<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Solutions on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/solutions/</link><description>Recent content in Solutions on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/solutions/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>New Check Point Harmony Email and Collaboration Connector: Four-Stream Email Threat Visibility via CCF</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</link><pubDate>Fri, 10 Jul 2026 06:24:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14645/</guid><description>A new Microsoft Sentinel CCF connector ingests Check Point Email Security (Harmony Email and Collaboration) data across four streams covering security events, anti-phishing exceptions, spam exceptions, and audit logs, unlocking visibility into zero-day, phishing, account takeover, DLP, and shadow IT threats via email.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>New Atlassian Organization Audit CCF Connector: Cloud Org-Level Audit Events Now Ingestible in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</link><pubDate>Fri, 10 Jul 2026 00:13:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14646/</guid><description>A brand-new CCF connector brings Atlassian Cloud organization audit events (user management, authentication, group changes, policy updates) across Jira, Confluence, Bitbucket, Trello, Opsgenie, Statuspage, and Loom into the AtlassianAuditEvents_CL table in Microsoft Sentinel.</description></item><item><title>SentinelOne V2 CCF Connector: UAM GraphQL Alerts Now Visible in Sentinel (Plus Packaging Fix)</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</link><pubDate>Thu, 09 Jul 2026 22:44:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14615/</guid><description>The SentinelOne solution adds a new CCF-based V2 connector ingesting Unified Alert Management (UAM) alerts from the GraphQL API into SentinelOneAlertsV2_CL, closing a blind spot for Wayfinder, cloud, identity, STAR, and third-party detections that the legacy REST connector never surfaced.</description></item><item><title>Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</link><pubDate>Thu, 09 Jul 2026 22:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</guid><description>Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated.</description></item><item><title>Agent 365: Microsoft Agent Identities Connector Page KQL Parse Error Patched by Removing Data Type Declarations</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</link><pubDate>Thu, 09 Jul 2026 04:22:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14627/</guid><description>The EntraNHIAssets connector definition drops all four data type entries to eliminate an empty-subquery KQL parse error on the connector page — though reviewers flag this may break connector metadata contracts.</description></item><item><title>Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</link><pubDate>Wed, 08 Jul 2026 21:22:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</guid><description>The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility.</description></item><item><title>Panorays Connector: DCR Parameter Chain and Offer ID Fixes Restore Deployability</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</link><pubDate>Wed, 08 Jul 2026 11:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14623/</guid><description>The Panorays solution had a broken dcrConfig parameter reference chain and invalid offerId that would cause ARM template deployment failures, meaning no vulnerability management data was ingested by affected deployments.</description></item><item><title>New Gambit Security Solution: Cloud Security Posture Issues Now Ingestible via CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</link><pubDate>Wed, 08 Jul 2026 08:45:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14610/</guid><description>Gambit Security new Microsoft Sentinel solution adds a CCF Push connector that ingests cloud security posture policy issues into a custom table, with a bundled parser and analytic rule for incident creation on High-severity active findings.</description></item><item><title>SIGNL4 Connector Docs Refreshed to Flag Legacy Status and Point to Current Integration Path</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14613/</link><pubDate>Wed, 08 Jul 2026 05:07:16 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14613/</guid><description>The SIGNL4 data connector UI instructions have been rewritten to label the connector as legacy and redirect operators to the native SIGNL4 Microsoft Sentinel connector app, dropping outdated Azure Graph Security API setup steps.</description></item><item><title>Imperva Cloud WAF CCF Connector Graduates to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</link><pubDate>Tue, 07 Jul 2026 21:34:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</guid><description>The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes.</description></item><item><title>eDCRule Solution: Partner Center Metadata and Logo Corrected for Content Hub Publishing</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14555/</link><pubDate>Tue, 07 Jul 2026 13:50:12 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14555/</guid><description>Fixes publisherId alignment and swaps the logo reference from the Microsoft Sentinel default to the eDC company logo to pass Partner Center validation &amp;ndash; no detection content was changed.</description></item><item><title>Azure WAF Log4j Detection Restored: Field Reference Errors Silenced the Rule Since v1.0.5</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</link><pubDate>Tue, 07 Jul 2026 13:22:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14632/</guid><description>A broken column_ifexists reference caused the Azure WAF Log4j detection rule to silently miss exploit traffic in details_message and details_msg fields &amp;ndash; any deployment running v1.0.5 had a gap in Log4Shell (CVE-2021-44228) coverage via WAF logs.</description></item><item><title>WithSecure Elements CCF Connector: Zero-Ingestion Fix for Broken OAuth2 Auth and Invalid Query Parameters</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</link><pubDate>Tue, 07 Jul 2026 12:06:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14619/</guid><description>The WithSecureElementsCCF connector has been non-functional since initial release &amp;ndash; both the OAuth2 token request and the security-events API call failed with HTTP 400 errors, meaning no WithSecure endpoint security events have been ingested into any Sentinel deployment running this connector.</description></item><item><title>Azure WAF Log4j Detection: Schema Gap Closed for details_message_s and details_msg_s Fields</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</link><pubDate>Tue, 07 Jul 2026 11:52:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</guid><description>The AzureWAFmatching_log4j_vuln Analytic Rule was silently missing CVE-2021-44228 exploit attempts in WAF logs that surfaced details_message_s via AdditionalFields or used the details_msg_s column variant, leaving a schema-dependent blind spot in Log4Shell detection.</description></item><item><title>Microsoft Entra ID Assets: EntraEligibleMembers Table Pulled Before GA</title><link>http://sentinelchangelog.net/posts/2026-07-06-pr-14602/</link><pubDate>Mon, 06 Jul 2026 11:07:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-06-pr-14602/</guid><description>The EntraEligibleMembers (Preview) table added in v3.3.0 has been removed in this hotfix, eliminating that data source from the connector definition until a stable release.</description></item><item><title>Three Solutions Packaging Fix: Mulesoft, Trend Micro, and ESET UI Metadata Corrected</title><link>http://sentinelchangelog.net/posts/2026-07-06-pr-14618/</link><pubDate>Mon, 06 Jul 2026 10:59:56 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-06-pr-14618/</guid><description>Duplicated connector count blocks in solution UI descriptions and a connector count mismatch are corrected across three solutions, with no detection logic or data ingestion changes.</description></item><item><title>Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</link><pubDate>Fri, 03 Jul 2026 12:30:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</guid><description>A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility.</description></item><item><title>ESET PROTECT Platform Connector: Dependency Rollback Including Cryptography Downgrade Warrants Review</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</link><pubDate>Fri, 03 Jul 2026 11:07:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</guid><description>The ESET PROTECT Platform Function App connector rolls back several Python dependencies to lower versions, including cryptography from 48.0.0 to 43.0.1, without documented CVE justification &amp;ndash; operators should verify no security regressions are introduced.</description></item><item><title>Recorded Future: Defender Portal Migration Breaks Incident Creation -- Playbooks Redesigned Around Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</link><pubDate>Fri, 03 Jul 2026 09:26:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</guid><description>Recorded Future v3.2.20 removes direct incident creation from four playbooks (now incompatible with the unified Microsoft Defender portal) and introduces new Analytic Rules to restore incident generation from custom log tables.</description></item><item><title>Wiz Connector Overhaul: Agentless DCR Push Integration Adds Detections Stream, Eliminates Function App Attack Surface</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</link><pubDate>Fri, 03 Jul 2026 09:26:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</guid><description>Wiz v3.0.1 replaces the legacy Azure Function pull connector with a native DCR push integration, adding a new WizDetectionsV3_CL data stream and removing the need for customer-hosted infrastructure or shared workspace keys.</description></item><item><title>BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</link><pubDate>Fri, 03 Jul 2026 07:29:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</guid><description>The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data.</description></item><item><title>Entra ID Brute-Force Detection: Sort Order Fix Corrects Anomaly Decomposition Input</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</link><pubDate>Fri, 03 Jul 2026 06:43:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</guid><description>The BruteForceAgainstanEntraAuthenticatedWindowsDevice Analytic Rule was building unsorted time-series arrays for series_decompose_anomalies, meaning anomaly detection results could be incorrect or inconsistent across executions &amp;ndash; this fix enforces chronological ordering and stable serialization before make_list.</description></item><item><title>ESET PROTECT Platform: New CCF Connector Adds Native Ingestion for Endpoint Inspect and Cloud Office Security Detections</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</link><pubDate>Thu, 02 Jul 2026 19:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14614/</guid><description>A new Codeless Connector Framework connector and updated parser extend ESET PROTECT Platform coverage to three log streams while maintaining backward compatibility with the legacy Function App connector.</description></item><item><title>MuleSoft Anypoint Connector: Data Connector Count Display Fix in Content Hub UI</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14616/</link><pubDate>Thu, 02 Jul 2026 19:57:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14616/</guid><description>A packaging-only update to the MuleSoft Solution corrects a connector count mismatch visible in the Content Hub UI.</description></item><item><title>GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</link><pubDate>Thu, 02 Jul 2026 11:15:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</guid><description>The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs.</description></item><item><title>SOCRadar Solution v3.0.1: Packaging Version Alignment</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14522/</link><pubDate>Thu, 02 Jul 2026 09:22:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14522/</guid><description>Version bump from 3.0.0 to 3.0.1 to align the published Content Hub package with the catalog; no detection logic, playbook, or connector changes.</description></item><item><title>Google SecOps Solution: Publisher and Offer Identity Update</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14601/</link><pubDate>Thu, 02 Jul 2026 08:25:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14601/</guid><description>The Google SecOps Solution package has been re-registered under new marketplace publisher and offer identifiers — no detection logic or connector configuration was changed.</description></item><item><title>Cisco Umbrella CCF Connector GA Promotion Fixes Template Variable Rendering in UI Queries</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</link><pubDate>Wed, 01 Jul 2026 19:55:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14603/</guid><description>The Cisco Umbrella CCF connector graduates to GA while also resolving broken template variable references that caused Content Hub connectivity checks and sample queries to malfunction.</description></item><item><title>Rapid7 InsightVM CCF Connector Promoted to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</link><pubDate>Wed, 01 Jul 2026 19:47:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</guid><description>The Rapid7 InsightVM CCF data connector moves out of Public Preview to GA, updating the API version to the stable 2025-09-01 release.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Akamai DDoS Protection CCF Connector: WAF Security Events Now Available in Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</link><pubDate>Wed, 01 Jul 2026 07:05:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14573/</guid><description>A new CCF-based connector ingests Akamai WAF SIEM security events into the AkamaiSIEMEvent table, unlocking web application attack visibility including denied requests, client reputation, rule triggers, and geolocation context for attacker IPs.</description></item><item><title>WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</link><pubDate>Wed, 01 Jul 2026 06:14:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</guid><description>A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments.</description></item><item><title>Lookout Connector v3.0.6: Silent Ingestion Stop After 24h and Four DCR Field Mapping Blind Spots Fixed</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</link><pubDate>Wed, 01 Jul 2026 06:13:06 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14564/</guid><description>A CCF cursor expiry caused the Lookout streaming connector to silently stop ingesting data after roughly 24 hours, and four incorrect DCR field paths meant ThreatId, ThreatAction, DeviceEmail, and SmishingAlertId were null in every ingested record.</description></item><item><title>Agent 365 Solution v3.1.2: Microsoft Agent Identities Connector Version Refresh</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14582/</link><pubDate>Wed, 01 Jul 2026 06:03:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14582/</guid><description>Bumps the Microsoft Agent Identities (EntraNHIAssets) data connector to version 1.0.1 so Content Hub correctly detects and applies the latest connector configuration on solution update.</description></item><item><title>Trend Micro Cloud App Security: Offer ID Alignment for Marketplace Publishing</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14587/</link><pubDate>Tue, 30 Jun 2026 11:33:10 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14587/</guid><description>Solution metadata offer ID updated to match the Azure Marketplace listing — no detection logic or connector changes.</description></item><item><title>Darktrace CCF Connector: Setup Guide Link Updated to Customer Portal</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</link><pubDate>Tue, 30 Jun 2026 09:08:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14579/</guid><description>Version 3.1.1 fixes a broken documentation link in the connector UI, replacing the prior URL with the Darktrace customer portal guides page (&lt;a href="https://customerportal.darktrace.com/guides"&gt;https://customerportal.darktrace.com/guides&lt;/a&gt;) after a manual validation failure.</description></item><item><title>Semperis Lightning Connector: TLS Certificate Verification Restored Across All API Calls</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</link><pubDate>Tue, 30 Jun 2026 07:59:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14539/</guid><description>The Semperis Lightning data connector was making all outbound API requests with TLS verification disabled (verify=False), exposing token acquisition and all data collection calls to man-in-the-middle attacks; this fix re-enables certificate validation across seven affected modules.</description></item><item><title>Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap</title><link>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</link><pubDate>Tue, 30 Jun 2026 06:22:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-30-pr-14544/</guid><description>A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</link><pubDate>Mon, 29 Jun 2026 13:21:35 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</guid><description>The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life.</description></item><item><title>Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</link><pubDate>Mon, 29 Jun 2026 09:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</guid><description>Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts.</description></item><item><title>Microsoft Entra ID Assets Connector: EntraEligibleMembers Table Added (Preview)</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</link><pubDate>Mon, 29 Jun 2026 08:58:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</guid><description>The Microsoft Entra ID Assets connector gains a new EntraEligibleMembers table checkbox in the portal, expanding Privileged Identity Management (PIM) visibility for eligible role assignment tracking.</description></item><item><title>Hybrid Attack Solution: Packaging Fix for Missing Workbook Content ID and Version</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14576/</link><pubDate>Mon, 29 Jun 2026 07:16:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14576/</guid><description>Corrects missing content ID and version fields in the Hybrid Attack — Cloud &amp;amp; Identity solution packaging template to resolve a validation failure preventing Content Hub deployment.</description></item><item><title>New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</link><pubDate>Mon, 29 Jun 2026 04:21:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</guid><description>A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID &amp;ndash; covering full kill chains that individual, single-source detections routinely miss.</description></item><item><title>Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</link><pubDate>Fri, 26 Jun 2026 05:11:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14001/</guid><description>A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory &amp;ndash; including IP, hostname, OS, severity, and vulnerability counts &amp;ndash; into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel.</description></item><item><title>Cybersixgill Actionable Alerts: Packaging Fix for Channel and Step ID Variables (P0)</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14559/</link><pubDate>Thu, 25 Jun 2026 12:15:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14559/</guid><description>P0-labeled packaging-only update to the Cybersixgill Actionable Alerts solution that extracts hardcoded channel and step IDs into template variables in mainTemplate.json &amp;ndash; no YAML content or detection logic changes.</description></item><item><title>New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</link><pubDate>Thu, 25 Jun 2026 11:56:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</guid><description>A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table &amp;ndash; covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection &amp;ndash; plus an incident-response Playbook and a quarantine dashboard Workbook.</description></item><item><title>Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</link><pubDate>Thu, 25 Jun 2026 11:35:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</guid><description>Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts &amp;ndash; data that was previously absent from incident context.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item></channel></rss>