GreyNoise Threat Intelligence: SDK Update Addresses Function App Runtime Issues

Updated GreyNoise Python SDK to v3.0.3, fixed module mismatches, and bumped Azure Functions runtime to resolve connector stability issues. Read More →

Rubrik Security Cloud: New CCF Connector Unlocks Ransomware Recovery Intelligence

New CCF data connector ingests comprehensive backup status data enabling correlation between security incidents and backup health for rapid ransomware recovery assessment. Read More →

Upwind Cloud Security: New Data Connector Unlocks Cloud Asset Visibility

New Upwind solution enables ingestion of compute platform assets with risk assessments, vulnerability data, and network exposure metrics. Read More →

Lookout Connector: ARM Deployment Fix Restores API Key Authentication

Lookout connector ARM template syntax error blocked API key deployments with double bracket parse failure. Read More →

Atlassian Jira Connector Rebrand: "REST API" to "CCF" Terminology Update

Atlassian Jira Audit connector rebranded to reflect Codeless Connector Framework terminology. Read More →

GitHub 2FA Detection Restored: Critical Blind Spot Fixed After Parser Migration

GitHub Enterprise 2FA disablement detection rule was completely broken due to deprecated table reference — restored monitoring for T1562 defense impairment. Read More →

Microsoft Copilot Connector: Updated Product Scope Description

Clarifies connector description to specify M365 Copilot and Security Copilot coverage alongside general improvements. Read More →

CrowdStrike Adversary Intelligence Connector: Function App Deployment Fix

Version constraint fix restores Function App deployment after Azure Functions runtime compatibility issue. Read More →

Zoom Reports CCF Connector: Table Migration From Legacy Zoom_CL to ZoomV2_CL Schema

CCF connector now ingests to ZoomV2_CL with normalized field names, avoiding conflicts with legacy Function App deployments using Zoom_CL. Read More →

New Censys Solution: Attack Surface Intelligence and Entity Enrichment

Adds comprehensive playbook automation for Censys threat intelligence enrichment, providing IP/domain/certificate context during incident investigation. Read More →

CyberArk Audit Connector: Enhanced Documentation and Deployment Warnings

Function App connector updated with critical migration disclaimers to prevent dual-deployment data duplication. Read More →

D3 Smart SOAR Connector: Fixing Critical Duplicate Incident Ingestion

Fixes broken paging mechanism that was causing duplicate D3 Smart SOAR incidents to be ingested into Microsoft Sentinel. Read More →

Semperis Lightning: New Active Directory Security Monitoring Platform Added to Content Hub

Semperis Lightning connector brings comprehensive Active Directory tier-0 attack path monitoring and privileged access visibility to Microsoft Sentinel via real-time API ingestion. Read More →

A365 Observability Connector: New AI Agent Telemetry Visibility in Microsoft Sentinel

New data connector for AI agent behavior monitoring brings telemetry from A365, AI Foundry, and Copilot into Microsoft Sentinel for security investigations. Read More →

AWS EKS Connector: Critical Data Ingestion Fix for Missing Table Configuration

CCF connector was unable to ingest any data due to empty destinationTable field preventing log routing to AWSEKSLogs_CL. Read More →

Threat Intelligence: Duo Security IP Detection Updated for ASIM Schema Compliance

IPEntity_DuoSecurity detection migrated from legacy DuoSecurityAuthentication_CL table to normalized CiscoDuo ASIM schema. Read More →

IPinfo Data Connectors: Critical Function App Runtime Fix for Production Deployment

Azure Functions were completely non-functional for marketplace deployments due to incorrect zip folder structure preventing runtime from locating host.json. Read More →

Alibaba Cloud Networking: New CCF Connector Brings VPC Flow, WAF, and API Gateway Visibility

Microsoft Sentinel gains visibility into Alibaba Cloud network infrastructure with a new CCF connector supporting VPC Flow Logs, WAF events, and API Gateway data ingestion via Simple Log Service. Read More →

CrowdStrike Connector: Enhanced Rate Limiting and GA Release

CrowdStrike API Data Connector moves to General Availability with advanced rate limit handling for Alerts and Detections data ingestion. Read More →

Zoom Reports: CCF Connector Replaces Azure Function for Report Ingestion

ZoomReports solution migrates from Azure Function to CCF architecture, providing streamlined OAuth-based ingestion for six report types covering usage, telephony, and audit activities. Read More →