BloodHound Enterprise Workbooks: Parameter Query Failures Fixed with Explicit 30-Day Time Context

All six BloodHound Enterprise workbooks had parameter dropdown queries silently failing due to missing time context; this fix adds an explicit 30-day timeContext (durationMs: 2592000000) to each parameter, restoring operator visibility into attack paths and posture data. Read More →

SentinelOne CCF Connector Upgraded to Multi-Instance for MSSP Deployments

The SentinelOne CCF connector now supports multiple simultaneous instances via a grid/context-pane UX, enabling MSSPs to ingest from multiple SentinelOne tenants without deploying duplicate solutions. Read More →

Silverfort Connector Docs Updated: MMA Reference Replaced with AMA, Python Check Command Fixed

The Silverfort AMA connector setup instructions now correctly reference Azure Monitoring Agent instead of the legacy Microsoft Monitoring Agent, and the Python version check command has been corrected. Read More →

Zimperium MTD Gains Incident Log Ingestion via Two New CCF Tables

The Zimperium Mobile Threat Defense CCF connector now ingests mobile incident data into two new custom tables, extending threat visibility beyond raw threat events to correlated incident and mitigation workflows. Read More →

Zoom Reports Function App Connector Officially Deprecated

The legacy Zoom Reports Azure Function-based connector has been formally deprecated; customers still using it should migrate to the CCF-based replacement. Read More →

ZeroFox Threat Intelligence: Marketplace Packaging Fix Restores Customer Access

Critical solution ID mismatch prevented customers from installing ZeroFox Threat Intelligence connector from marketplace. Read More →

Premium MDTI Connector Removed from Threat Intelligence Solution During MDTI Convergence

Premium Microsoft Defender Threat Intelligence connector no longer available in Threat Intelligence (NEW) solution v3.0.19 as part of MDTI convergence effort. Read More →

StealthTalk Solution Publisher ID Corrected for Partner Center Compliance

Fixed StealthTalk solution publisherId metadata to match Partner Center registration and resolve certification check. Read More →

QualysVM Connector Enhanced with QDS Score Parameter

Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection. Read More →

Palo Alto Cortex XDR CCP Solution Repackaged to Version 3.0.4

Repackaged Palo Alto Cortex XDR CCP solution to address Marketplace UI discrepancy. Read More →

Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API

New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic. Read More →

UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage

Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics. Read More →

Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel

New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events. Read More →

Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring

Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Imperva Cloud WAF: Critical Parsing Fix Restores Visibility for Complex Events

Imperva Cloud WAF connector switched to CommonEventFormatTransformer, fixing data ingestion failures for logs containing embedded quotes and pipes in CEF events. Read More →

AWS Security Hub Solution v3.0.4: Workbook Metadata Correction

Fixes missing workbook metadata in AWS Security Hub solution package without changing detection or ingestion logic. Read More →

Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context

Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs. Read More →

SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion

Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques. Read More →

SAP BTP: Enhanced Cloud Integration Deployment Detection with Audit Configuration Events

SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments. Read More →