T1071 on sentinelchangelog.net

T1071 on sentinelchangelog.nethttp://sentinelchangelog.net/tags/t1071/Recent content in T1071 on sentinelchangelog.netHugo -- 0.157.0enMon, 01 Jun 2026 04:39:34 +0000Slack Audit Solution: Enhanced Detection Logic and Alert Enrichmenthttp://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.Defender for Endpoint: Cryptographic Identity Baselining Hunting Query for Process Network Anomalieshttp://sentinelchangelog.net/posts/2026-05-26-pr-14333/Tue, 26 May 2026 09:05:22 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14333/New hunting query detects first-time network connections by processes using cryptographic signer baselining to defeat DLL sideloading and BYOTA attacks.Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costshttp://sentinelchangelog.net/posts/2026-05-06-pr-13820/Wed, 06 May 2026 09:37:20 +0000http://sentinelchangelog.net/posts/2026-05-06-pr-13820/Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context.Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibilityhttp://sentinelchangelog.net/posts/2026-04-03-pr-13618/Fri, 03 Apr 2026 11:24:10 +0000http://sentinelchangelog.net/posts/2026-04-03-pr-13618/New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns.New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinelhttp://sentinelchangelog.net/posts/2026-03-26-pr-13375/Thu, 26 Mar 2026 12:48:50 +0000http://sentinelchangelog.net/posts/2026-03-26-pr-13375/blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation.Threat Intelligence: URL IOC Detection Added for Web Session Monitoringhttp://sentinelchangelog.net/posts/2026-02-20-pr-13637/Fri, 20 Feb 2026 05:32:23 +0000http://sentinelchangelog.net/posts/2026-02-20-pr-13637/New Analytic Rule enables detection of malicious URLs from threat feeds in web traffic, closing coverage gap for URL-based indicators.Global Secure Access: Enhanced Threat Intelligence Correlation and MCP Monitoringhttp://sentinelchangelog.net/posts/2026-02-06-pr-13525/Fri, 06 Feb 2026 09:06:54 +0000http://sentinelchangelog.net/posts/2026-02-06-pr-13525/New analytic rules correlate threat intelligence indicators with GSA traffic while MCP Servers Dashboard provides Model Context Protocol server monitoring.Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integrationhttp://sentinelchangelog.net/posts/2025-12-04-pr-13198/Thu, 04 Dec 2025 05:49:38 +0000http://sentinelchangelog.net/posts/2025-12-04-pr-13198/Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage.