<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Threat Intelligence on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/threat-intelligence/</link><description>Recent content in Threat Intelligence on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 03 Jul 2026 09:26:40 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/threat-intelligence/index.xml" rel="self" type="application/rss+xml"/><item><title>Recorded Future: Defender Portal Migration Breaks Incident Creation -- Playbooks Redesigned Around Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</link><pubDate>Fri, 03 Jul 2026 09:26:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</guid><description>Recorded Future v3.2.20 removes direct incident creation from four playbooks (now incompatible with the unified Microsoft Defender portal) and introduces new Analytic Rules to restore incident generation from custom log tables.</description></item><item><title>Cofense Intelligence Connector: SSRF and Credential Leakage Vulnerabilities Patched in DownloadThreatReports Function</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</link><pubDate>Mon, 29 Jun 2026 09:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14542/</guid><description>Critical security hardening of the Cofense Intelligence Azure Function eliminates a Server-Side Request Forgery (SSRF) vector and credential leakage risk that allowed callers to redirect authenticated requests to arbitrary or internal hosts.</description></item><item><title>New Workbook: Hybrid Attack Kill-Chain Hunting Across Cloud and On-Prem Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</link><pubDate>Mon, 29 Jun 2026 06:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</guid><description>A new behavior-led hunting workbook registers in Microsoft Sentinel covering end-to-end hybrid identity attack scenarios across 7 MITRE ATT&amp;amp;CK phases, correlating signals from Entra ID, Azure, on-prem AD, and Defender XDR.</description></item><item><title>TacitRed Defender TI Playbook: Fixing Content Hub Deployment Failure on Hyphenated Workspace Names</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-13639/</link><pubDate>Wed, 24 Jun 2026 09:19:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-13639/</guid><description>TacitRed Defender Threat Intelligence v3.0.2 fixes an InvalidTemplate ARM error that blocked Content Hub deployment entirely on any workspace with a hyphenated name, plus resolves a sovereign cloud storage endpoint bug and adds required post-deployment RBAC guidance.</description></item><item><title>Threat Intelligence (NEW): Broken Connector Mappings and Case-Sensitive Rule Names Fixed Across 36 Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</link><pubDate>Tue, 23 Jun 2026 12:08:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14300/</guid><description>Two customer-reported issues are resolved: EmailEvents and EmailUrlInfo rules were mapped to the wrong connectors (Office365 instead of MicrosoftThreatProtection), and inconsistent capitalisation in rule names was silently breaking customer Playbook automations.</description></item><item><title>ZeroFox Threat Intelligence Solution: Metadata Fix to Unblock Content Hub Publishing</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14523/</link><pubDate>Mon, 22 Jun 2026 07:49:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14523/</guid><description>Corrects an invalid solution ID in SolutionMetadata.json that was preventing the ZeroFox Threat Intelligence solution from publishing to Content Hub.</description></item><item><title>JoeSandbox Solution: Sample Queries Updated to Use ThreatIntelIndicators Table</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14451/</link><pubDate>Mon, 22 Jun 2026 06:09:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14451/</guid><description>JoeSandbox solution v3.0.2 updates sample queries from the legacy ThreatIntelligenceIndicator table to ThreatIntelIndicators — workspaces still on the legacy table may see broken sample queries post-upgrade.</description></item><item><title>Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</link><pubDate>Fri, 19 Jun 2026 11:27:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14415/</guid><description>A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform.</description></item><item><title>Vaikora-SentinelOne Playbook: Broken IOC Push Restored After HTTP 422 API Rejection</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14364/</link><pubDate>Thu, 18 Jun 2026 12:25:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14364/</guid><description>The v3.0.0 playbook always appended an empty agent_id= parameter, causing the Vaikora API to reject every poll request with HTTP 422, silently halting all IOC delivery to SentinelOne Threat Intelligence since initial deployment.</description></item><item><title>Vaikora-CrowdStrike Playbook: Silent IOC Pipeline Failure Fixed for Monitor All Agents Mode</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14365/</link><pubDate>Thu, 18 Jun 2026 09:50:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14365/</guid><description>When VaikoraAgentId was left blank to monitor all agents, every HTTP 422 rejection from the Vaikora API silently dropped all IOCs - no high/critical-risk actions ever reached CrowdStrike Falcon.</description></item><item><title>ZeroFox Threat Intelligence: Marketplace Packaging Fix Restores Customer Access</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14461/</link><pubDate>Mon, 15 Jun 2026 12:23:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14461/</guid><description>Critical solution ID mismatch prevented customers from installing ZeroFox Threat Intelligence connector from marketplace.</description></item><item><title>Premium MDTI Connector Removed from Threat Intelligence Solution During MDTI Convergence</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14343/</link><pubDate>Mon, 15 Jun 2026 09:58:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14343/</guid><description>Premium Microsoft Defender Threat Intelligence connector no longer available in Threat Intelligence (NEW) solution v3.0.19 as part of MDTI convergence effort.</description></item><item><title>Cyren Threat Intelligence: Data Fidelity Fix Corrects IP Field Pollution by URL UUIDs</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14376/</link><pubDate>Tue, 09 Jun 2026 08:01:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14376/</guid><description>DCR transform fix stops storing malware URL UUIDs in IP fields — improves data quality for threat intelligence queries.</description></item><item><title>NordStellar CCF Push Connector: Real-time Threat Intelligence Integration Now Available</title><link>http://sentinelchangelog.net/posts/2026-05-28-pr-14198/</link><pubDate>Thu, 28 May 2026 12:05:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-28-pr-14198/</guid><description>New NordStellar solution delivers real-time threat intelligence and exposure monitoring via CCF Push architecture to unified NordStellar_CL table.</description></item><item><title>Google Threat Intelligence Solution: Custom Connector Deployment Prerequisites Clarified</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14267/</link><pubDate>Wed, 27 May 2026 06:35:46 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14267/</guid><description>Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use.</description></item><item><title>Cyren Defender Threat Intelligence: New IP and Malware URL Ingestion for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-05-25-pr-14121/</link><pubDate>Mon, 25 May 2026 05:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-25-pr-14121/</guid><description>Content Hub solution adds Cyren threat intelligence feeds for IP reputation and malware URL indicators via automated Logic App playbook.</description></item><item><title>New Cyren-CrowdStrike Threat Intelligence Solution: Automated IOC Sync for Enhanced Threat Detection</title><link>http://sentinelchangelog.net/posts/2026-05-20-pr-13658/</link><pubDate>Wed, 20 May 2026 09:16:04 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-20-pr-13658/</guid><description>Logic App playbook now available to automatically sync Cyren IP reputation and malware URL indicators to CrowdStrike Falcon for streamlined threat blocking.</description></item><item><title>Illumio Insights Graph: New Network Traffic Analysis and Threat Intelligence Connector</title><link>http://sentinelchangelog.net/posts/2026-05-19-pr-14035/</link><pubDate>Tue, 19 May 2026 08:58:22 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-19-pr-14035/</guid><description>New CCF-based connector ingests Illumio AI-powered threat discovery reports with network flow analysis, geographic context, and MITRE ATT&amp;amp;CK framework integration.</description></item><item><title>New Strider Shield Threat Intelligence Connector for Email Security Monitoring</title><link>http://sentinelchangelog.net/posts/2026-05-15-pr-14155/</link><pubDate>Fri, 15 May 2026 11:25:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-15-pr-14155/</guid><description>NVISO introduces Strider Shield CCF connector enabling ingestion of email threat intelligence data across five data streams targeting phishing and BEC protection.</description></item><item><title>Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</link><pubDate>Tue, 12 May 2026 09:22:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</guid><description>Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces.</description></item><item><title>Cyjax Connector: Security and Code Quality Fixes Applied</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14193/</link><pubDate>Thu, 07 May 2026 07:12:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14193/</guid><description>Addressed lint issues, package vulnerabilities, and code vulnerabilities in Cyjax threat intelligence connector.</description></item><item><title>Visa Threat Intelligence: Connector Description Update for Certification</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14206/</link><pubDate>Tue, 05 May 2026 16:50:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14206/</guid><description>Updated Data Connector description in Visa Threat Intelligence solution to resolve certification failure.</description></item><item><title>ZeroFox Digital Risk Protection: Complete CCF Migration with Dual Solution Architecture</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14055/</link><pubDate>Tue, 05 May 2026 08:06:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14055/</guid><description>ZeroFox splits legacy connector into dedicated Alerts and Threat Intelligence solutions using modern CCF architecture with 17 specialized data streams.</description></item><item><title>MISP2Sentinel: Critical Table Reference Fix for Upload Indicators API</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14091/</link><pubDate>Tue, 05 May 2026 07:18:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14091/</guid><description>MISP threat intelligence connector was broken due to incorrect table reference — deployments had zero indicator ingestion until this fix.</description></item><item><title>Microsoft Threat Intelligence TAXII Export Connector Moves to General Availability</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14189/</link><pubDate>Tue, 05 May 2026 06:00:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14189/</guid><description>Microsoft&amp;rsquo;s TAXII Export connector for Threat Intelligence objects is now GA, removing preview limitations for production TI sharing workflows.</description></item><item><title>Joe Sandbox Solution: ARM Template Fixes and IOC Handling Improvements</title><link>http://sentinelchangelog.net/posts/2026-05-04-pr-14130/</link><pubDate>Mon, 04 May 2026 12:39:49 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-04-pr-14130/</guid><description>Joe Sandbox solution updated to v3.0.1 with Azure template fixes, updated storage API versions, and improved IOC processing in playbooks.</description></item><item><title>GreyNoise Threat Intelligence: Packaging Fixes and Security Improvements</title><link>http://sentinelchangelog.net/posts/2026-04-30-pr-14032/</link><pubDate>Thu, 30 Apr 2026 11:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-30-pr-14032/</guid><description>Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings.</description></item><item><title>New Vaikora-CrowdStrike Integration: AI Agent Behavioral Signals to Custom IOCs</title><link>http://sentinelchangelog.net/posts/2026-04-30-pr-13984/</link><pubDate>Thu, 30 Apr 2026 06:47:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-30-pr-13984/</guid><description>Logic App Playbook introduced to poll Vaikora AI agent signals and push high-risk actions as Custom IOCs to CrowdStrike Falcon for automated threat prevention.</description></item><item><title>Visa Threat Intelligence: ARM Template Certification Fix</title><link>http://sentinelchangelog.net/posts/2026-04-29-pr-14167/</link><pubDate>Wed, 29 Apr 2026 18:50:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-29-pr-14167/</guid><description>Replaces deprecated concat with uri function in ARM template to meet Azure certification requirements.</description></item><item><title>Vaikora AI Security: New Logic App Playbook for SentinelOne Threat Intelligence Integration</title><link>http://sentinelchangelog.net/posts/2026-04-29-pr-13985/</link><pubDate>Wed, 29 Apr 2026 12:39:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-29-pr-13985/</guid><description>Data443 introduces Vaikora AI agent behavioral signal integration with SentinelOne threat intelligence via a 6-hour polling playbook.</description></item><item><title>New Spur Context API Solution: High-Fidelity IP Intelligence for VPN and Proxy Detection</title><link>http://sentinelchangelog.net/posts/2026-04-29-pr-14148/</link><pubDate>Wed, 29 Apr 2026 10:42:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-29-pr-14148/</guid><description>New solution provides real-time IP enrichment to detect VPN, residential proxy, and bot automation traffic in incidents and alerts.</description></item><item><title>Cyjax Threat Intelligence Platform: Complete Solution for IOC Ingestion and Investigation</title><link>http://sentinelchangelog.net/posts/2026-04-22-pr-13902/</link><pubDate>Wed, 22 Apr 2026 09:06:53 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-22-pr-13902/</guid><description>New comprehensive Microsoft Sentinel integration adds automated IOC collection, incident enrichment, and interactive threat intelligence dashboards for the Cyjax platform.</description></item><item><title>Visa Threat Intelligence: Package Publishing Fix for Content Hub Deployment</title><link>http://sentinelchangelog.net/posts/2026-04-21-pr-14083/</link><pubDate>Tue, 21 Apr 2026 21:52:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-21-pr-14083/</guid><description>Resolved package publishing failure by adding missing connector information to UI definition file.</description></item><item><title>Recorded Future Sandbox: Enhanced Region Support and Improved Threat Intelligence Structure</title><link>http://sentinelchangelog.net/posts/2026-04-20-pr-14056/</link><pubDate>Mon, 20 Apr 2026 05:13:10 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-20-pr-14056/</guid><description>Recorded Future adds sandbox region configuration parameter and moves threat intelligence evidence details to comply with STIX standard structure.</description></item><item><title>Global Secure Access: Threat Intelligence Detection Restored After URL Regex Failure</title><link>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</link><pubDate>Thu, 16 Apr 2026 12:15:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</guid><description>Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type.</description></item><item><title>Threat Intelligence Domain-to-SecurityAlert Rule: Fixes Recursive Alert Loop with Self-Exclusion Filter</title><link>http://sentinelchangelog.net/posts/2026-04-10-pr-13977/</link><pubDate>Fri, 10 Apr 2026 13:07:15 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-10-pr-13977/</guid><description>Threat Intelligence domain mapping rule updated to prevent infinite alert loops by excluding its own alerts from the source data.</description></item><item><title>Visa Threat Intelligence Solution: Package Artifacts Regenerated After Template Validation Failure</title><link>http://sentinelchangelog.net/posts/2026-04-08-pr-13982/</link><pubDate>Wed, 08 Apr 2026 22:58:22 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-08-pr-13982/</guid><description>Template validation failure fixed through package regeneration for Visa Threat Intelligence solution v3.0.2.</description></item><item><title>SOC Prime CCF: Three New Detection Rules for Platform Security Events</title><link>http://sentinelchangelog.net/posts/2026-04-08-pr-13636/</link><pubDate>Wed, 08 Apr 2026 09:50:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-08-pr-13636/</guid><description>SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs.</description></item><item><title>Cyren-SentinelOne Connector: Restoring Threat Intelligence Deployment After ARM Template Failure</title><link>http://sentinelchangelog.net/posts/2026-04-07-pr-13990/</link><pubDate>Tue, 07 Apr 2026 13:22:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-07-pr-13990/</guid><description>Critical deployment fix for Cyren-SentinelOne connector that was failing ARM template validation in Content Hub, preventing threat intelligence data ingestion.</description></item><item><title>Visa Threat Intelligence Solution: Packaging Metadata Corrected</title><link>http://sentinelchangelog.net/posts/2026-04-03-pr-13881/</link><pubDate>Fri, 03 Apr 2026 03:06:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-03-pr-13881/</guid><description>Fixed missing connector information in deployment template and updated solution tier to Partner status.</description></item><item><title>Recorded Future: IOC Enrichment Noise Reduction via Risk Score Thresholding</title><link>http://sentinelchangelog.net/posts/2026-04-02-pr-13545/</link><pubDate>Thu, 02 Apr 2026 06:26:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-02-pr-13545/</guid><description>Added configurable RiskScoreThreshold parameter to prevent low-risk IOCs from generating incident comments.</description></item><item><title>Cyren-SentinelOne Playbook: Credential Parameter Security Compliance Fix</title><link>http://sentinelchangelog.net/posts/2026-03-30-pr-13945/</link><pubDate>Mon, 30 Mar 2026 14:09:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-30-pr-13945/</guid><description>Fixed Policy 300.4.1.1 violation by securing credential parameters in the Cyren-SentinelOne threat intelligence integration Playbook.</description></item><item><title>Microsoft Threat Intelligence: Detection Logic Optimization Risks in Domain/URL Mapping Rule</title><link>http://sentinelchangelog.net/posts/2026-03-25-pr-13904/</link><pubDate>Wed, 25 Mar 2026 11:26:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-25-pr-13904/</guid><description>Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks.</description></item><item><title>IPinfo Connectors: Azure Functions Dependency Fix for Linux Runtime</title><link>http://sentinelchangelog.net/posts/2026-03-24-pr-13875/</link><pubDate>Tue, 24 Mar 2026 10:39:04 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-24-pr-13875/</guid><description>All IPinfo connector Azure Function packages rebuilt to resolve dependency issues with Linux runtime.</description></item><item><title>Cyren Threat Intelligence: SentinelOne IOC Automation Solution Deployed</title><link>http://sentinelchangelog.net/posts/2026-03-24-pr-13657/</link><pubDate>Tue, 24 Mar 2026 04:56:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-24-pr-13657/</guid><description>New Content Hub solution automates IOC ingestion from Cyren CCF feeds (IP reputation and malware URLs) into SentinelOne for automated threat detection and response.</description></item><item><title>GreyNoise Threat Intelligence: SDK Update Addresses Function App Runtime Issues</title><link>http://sentinelchangelog.net/posts/2026-03-23-pr-13819/</link><pubDate>Mon, 23 Mar 2026 09:47:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-23-pr-13819/</guid><description>Updated GreyNoise Python SDK to v3.0.3, fixed module mismatches, and bumped Azure Functions runtime to resolve connector stability issues.</description></item><item><title>CrowdStrike Adversary Intelligence Connector: Function App Deployment Fix</title><link>http://sentinelchangelog.net/posts/2026-03-20-pr-13864/</link><pubDate>Fri, 20 Mar 2026 07:22:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-20-pr-13864/</guid><description>Version constraint fix restores Function App deployment after Azure Functions runtime compatibility issue.</description></item><item><title>New Censys Solution: Attack Surface Intelligence and Entity Enrichment</title><link>http://sentinelchangelog.net/posts/2026-03-18-pr-13752/</link><pubDate>Wed, 18 Mar 2026 13:27:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-18-pr-13752/</guid><description>Adds comprehensive playbook automation for Censys threat intelligence enrichment, providing IP/domain/certificate context during incident investigation.</description></item><item><title>Threat Intelligence: Duo Security IP Detection Updated for ASIM Schema Compliance</title><link>http://sentinelchangelog.net/posts/2026-03-17-pr-13774/</link><pubDate>Tue, 17 Mar 2026 05:08:53 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-17-pr-13774/</guid><description>IPEntity_DuoSecurity detection migrated from legacy DuoSecurityAuthentication_CL table to normalized CiscoDuo ASIM schema.</description></item><item><title>Cyren Threat Intelligence: Flexible Deployment with Optional JWT Tokens</title><link>http://sentinelchangelog.net/posts/2026-03-13-pr-13811/</link><pubDate>Fri, 13 Mar 2026 07:42:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-03-13-pr-13811/</guid><description>Cyren threat intelligence connectors now support conditional deployment — customers can install either IP reputation or malware URL feeds individually based on their subscription.</description></item></channel></rss>