Corelight: Enhanced Data Fidelity for Network Aggregation Events

Fixes field mapping inconsistencies in Corelight aggregation parsers that caused data loss and adds aggregation filtering to the Data Explorer workbook. Read More →

Lookout Mobile Threat Defense: ARM Template Certification Fix

Partner Center certification blocker resolved with single bracket correction in ARM deployment template. Read More →

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

Google Workspace Reports Connector Promoted to General Availability

Google Workspace Reports CCF connector exits preview status with updated OAuth configuration guidance. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Cisco Umbrella Connector: Critical Fix for State Manager Corruption and Data Ingestion Crashes

Cisco Umbrella connector fixes critical null-byte corruption in Azure File Share state markers that was causing complete ingestion failures. Read More →

Varonis Purview Connector: Schema Update Enhances Data Fidelity and Field Coverage

Varonis Purview schema update adds new fields and corrects data types, improving query reliability for asset tracking and classification data. Read More →

Netskope Connector: Title Update to Clarify CCF Usage

Cosmetic title change to clarify the connector uses Codeless Connector Framework for Netskope API ingestion. Read More →

Box Events Connector: Title Update to Clarify CCF Usage

Cosmetic title change from “Box Events (CCP)” to “Box Events (via Codeless Connector Framework)” to reflect current terminology. Read More →

Okta Single Sign-On Connector: Title Update to Clarify CCF Usage

Cosmetic title change to clarify the connector uses Codeless Connector Framework for Okta API ingestion. Read More →

SentinelOne Connector: Title Update to Clarify CCF Usage

Cosmetic title change to clarify the connector uses Codeless Connector Framework for API ingestion. Read More →

Sophos Endpoint Protection Connector: Title Update with Deprecated Terminology

Connector title updated to indicate CCF usage, but incorrectly uses deprecated “Codeless Connector Platform” instead of current “Codeless Connector Framework” terminology. Read More →

VMware Carbon Black Cloud Connector: Title Update to Clarify CCF Usage

Cosmetic title change to clarify the connector uses Codeless Connector Framework for AWS S3 ingestion. Read More →

Microsoft Threat Intelligence: Detection Logic Optimization Risks in Domain/URL Mapping Rule

Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks. Read More →

Auth0 CCF Connector: UI Branding Updated for Framework Visibility

Auth0 connector display name updated to clarify CCF implementation, supporting connector adoption transparency. Read More →

IPinfo Connectors: Azure Functions Dependency Fix for Linux Runtime

All IPinfo connector Azure Function packages rebuilt to resolve dependency issues with Linux runtime. Read More →

Commvault Security IQ: Enhanced Threat Scan Event Coverage and Parser Fix

Two new threat scan event types added to ingestion with regex fix for PascalCase field extraction. Read More →

Illumio Connector: Enhanced Security with Managed Identity Authentication

Illumio Function App connector replaces DefaultAzureCredential with ManagedIdentityCredential, eliminating client secret exposure. Read More →

Cyren Threat Intelligence: SentinelOne IOC Automation Solution Deployed

New Content Hub solution automates IOC ingestion from Cyren CCF feeds (IP reputation and malware URLs) into SentinelOne for automated threat detection and response. Read More →

AWS ELB Connector: Public Preview CCF Ingestion for ALB, NLB, and GLB Logs

New CCF connector enables ingestion of AWS Elastic Load Balancer access and flow logs into Microsoft Sentinel for network traffic monitoring and threat detection. Read More →