<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>T1078 on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/t1078/</link><description>Recent content in T1078 on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/t1078/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>AI Agents Hunting Queries Migrated to Unified AgentsInfo Table -- Connector-Split Queries Retired</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14594/</link><pubDate>Thu, 02 Jul 2026 10:38:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14594/</guid><description>Seven consolidated AI agent hunting queries now target the unified Defender XDR AgentsInfo table, replacing 26 connector-specific queries split across the A365 and Copilot Studio connectors; existing deployments still running the old AIAgentsInfo-based queries have had no effective hunting coverage since the table split was introduced.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</link><pubDate>Mon, 29 Jun 2026 04:21:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</guid><description>A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID &amp;ndash; covering full kill chains that individual, single-source detections routinely miss.</description></item><item><title>Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</link><pubDate>Tue, 23 Jun 2026 05:40:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</guid><description>Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>New eDCRule Solution: 10 Entra ID and Azure Subscription Analytic Rules for Privilege Escalation and Identity Abuse Detection</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</link><pubDate>Wed, 17 Jun 2026 05:44:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14392/</guid><description>A new community solution adds 10 scheduled Analytic Rules (plus Chinese-localized counterparts) targeting Microsoft Entra ID privilege escalation, OAuth token abuse, federation trust tampering, and Azure VM Run Command abuse correlated with UEBA signals.</description></item><item><title>Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</link><pubDate>Fri, 12 Jun 2026 07:51:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</guid><description>New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events.</description></item><item><title>Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</link><pubDate>Fri, 12 Jun 2026 07:00:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</guid><description>Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers.</description></item><item><title>StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</link><pubDate>Wed, 10 Jun 2026 10:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</guid><description>Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration.</description></item><item><title>Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</link><pubDate>Mon, 01 Jun 2026 04:39:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</guid><description>Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.</description></item><item><title>Microsoft Entra ID OAuth Consent Query: Fixing Zero-Result Bug in High-Risk Permission Detection</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</link><pubDate>Wed, 27 May 2026 13:38:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14334/</guid><description>Corrects broken hunting query that returned no results due to incorrect property name filter.</description></item><item><title>AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings</title><link>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</link><pubDate>Mon, 18 May 2026 07:30:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</guid><description>Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.</description></item><item><title>Red Sift Solution: New CCF Data Connector and Email Security Detections</title><link>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</link><pubDate>Thu, 14 May 2026 10:01:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</guid><description>Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios.</description></item><item><title>Microsoft Entra ID: Hunting Query for Password Spraying Detection via IP Failure Bursts</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14208/</link><pubDate>Thu, 07 May 2026 10:50:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14208/</guid><description>Correlates failed sign-ins across multiple identities followed by successful authentication from the same IP within 15 minutes, targeting password spraying patterns.</description></item><item><title>Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</link><pubDate>Mon, 04 May 2026 12:53:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</guid><description>Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern.</description></item><item><title>Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes</title><link>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</link><pubDate>Fri, 24 Apr 2026 05:26:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</guid><description>Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture.</description></item><item><title>SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync</title><link>http://sentinelchangelog.net/posts/2026-04-23-pr-13858/</link><pubDate>Thu, 23 Apr 2026 05:24:37 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-23-pr-13858/</guid><description>SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities.</description></item><item><title>Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion</title><link>http://sentinelchangelog.net/posts/2026-04-13-pr-14049/</link><pubDate>Mon, 13 Apr 2026 10:07:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-13-pr-14049/</guid><description>Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques.</description></item><item><title>Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available</title><link>http://sentinelchangelog.net/posts/2026-04-10-pr-13848/</link><pubDate>Fri, 10 Apr 2026 15:05:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-10-pr-13848/</guid><description>New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.</description></item><item><title>SOC Prime CCF: Three New Detection Rules for Platform Security Events</title><link>http://sentinelchangelog.net/posts/2026-04-08-pr-13636/</link><pubDate>Wed, 08 Apr 2026 09:50:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-08-pr-13636/</guid><description>SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs.</description></item><item><title>Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibility</title><link>http://sentinelchangelog.net/posts/2026-04-03-pr-13618/</link><pubDate>Fri, 03 Apr 2026 11:24:10 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-03-pr-13618/</guid><description>New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns.</description></item><item><title>Microsoft Security Copilot: Six New Detections for AI Assistant Abuse</title><link>http://sentinelchangelog.net/posts/2026-03-27-pr-13735/</link><pubDate>Fri, 27 Mar 2026 05:01:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-27-pr-13735/</guid><description>New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors.</description></item><item><title>Azure Firewall: Five New IDPS Analytic Rules for Advanced Threat Detection</title><link>http://sentinelchangelog.net/posts/2026-02-13-pr-13591/</link><pubDate>Fri, 13 Feb 2026 08:19:01 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-02-13-pr-13591/</guid><description>Azure Firewall solution expanded with 5 new analytic rules targeting high/medium severity threats, DDoS attacks, web application attacks, and privilege escalation attempts.</description></item><item><title>Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes</title><link>http://sentinelchangelog.net/posts/2026-01-21-pr-13480/</link><pubDate>Wed, 21 Jan 2026 13:39:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-21-pr-13480/</guid><description>Updated outdated links and corrected MITRE ATT&amp;amp;CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions.</description></item><item><title>SAP BTP: 10 New Enterprise Security Detections for Cloud Integration and Identity Service</title><link>http://sentinelchangelog.net/posts/2026-01-05-pr-13366/</link><pubDate>Mon, 05 Jan 2026 08:20:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-05-pr-13366/</guid><description>New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability.</description></item><item><title>UEBA Essentials: Enhanced Multi-Cloud Detection with 6 New AWS, GCP &amp; Okta Hunting Queries</title><link>http://sentinelchangelog.net/posts/2025-11-12-pr-13065/</link><pubDate>Wed, 12 Nov 2025 11:17:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-12-pr-13065/</guid><description>Major update adds comprehensive multi-cloud anomaly detection capabilities across AWS, GCP, and Okta platforms with 6 new hunting queries.</description></item><item><title>VMware ESXi SSH Brute Force Detection Plus Multi-Solution Updates</title><link>http://sentinelchangelog.net/posts/2025-11-10-pr-13063/</link><pubDate>Mon, 10 Nov 2025 06:23:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-10-pr-13063/</guid><description>New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions.</description></item></channel></rss>