http://sentinelchangelog.net/tags/t1098/Recent content in T1098 on sentinelchangelog.netHugo -- 0.157.0enMon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Fri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse.http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Thu, 28 May 2026 11:14:14 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts.http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Wed, 27 May 2026 13:41:06 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors.http://sentinelchangelog.net/posts/2026-05-27-pr-14334/Wed, 27 May 2026 13:38:30 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14334/Corrects broken hunting query that returned no results due to incorrect property name filter.http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Tue, 19 May 2026 10:09:11 +0000http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection.http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.http://sentinelchangelog.net/posts/2026-05-13-pr-14239/Wed, 13 May 2026 10:29:56 +0000http://sentinelchangelog.net/posts/2026-05-13-pr-14239/Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns.http://sentinelchangelog.net/posts/2026-04-24-pr-14045/Fri, 24 Apr 2026 05:26:39 +0000http://sentinelchangelog.net/posts/2026-04-24-pr-14045/Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture.http://sentinelchangelog.net/posts/2026-04-10-pr-13848/Fri, 10 Apr 2026 15:05:24 +0000http://sentinelchangelog.net/posts/2026-04-10-pr-13848/New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.http://sentinelchangelog.net/posts/2026-03-27-pr-13735/Fri, 27 Mar 2026 05:01:42 +0000http://sentinelchangelog.net/posts/2026-03-27-pr-13735/New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors.http://sentinelchangelog.net/posts/2025-11-12-pr-13065/Wed, 12 Nov 2025 11:17:58 +0000http://sentinelchangelog.net/posts/2025-11-12-pr-13065/Major update adds comprehensive multi-cloud anomaly detection capabilities across AWS, GCP, and Okta platforms with 6 new hunting queries.