<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>T1556 on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/t1556/</link><description>Recent content in T1556 on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/t1556/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>Red Sift Solution: New CCF Data Connector and Email Security Detections</title><link>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</link><pubDate>Thu, 14 May 2026 10:01:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</guid><description>Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios.</description></item><item><title>Entra ID Attack Chain Detection: 5 New Hunting Queries Target Application Layer Persistence</title><link>http://sentinelchangelog.net/posts/2026-05-13-pr-14239/</link><pubDate>Wed, 13 May 2026 10:29:56 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-13-pr-14239/</guid><description>Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns.</description></item><item><title>SAP BTP: 10 New Enterprise Security Detections for Cloud Integration and Identity Service</title><link>http://sentinelchangelog.net/posts/2026-01-05-pr-13366/</link><pubDate>Mon, 05 Jan 2026 08:20:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-01-05-pr-13366/</guid><description>New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability.</description></item><item><title>UEBA Essentials: Enhanced Multi-Cloud Detection with 6 New AWS, GCP &amp; Okta Hunting Queries</title><link>http://sentinelchangelog.net/posts/2025-11-12-pr-13065/</link><pubDate>Wed, 12 Nov 2025 11:17:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-12-pr-13065/</guid><description>Major update adds comprehensive multi-cloud anomaly detection capabilities across AWS, GCP, and Okta platforms with 6 new hunting queries.</description></item></channel></rss>