Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries

Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context. Read More →

New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector

A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table. Read More →

AI Agents Hunting Queries Migrated to Unified AgentsInfo Table -- Connector-Split Queries Retired

Seven consolidated AI agent hunting queries now target the unified Defender XDR AgentsInfo table, replacing 26 connector-specific queries split across the A365 and Copilot Studio connectors; existing deployments still running the old AIAgentsInfo-based queries have had no effective hunting coverage since the table split was introduced. Read More →

Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)

The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook — closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections. Read More →

New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes

A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID – covering full kill chains that individual, single-source detections routinely miss. Read More →

Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added

Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

New eDCRule Solution: 10 Entra ID and Azure Subscription Analytic Rules for Privilege Escalation and Identity Abuse Detection

A new community solution adds 10 scheduled Analytic Rules (plus Chinese-localized counterparts) targeting Microsoft Entra ID privilege escalation, OAuth token abuse, federation trust tampering, and Azure VM Run Command abuse correlated with UEBA signals. Read More →

Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel

New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

Microsoft Entra ID OAuth Consent Query: Fixing Zero-Result Bug in High-Risk Permission Detection

Corrects broken hunting query that returned no results due to incorrect property name filter. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

Red Sift Solution: New CCF Data Connector and Email Security Detections

Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios. Read More →

Microsoft Entra ID: Hunting Query for Password Spraying Detection via IP Failure Bursts

Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes

Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion

Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →