Box Connector: Critical Security Fix for HTTP Decompression Vulnerabilities

Box connector urllib3 dependency updated to address two high-severity CVEs causing potential DoS attacks. Read More →

Infoblox NIOS Parsers: Enhanced Log Filtering Reduces Noise in DHCP Monitoring

Updated Infoblox NIOS parsers exclude additional administrative log categories to improve signal-to-noise ratio. Read More →

Intel471: Added Verity471 Platform Support for Enhanced Malware Intelligence

Intel471 solution now supports the new Verity471 backend alongside Titan for ingesting malware threat indicators. Read More →

New Cyble Vision Threat Intelligence Solution: Comprehensive CCF-Based Alert Platform

Massive new Cyble Vision solution providing 40+ specialized detection rules and parsers for diverse threat intelligence feeds from dark web to cloud security. Read More →

GCP IAM Detection Logic Fixed — Correcting Service Account Key Detection Gaps

Two GCP IAM analytic rules had syntax errors preventing proper detection of token generation and key enumeration attacks. Read More →

SOX IT Compliance Solution Released: IT Change Monitoring for Financial Controls

New compliance monitoring solution provides IT systems change tracking and segregation of duties controls for Sarbanes-Oxley compliance programs. Read More →

Trend Micro Vision One — urllib3 Security Update Fixes Critical DoS Vulnerabilities

Dependency update from urllib3 1.26.20 to 2.6.0 addresses two high-severity CVEs preventing DoS attacks via decompression bombs and content encoding chains. Read More →

ESET Protect Platform Connector: urllib3 Security Update for CVE Fixes

Updated urllib3 dependency to v2.6.0 to address two high-severity CVEs affecting HTTP decompression handling. Read More →

Microsoft Copilot Connector — Critical Table Name Update from LLMActivity to CopilotActivity

Microsoft Copilot connector fixes critical table reference issue, standardizing on official CopilotActivity table name across all components. Read More →

Ermes Browser Security Connector — Enhanced Data Fidelity and Multi-Tenant Support

CCF connector update fixes timestamp extraction, adds configurable API endpoints, and expands log data collection for better event visibility. Read More →

Microsoft Entra ID Playbooks: API Permission Updates for Session Revocation

Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All. Read More →

Contrast ADR Detection: Fixed Field Reference Causing Query Failures

Corrected field name from incident_id_s to incidentId_s in Contrast EDR detection rule. Read More →

Lookout Mobile Security: Parser Fixes and Executive Dashboard Enhancement

Lookout solution updated to v3.0.1 with parser fixes, comprehensive security dashboards, and enhanced analytic rules. Read More →

Slack Audit Parser: Fixed Broken Field References Causing Data Loss

Corrected field name parsing errors in SlackAuditV2_CL that were causing channel sharing status and IP context data to return null. Read More →

ProofPoint TAP Detection Rules Updated for v2 Connector Migration

Two ProofPoint TAP Analytic Rules updated to reference ProofpointTAPv2 connector ID, ensuring compatibility with the newer connector version. Read More →

Fortigate ASIM Parser: Field Name Consistency Fix for Network Session Schema

Field name inconsistencies in Fortigate ASIM parsers corrected to ensure proper schema compliance and data normalization. Read More →

SAP Solution: Agentless Package Upgraded to Log Analytics v2 API

SAP agentless package updated to use Log Analytics v2 API for heartbeats and added audit log user exclusion capabilities. Read More →

Proofpoint POD: Fixing WebSocket Connector to Eliminate Duplicate Data Ingestion

Removed time-based query parameters from Proofpoint On-Demand Email Security connector to prevent duplicate data ingestion caused by time rounding overlaps. Read More →

SOC Prime Platform: New CCF Connector for Audit Log Visibility

New SOC Prime Platform audit logs data connector added using CCF framework, providing visibility into SOC Prime TDM platform user activities and administrative actions. Read More →

ProofPoint TAP Solution: Fixed ARM Template Validation Failures

Resolved ARM-TTK validation errors preventing ProofPoint TAP solution deployment. Read More →