<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>T1566 on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/t1566/</link><description>Recent content in T1566 on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/t1566/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</link><pubDate>Thu, 25 Jun 2026 11:56:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</guid><description>A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table &amp;ndash; covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection &amp;ndash; plus an incident-response Playbook and a quarantine dashboard Workbook.</description></item><item><title>Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</link><pubDate>Tue, 23 Jun 2026 05:40:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</guid><description>Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>Microsoft Defender XDR: OAuth and Device-Code Phishing Hunting Queries Unblocked After ARM-TTK Pipeline Failure</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</link><pubDate>Thu, 18 Jun 2026 05:58:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</guid><description>Two Defender XDR hunting queries targeting OAuth consent and device-code phishing were blocked from pipeline validation due to ARM-TTK hardcoded URI false positives; KQL refactored to construct URLs via strcat(), restoring deployment and preserving detection semantics.</description></item><item><title>Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</link><pubDate>Fri, 12 Jun 2026 07:00:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14200/</guid><description>Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers.</description></item><item><title>Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</link><pubDate>Mon, 01 Jun 2026 04:39:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</guid><description>Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.</description></item><item><title>Phishing Detection: Raw IP URLs in Delivered Email</title><link>http://sentinelchangelog.net/posts/2026-05-26-pr-14340/</link><pubDate>Tue, 26 May 2026 06:30:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-26-pr-14340/</guid><description>New hunting query identifies delivered emails using raw IPv4 addresses as URL domains to detect phishing campaigns bypassing domain reputation systems.</description></item><item><title>Microsoft Defender XDR: New Hunting Query for Delegate Mailbox Phish Reporting Analysis</title><link>http://sentinelchangelog.net/posts/2026-05-21-pr-14257/</link><pubDate>Thu, 21 May 2026 04:14:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-21-pr-14257/</guid><description>New hunting query helps identify the actual user who reported a phishing message when recipients and actors differ in delegate or shared mailbox scenarios.</description></item><item><title>Microsoft Entra ID Table Rename: Hunting Queries Updated for Current Schema</title><link>http://sentinelchangelog.net/posts/2026-05-18-pr-14186/</link><pubDate>Mon, 18 May 2026 05:36:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-18-pr-14186/</guid><description>12 hunting queries updated to use EntraIdSignInEvents and EntraIdSpnSignInEvents tables, replacing deprecated AADSignInEventsBeta and AADSpnSignInEventsBeta references.</description></item><item><title>Red Sift Solution: New CCF Data Connector and Email Security Detections</title><link>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</link><pubDate>Thu, 14 May 2026 10:01:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-14-pr-14036/</guid><description>Red Sift adds CCF-based email and authentication monitoring with 5 detection rules for phishing and account compromise scenarios.</description></item><item><title>Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</link><pubDate>Mon, 04 May 2026 12:53:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14117/</guid><description>Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern.</description></item><item><title>Valimail Enforce Solution: New Email Authentication Monitoring for DMARC/SPF/DKIM Configuration Changes</title><link>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</link><pubDate>Fri, 24 Apr 2026 05:26:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-24-pr-14045/</guid><description>Complete Valimail Enforce monitoring solution delivers real-time detection of email authentication policy weakening and suspicious admin activity affecting domain security posture.</description></item><item><title>Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available</title><link>http://sentinelchangelog.net/posts/2026-04-10-pr-13848/</link><pubDate>Fri, 10 Apr 2026 15:05:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-10-pr-13848/</guid><description>New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.</description></item><item><title>Visa Threat Intelligence Solution: Initial Package Release with IOC Detection Rules</title><link>http://sentinelchangelog.net/posts/2026-02-13-pr-13616/</link><pubDate>Fri, 13 Feb 2026 21:02:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-02-13-pr-13616/</guid><description>New Visa Threat Intelligence (VTI) solution providing IOC feeds via DCR connector with high-severity detection rules for domains and file hashes.</description></item><item><title>Microsoft Defender XDR: New Hunting Query for Punycode Lookalike Domain Phishing</title><link>http://sentinelchangelog.net/posts/2026-02-03-pr-13535/</link><pubDate>Tue, 03 Feb 2026 09:48:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-02-03-pr-13535/</guid><description>Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams.</description></item><item><title>Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&amp;CK Integration</title><link>http://sentinelchangelog.net/posts/2025-12-04-pr-13198/</link><pubDate>Thu, 04 Dec 2025 05:49:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-12-04-pr-13198/</guid><description>Updated threat hunting rules add MITRE ATT&amp;amp;CK mappings and fix parser function calls for improved threat detection coverage.</description></item><item><title>Microsoft Teams Security: 9 Additional Hunting Queries for Advanced Threat Detection</title><link>http://sentinelchangelog.net/posts/2025-11-21-pr-13167/</link><pubDate>Fri, 21 Nov 2025 05:16:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-21-pr-13167/</guid><description>Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis.</description></item><item><title>Microsoft Teams Security: 7 New Hunting Queries for URL Threat Detection</title><link>http://sentinelchangelog.net/posts/2025-11-19-pr-13156/</link><pubDate>Wed, 19 Nov 2025 08:50:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-19-pr-13156/</guid><description>New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams.</description></item><item><title>VMware ESXi SSH Brute Force Detection Plus Multi-Solution Updates</title><link>http://sentinelchangelog.net/posts/2025-11-10-pr-13063/</link><pubDate>Mon, 10 Nov 2025 06:23:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-10-pr-13063/</guid><description>New VMware ESXi detection for multiple failed SSH login attempts, plus comprehensive solution updates across 15+ vendor solutions.</description></item><item><title>Threat Intelligence Detection: Critical Timing Fix for Cloud App Email Indicators</title><link>http://sentinelchangelog.net/posts/2025-11-07-pr-13091/</link><pubDate>Fri, 07 Nov 2025 12:06:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2025-11-07-pr-13091/</guid><description>TI analytic rule query periods reduced from 10 days to 1 hour to prevent false negatives from timing mismatches.</description></item></channel></rss>