://sentinelchangelog.net/posts/2026-03-09-pr-13763/Mon, 09 Mar 2026 07:05:05 +0000http://sentinelchangelog.net/posts/2026-03-09-pr-13763/Microsoft has deprecated the Graph Security tiIndicators API, rendering Recorded Future’s automated threat intelligence ingestion playbooks non-functional.http://sentinelchangelog.net/posts/2026-03-06-pr-13729/Fri, 06 Mar 2026 04:57:39 +0000http://sentinelchangelog.net/posts/2026-03-06-pr-13729/Fixed hardcoded CrowdStrike API URL default causing authentication failures for customers in US-1 and EU-1 regions.http://sentinelchangelog.net/posts/2026-03-06-pr-13728/Fri, 06 Mar 2026 04:57:17 +0000http://sentinelchangelog.net/posts/2026-03-06-pr-13728/Fixed broken TacitRed playbook that was failing with HTTP 500 errors when posting IOCs to SentinelOne due to missing account scope parameter.http://sentinelchangelog.net/posts/2026-03-05-pr-13614/Thu, 05 Mar 2026 06:11:18 +0000http://sentinelchangelog.net/posts/2026-03-05-pr-13614/Incident-Trigger-Entity-Analyzer playbook upgraded with intelligent user identifier detection, resolving silent failures when entities lack AadUserId.http://sentinelchangelog.net/posts/2026-03-02-pr-13688/Mon, 02 Mar 2026 10:23:36 +0000http://sentinelchangelog.net/posts/2026-03-02-pr-13688/Fixes a critical deployment bug present since v1.0.0 where hardcoded placeholder URL caused complete playbook failure for all Content Hub installations.http://sentinelchangelog.net/posts/2026-02-18-pr-13391/Wed, 18 Feb 2026 10:12:05 +0000http://sentinelchangelog.net/posts/2026-02-18-pr-13391/Complete solution overhaul replaces legacy connectors with 15 CloudNSS CCP connectors and 12 OAuth2 playbooks for enhanced Zscaler integration.http://sentinelchangelog.net/posts/2026-02-17-pr-13641/Tue, 17 Feb 2026 06:45:14 +0000http://sentinelchangelog.net/posts/2026-02-17-pr-13641/Fixed InvalidResourceLocation deployment error and missing playbook template discovery for TacitRed CrowdStrike IOC automation solution.http://sentinelchangelog.net/posts/2026-02-17-pr-13640/Tue, 17 Feb 2026 06:44:34 +0000http://sentinelchangelog.net/posts/2026-02-17-pr-13640/Fixed InvalidResourceLocation deployment error and removed restrictive domain filter that was preventing TacitRed IOC automation deployments.http://sentinelchangelog.net/posts/2026-02-04-pr-13266/Wed, 04 Feb 2026 13:05:23 +0000http://sentinelchangelog.net/posts/2026-02-04-pr-13266/Official TacitRed Defender TI solution from Data443 enables automated sync of compromised credentials to Microsoft Defender Threat Intelligence.http://sentinelchangelog.net/posts/2026-02-04-pr-13556/Wed, 04 Feb 2026 10:01:46 +0000http://sentinelchangelog.net/posts/2026-02-04-pr-13556/TacitRed SentinelOne solution metadata updated for Partner Center alignment with ARM template variable corrections.http://sentinelchangelog.net/posts/2026-01-22-pr-12801/Thu, 22 Jan 2026 09:02:45 +0000http://sentinelchangelog.net/posts/2026-01-22-pr-12801/Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel.http://sentinelchangelog.net/posts/2025-12-18-pr-13045/Thu, 18 Dec 2025 05:23:15 +0000http://sentinelchangelog.net/posts/2025-12-18-pr-13045/Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security.http://sentinelchangelog.net/posts/2025-12-15-pr-13236/Mon, 15 Dec 2025 12:07:03 +0000http://sentinelchangelog.net/posts/2025-12-15-pr-13236/Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All.http://sentinelchangelog.net/posts/2025-12-10-pr-13139/Wed, 10 Dec 2025 05:29:14 +0000http://sentinelchangelog.net/posts/2025-12-10-pr-13139/Three new entity analyzer playbooks added with HTTP, URL, and incident triggers for automated URL and user entity enrichment.http://sentinelchangelog.net/posts/2025-12-09-pr-13137/Tue, 09 Dec 2025 07:58:52 +0000http://sentinelchangelog.net/posts/2025-12-09-pr-13137/Minor documentation and configuration fixes for AbuseIPDB playbooks including corrected image source and typo corrections.http://sentinelchangelog.net/posts/2025-11-21-pr-13072/Fri, 21 Nov 2025 09:17:34 +0000http://sentinelchangelog.net/posts/2025-11-21-pr-13072/Dutch National Detection Network threat intelligence sharing solution updated to v3.0.1 with playbook parameter fixes and improved JSON structure.http://sentinelchangelog.net/posts/2025-11-14-pr-13082/Fri, 14 Nov 2025 06:54:17 +0000http://sentinelchangelog.net/posts/2025-11-14-pr-13082/Rubrik Security Cloud solution updated to v3.5.1 with corrected API hostname defaults across all playbooks and custom connector.http://sentinelchangelog.net/posts/2025-11-11-pr-13034/Tue, 11 Nov 2025 10:49:20 +0000http://sentinelchangelog.net/posts/2025-11-11-pr-13034/Vectra XDR solution updated to API v3.4 with Log Ingestion API support, three new playbooks for PCAP download and detection management.http://sentinelchangelog.net/posts/2025-10-07-pr-12871/Tue, 07 Oct 2025 09:17:01 +0000http://sentinelchangelog.net/posts/2025-10-07-pr-12871/Fixed template error in TeamCymruScoutEnrichIncident playbook that was causing runtime failures.http://sentinelchangelog.net/posts/2025-10-01-pr-12857/Wed, 01 Oct 2025 07:57:31 +0000http://sentinelchangelog.net/posts/2025-10-01-pr-12857/Custom connector updated with filter query parameters for more targeted threat intelligence retrieval.