Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries

Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context. Read More →

New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF

A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel

A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel. Read More →

SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)

The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced. Read More →

Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration

Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated. Read More →

Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations

The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts. Read More →

Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory

The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility. Read More →

Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability

The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments. Read More →

New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector

Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings. Read More →

SIGNL4 Connector Docs Refreshed to Flag Legacy Status and Point to Current Integration Path

The SIGNL4 data connector UI instructions have been rewritten to label the connector as legacy and redirect operators to the native SIGNL4 Microsoft Sentinel connector app, dropping outdated Azure Graph Security API setup steps. Read More →

Imperva Cloud WAF CCF Connector Graduates to General Availability

The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes. Read More →

eDCRule Solution: Partner Center Metadata and Logo Corrected for Content Hub Publishing

Fixes publisherId alignment and swaps the logo reference from the Microsoft Sentinel default to the eDC company logo to pass Partner Center validation – no detection content was changed. Read More →

Azure WAF Log4j Detection Restored: Field Reference Errors Silenced the Rule Since v1.0.5

A broken column_ifexists reference caused the Azure WAF Log4j detection rule to silently miss exploit traffic in details_message and details_msg fields – any deployment running v1.0.5 had a gap in Log4Shell (CVE-2021-44228) coverage via WAF logs. Read More →

WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters

The WithSecureElementsCCF connector has been non-functional since initial release – both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector. Read More →

Azure WAF Log4j Detection: Schema Gap Closed for details_message_s and details_msg_s Fields

The AzureWAFmatching_log4j_vuln Analytic Rule was silently missing CVE-2021-44228 exploit attempts in WAF logs that surfaced details_message_s via AdditionalFields or used the details_msg_s column variant, leaving a schema-dependent blind spot in Log4Shell detection. Read More →

Microsoft Entra ID Assets: EntraEligibleMembers Table Pulled Before GA

The EntraEligibleMembers (Preview) table added in v3.3.0 has been removed in this hotfix, eliminating that data source from the connector definition until a stable release. Read More →

Three Solutions Packaging Fix: Mulesoft, Trend Micro, and ESET UI Metadata Corrected

Duplicated connector count blocks in solution UI descriptions and a connector count mismatch are corrected across three solutions, with no detection logic or data ingestion changes. Read More →

Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID

A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility. Read More →

ESET PROTECT Platform Connector: Dependency Rollback Including Cryptography Downgrade Warrants Review

The ESET PROTECT Platform Function App connector rolls back several Python dependencies to lower versions, including cryptography from 48.0.0 to 43.0.1, without documented CVE justification – operators should verify no security regressions are introduced. Read More →