Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity

The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life. Read More →

Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function

Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts. Read More →

Microsoft Entra ID Assets Connector: EntraEligibleMembers Table Added (Preview)

The Microsoft Entra ID Assets connector gains a new EntraEligibleMembers table checkbox in the portal, expanding Privileged Identity Management (PIM) visibility for eligible role assignment tracking. Read More →

Hybrid Attack Solution: Packaging Fix for Missing Workbook Content ID and Version

Corrects missing content ID and version fields in the Hybrid Attack — Cloud & Identity solution packaging template to resolve a validation failure preventing Content Hub deployment. Read More →

New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes

A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID – covering full kill chains that individual, single-source detections routinely miss. Read More →

Holm Security VMP: New CCF Connector Ingests Network and Web Asset Inventory into Sentinel

A new CCF-based Data Connector for the Holm Security Vulnerability Management Platform adds direct ingestion of network and web asset inventory – including IP, hostname, OS, severity, and vulnerability counts – into two custom Log Analytics tables, enabling asset-aware threat hunting and vulnerability correlation in Microsoft Sentinel. Read More →

Cybersixgill Actionable Alerts: Packaging Fix for Channel and Step ID Variables (P0)

P0-labeled packaging-only update to the Cybersixgill Actionable Alerts solution that extracts hardcoded channel and step IDs into template variables in mainTemplate.json – no YAML content or detection logic changes. Read More →

New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel

A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table – covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection – plus an incident-response Playbook and a quarantine dashboard Workbook. Read More →

Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap

Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts – data that was previously absent from incident context. Read More →

Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables

The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed. Read More →

Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility

The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser. Read More →

iboss Solution 3.1.3: New Malware and C2 Analytic Rules for Web Gateway Telemetry

iboss Solution 3.1.3 ships two new Scheduled Analytic Rules that surface malware detections and C2 communications flagged by the iboss gateway, closing a detection gap for organizations relying solely on raw CommonSecurityLog ingestion. Read More →

OpenAI Connector Promoted to GA — Preview Flag Removed

The OpenAI CCF connector exits preview status; the only change is flipping isPreview from true to false in the connector definition, making it generally available in Content Hub. Read More →

TacitRed Defender TI Playbook: Fixing Content Hub Deployment Failure on Hyphenated Workspace Names

TacitRed Defender Threat Intelligence v3.0.2 fixes an InvalidTemplate ARM error that blocked Content Hub deployment entirely on any workspace with a hyphenated name, plus resolves a sovereign cloud storage endpoint bug and adds required post-deployment RBAC guidance. Read More →

BitSight Function App Connector: UI Updated to Reflect Log Ingestion API Authentication Requirements

The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements. Read More →

QualysVM CCF Connector: Restoring Vulnerability Data Ingestion After API Timeout Blind Spot

Customers with large Qualys environments were receiving zero vulnerability detection data due to chronic API timeouts – this fix raises the CCF timeout to the platform maximum, tightens the query window, and adds a lightweight connectivity check to unblock ingestion. Read More →

Microsoft Entra ID Assets Connector Gains Owner and Sponsor Relationship Tables

Two new identity graph tables – EntraOwners and EntraSponsors – are now available in the Microsoft Entra ID Assets connector, expanding the identity relationship data surface for investigating account takeover and privilege escalation paths. Read More →

New Panorays Connector: Third-Party Cyber Risk Findings Now Ingestible into Microsoft Sentinel

A new CCF-based connector ingests company security findings from the Panorays API into a custom log table, unlocking visibility into third-party cyber risk posture within Sentinel. Read More →

Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths

A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification. Read More →

Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules

Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations. Read More →