Azure DevOps Auditing Solution: Description Text Cleanup and Repackaging

Azure DevOps Auditing solution repackaged with updated description removing outdated streaming configuration text references. Read More →

Microsoft Defender XDR: SUNSPOT Detection Rule Documentation Update

Updated SUNSPOT malware detection rule with corrected reference link formatting and MITRE technique mapping fixes across multiple solutions. Read More →

New Solution: JoeSandbox Threat Intelligence and Malware Analysis Platform Integration

Complete JoeSandbox solution deployment enabling automated malware analysis, threat intelligence feed ingestion, and incident enrichment playbooks for Microsoft Sentinel. Read More →

Microsoft Defender XDR: Teams Hunting Queries Version Number Fix

Corrected malformed version numbers in Microsoft Teams threat hunting queries from invalid “l.0.0” to proper “1.0.0” format. Read More →

Check Point Cyberint IOC Connector: Critical Data Ingestion Restoration

Cyberint threat intelligence connector restored from complete ingestion failure caused by malformed API endpoint and duplicate schema nesting blocking IOC data collection. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

Compliance Solutions: Microsoft Exchange Product Link Rebrand Update

NIST SP 800-53 and Zero Trust compliance workbooks updated with current Microsoft Defender for Office 365 documentation links following EOP rebrand. Read More →

OCI Data Connector: Packaging Configuration Fix

Oracle Cloud Infrastructure connector package repair addresses polling configuration naming issue preventing proper deployment. Read More →

VMware ESXi Solution: Broken Link Removed

Documentation maintenance removing broken link from VMware ESXi solution. Read More →

SAP BTP: 10 New Enterprise Security Detections for Cloud Integration and Identity Service

New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability. Read More →

AWS Access Logs: Security Enhancement for SQS Principal Access Control

AWS S3 Server Access Logs CloudFormation template receives critical security update restricting SQS queue principal from wildcard to S3 service only. Read More →

Armis IoT Security Solution: Enhanced Log Ingestion and Data Collection Rule Integration

Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →

Schema Correction: MITRE ATT&CK Field Name Fix Across Multiple Solutions

Critical schema update replaces deprecated requiredTechniques field with correct relevantTechniques field in analytic rules. Read More →

Threat Intelligence: Alert Severity Field Standardisation and Query Optimisation

Threat Intelligence solution updated with standardised severity field naming and query performance improvements in IP entity analytics. Read More →

Snowflake Connector: Data Ingestion Timing Fix and Parser Field Corrections

Snowflake connector updated with 120-minute ingestion delay and corrected timestamp parsing to address customer-reported data gaps. Read More →

Major Solution Release: Cyble Vision and Tropico Solutions Added Plus Multi-Solution Updates

Large release adds two new threat intelligence solutions (Cyble Vision, Tropico) and updates to 15+ existing solutions across the repository. Read More →

Miro Solution: New Enterprise Collaboration Security and Compliance Monitoring

New Miro solution added with CCF connectors for audit logs and content logs to enable collaboration platform security monitoring. Read More →

Microsoft Entra ID: New Conditional Access Security Insights and Monitoring Workbook

New Conditional Access SISM workbook added to provide comprehensive CA policy monitoring and Zero Trust analytics. Read More →

SAP BTP Tools: Improved Connection Management and Subaccount Naming

SAP BTP connector tools updated with better subaccount handling, connection naming, and performance optimisations. Read More →

WithSecure Elements Connector: Critical Security Fix for HTTP Decompression Vulnerabilities

WithSecure Elements connector urllib3 dependency updated to address two high-severity CVEs causing potential DoS attacks. Read More →