Cloudflare CCF Workbook: Fixed Field Mapping for New CCF Schema

Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references. Read More →

Google Threat Intelligence Solution: Custom Connector Deployment Prerequisites Clarified

Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use. Read More →

BloodHound Enterprise: Logo Update Aligns Solution Branding

Updated BloodHound Enterprise solution logo to current SpecterOps branding. Read More →

Fortinet FortiGate Playbook: Function App Authentication Security Hardening

Playbook Function App authentication level upgraded from anonymous to function-level to close security exposure. Read More →

Cyren Defender Threat Intelligence: New IP and Malware URL Ingestion for Microsoft Sentinel

Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook. Read More →

CrowdStrike Content Doctor Enhancement: Improved Detection Logic and Alert Customization

Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →

Microsoft Defender XDR: New Hunting Query for Delegate Mailbox Phish Reporting Analysis

New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios. Read More →

OpenAI Connector: Migration to ASIM Standard Improves AI Monitoring Normalization

OpenAI chat completions data now ingests to ASimAgentEventLogs standard table, enabling standardized AI usage monitoring and cross-product correlation. Read More →

SailPoint IdentityNow: Publisher Migration to Microsoft Public Preview

SailPoint IdentityNow solution metadata updated for Microsoft-published Public Preview release with no functional changes to identity monitoring capabilities. Read More →

New Cyren-CrowdStrike Threat Intelligence Solution: Automated IOC Sync for Enhanced Threat Detection

Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking. Read More →

XBOW: API Version 2026-04-01 Upgrade Enriches Assessment Data with Attack Credits and Events

XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility. Read More →

ESET PROTECT Platform: Delta Token Migration Eliminates Data Gaps from Timestamp Filtering

ESET connector switches from unreliable timestamp filtering to delta tokens, closing potential data loss gaps during high-volume ingestion periods. Read More →

Illumio Insights Graph: New Network Traffic Analysis and Threat Intelligence Connector

New CCF-based connector ingests Illumio AI-powered threat discovery reports with network flow analysis, geographic context, and MITRE ATT&CK framework integration. Read More →

Fortra Agari CCF Connector: Modern Email Security Data Ingestion

Fortra Agari transitions from Azure Functions to CCF framework, restoring Brand Protection, Phishing Defense, and Phishing Response visibility with DCR-based ingestion. Read More →

Google Directory Solution: New Playbook Integration with Extended Security Scope

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

Function App Security: Access Control Hardening Across Multiple Data Connectors

Function keys now required for HTTP-triggered functions in Zoom, Zscaler, FortiGate, Cofense, Illumio, and Infoblox connectors—removing anonymous access vulnerability. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

New Strider Shield Threat Intelligence Connector for Email Security Monitoring

NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection. Read More →

SailPoint IdentityNow: New CCF Connector with Dual Parser Support (v3.0.1)

SailPoint IdentityNow now supports CCF ingestion with new schema parsers alongside backward compatibility for existing Function App deployments. Read More →

Agent 365 Solution Rebranded from A365 Observability (v3.0.1)

Microsoft renamed the A365 Observability solution to Agent 365 for marketing alignment with no functional changes. Read More →