Elastic Agent CCF Connector: Replacing Deprecated HTTP Collector API

ElasticAgent connector migrated to CCF framework to maintain system monitoring capability as HTTP Collector API approaches deprecation. Read More →

Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

QualysVM Solution: API Version Regression Restored to Current Standards

QualysVM solution packaging corrects downgraded ARM template API versions that could impact deployment reliability. Read More →

Abnormal Security CCF Connector: Critical Fix Restores Email Threat Detection After Complete Ingestion Failure

Fixes DCR transform errors, table deployment issues, and stream routing that prevented all data ingestion from Abnormal Security’s CCF Push connector since v3.0.0 launch. Read More →

Salesforce Audit Visibility: New CCF Connector for Administrative Change Tracking

New Salesforce Audit Logs connector provides visibility into administrative changes and user authentication events across Salesforce orgs. Read More →

Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

NXLog Solutions Deprecated: Loss of Multi-Platform Audit Visibility

Five NXLog partner solutions removed from Content Hub, eliminating data connector support for BSM macOS, FIM, Linux Audit, AIX Audit, and DNS monitoring across Unix/Linux environments. Read More →

Zimperium MTD: New CCF Push Connector for Mobile Threat Telemetry

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Vaikora Azure Security Center: Microsoft Marketplace Certification Fix

Reverts solution ID to match Partner Center offer name after Marketplace certification failure under policy 300.4.1.1. Read More →

Recorded Future Identity Playbook: ARM Template Deploy Failure Fixed

Fixes broken deployment of RFI-confirm-EntraID-risky-user playbook that failed with InvalidTemplate error due to stale action references. Read More →

Dynatrace Parsers: Critical Timestamp Fix Restores Query Reliability

Data fidelity fix converts Unix epoch millisecond fields to datetime, resolving duplicate typed columns that broke query functionality in Dynatrace parsers. Read More →

Cyjax Connector: Security and Code Quality Fixes Applied

Addressed lint issues, package vulnerabilities, and code vulnerabilities in Cyjax threat intelligence connector. Read More →

Cisco Duo Connector: API Throttling Resilience Improved for Log Ingestion

Doubled retry delay to 120 seconds to address Duo API throttling requirements preventing log collection. Read More →

GitHub Advanced Security Parser Migration: CLv2 Compatibility and Schema Updates

Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

BloodHound Enterprise: Function App Upgrade Fixes Data Collection and Ingestion Gaps

Deployment source moved to stable Microsoft repo, custom table schemas fixed, and Function App ingestion enhanced for reliable attack path visibility. Read More →

Visa Threat Intelligence: Connector Description Update for Certification

Updated Data Connector description in Visa Threat Intelligence solution to resolve certification failure. Read More →

Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

ZeroFox Digital Risk Protection: Complete CCF Migration with Dual Solution Architecture

ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams. Read More →