Playbooks

January 22, 2026

New Solution: JoeSandbox Threat Intelligence and Malware Analysis Platform Integration

Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →

December 18, 2025

New Cyble Vision Threat Intelligence Solution: Comprehensive CCF-Based Alert Platform

Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →

December 15, 2025

Microsoft Entra ID Playbooks: API Permission Updates for Session Revocation

Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All. Read More →

December 10, 2025

SentinelSOARessentials: New Entity Analyzer Playbooks for Incident Response

Three new entity analyzer playbooks added with HTTP, URL, and incident triggers for automated URL and user entity enrichment. Read More →

December 9, 2025

AbuseIPDB Playbooks: Typo Fixes and Logo Source Update

Minor documentation and configuration fixes for AbuseIPDB playbooks including corrected image source and typo corrections. Read More →

November 21, 2025

NCSC-NL Threat Intelligence Sharing: Playbook Bug Fixes and JSON Structure Improvements

Dutch National Detection Network threat intelligence sharing solution updated to v3.0.1 with playbook parameter fixes and improved JSON structure. Read More →

November 14, 2025

Rubrik Security Cloud: API Hostname Configuration Update for Customer Deployments

Rubrik Security Cloud solution updated to v3.5.1 with corrected API hostname defaults across all playbooks and custom connector. Read More →

November 11, 2025

Vectra XDR: Log Ingestion API Migration and Enhanced API v3.4 Support with New Playbook Capabilities

Vectra XDR solution updated to API v3.4 with Log Ingestion API support, three new playbooks for PCAP download and detection management. Read More →

October 7, 2025

Team Cymru Scout: Playbook Bug Fix for Incident Enrichment Template

Fixed template error in TeamCymruScoutEnrichIncident playbook that was causing runtime failures. Read More →

October 1, 2025

Google Threat Intelligence: Enhanced Filtering for Threat List Queries

Custom connector updated with filter query parameters for more targeted threat intelligence retrieval. Read More →

September 29, 2025

Tanium Playbook API Failure Fix: URL Encoding Bug Breaks Host Quarantine Operations

Critical fix for Tanium quarantine/unquarantine playbooks resolves API failures caused by improper URL encoding of package names containing special characters. Read More →

September 25, 2025

Microsoft Defender for Endpoint: Modernized PowerShell SDK Instructions

Playbook deployment instructions updated to use Microsoft Graph SDK replacing deprecated AzureAD cmdlets. Read More →

September 23, 2025

Microsoft Defender Threat Intelligence: Playbooks Enhanced with Managed Identity Security

MDTI playbooks updated to use managed identity authentication and Graph API v1.0 — eliminates client secret management. Read More →

September 19, 2025

Tanium Solution: Security Hardening for Playbook API Authentication and Alert Management

Tanium playbooks updated with Azure Key Vault integration for API token security and improved alert naming to resolve grouping issues. Read More →

September 11, 2025

Microsoft Defender XDR: Attack Simulator Training Playbook for Phishing Non-Reporters

New playbook automatically educates users who failed to report phishing emails by triggering Attack Simulator training simulations. Read More →

September 4, 2025

Veeam Solution: New Backup Security Monitoring with Malware Detection and Compliance Analysis

New Veeam solution added providing comprehensive security monitoring for backup infrastructure with malware scanning, compliance analysis, and threat detection capabilities. Read More →