MISP2Sentinel: Critical Table Reference Fix for Upload Indicators API

MISP threat intelligence connector was broken due to incorrect table reference — deployments had zero indicator ingestion until this fix. Read More →

Vaikora AI Agent Security Monitoring for Defender for Cloud

New Vaikora solution enables real-time AI agent threat detection through automated security alert ingestion and behavioral anomaly monitoring. Read More →

Microsoft Threat Intelligence TAXII Export Connector Moves to General Availability

Microsoft’s TAXII Export connector for Threat Intelligence objects is now GA, removing preview limitations for production TI sharing workflows. Read More →

Salesforce Service Cloud Connector: Enhanced Event Log Coverage and Multi-Domain Support

Major connector upgrade introduces comprehensive event field collection and multi-tenant monitoring capabilities. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Joe Sandbox Solution: ARM Template Fixes and IOC Handling Improvements

Joe Sandbox solution updated to v3.0.1 with Azure template fixes, updated storage API versions, and improved IOC processing in playbooks. Read More →

Abnormal Security CCF Connector: Schema Alignment Fixes Column Visibility Gaps

Abnormal Security CCF connector v3.0.1 fixes table column naming to match Microsoft Log Analytics output, restoring access to previously missing metadata fields. Read More →

Azure DevOps Auditing: Fixing Broken Connector After Parameter Mismatch

Critical configuration fix resolves parameter name mismatch that prevented Azure DevOps audit log ingestion entirely. Read More →

CrowdStrike Falcon Data Replicator: Incorrect Deprecation Reversed, Connector Restored to Active Status

CrowdStrike’s Function App-based data replicator was incorrectly deprecated and has been restored to active status to maintain government deployment support. Read More →

Upwind Connector: Function App Deployment Fixed After Broken Code Deployment

Upwind connector Function App deployment was failing due to incorrect zip structure and ARM template configuration - fixed with flat zip layout and implicit hosting plan. Read More →

GreyNoise Threat Intelligence: Packaging Fixes and Security Improvements

Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings. Read More →

Cloudflare Connector: Critical DCR Fix Restores Data Ingestion After Field Mapping Failures

Fixed DCR transformKql failures for Type field and invalid data types that were preventing Cloudflare log ingestion. Read More →

Entra ID Brute Force Detection: Renamed for Broader Windows Device Coverage

Analytic rule renamed from Cloud PC-specific to cover all Entra-authenticated Windows devices, clarifying detection scope without logic changes. Read More →

New Vaikora-CrowdStrike Integration: AI Agent Behavioral Signals to Custom IOCs

Logic App Playbook introduced to poll Vaikora AI agent signals and push high-risk actions as Custom IOCs to CrowdStrike Falcon for automated threat prevention. Read More →

ZoomReports: Cloud Recording API Polling Optimized to Reduce Data Duplication

Updates polling interval from 2-day to 1-day window with 1-day delay to eliminate duplicate Zoom cloud recording logs. Read More →

Visa Threat Intelligence: ARM Template Certification Fix

Replaces deprecated concat with uri function in ARM template to meet Azure certification requirements. Read More →

Qualys KB Connector Now GA: Production-Ready Vulnerability Intelligence

Qualys Knowledge Base connector moves from Preview to General Availability, providing production-grade vulnerability intelligence ingestion with enhanced monitoring capabilities. Read More →

Vaikora AI Security: New Logic App Playbook for SentinelOne Threat Intelligence Integration

Data443 introduces Vaikora AI agent behavioral signal integration with SentinelOne threat intelligence via a 6-hour polling playbook. Read More →

New Spur Context API Solution: High-Fidelity IP Intelligence for VPN and Proxy Detection

New solution provides real-time IP enrichment to detect VPN, residential proxy, and bot automation traffic in incidents and alerts. Read More →

Qualys VM Connector: API Version 5.0 Migration Before Deprecation

Qualys VM connector upgraded from API v3.0 to v5.0 to prevent June deprecation cutoff impacting vulnerability data ingestion. Read More →