<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Updated on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/updated/</link><description>Recent content in Updated on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 16:24:56 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/updated/index.xml" rel="self" type="application/rss+xml"/><item><title>Cisco Secure Endpoint ASIM AlertEvent Parser: Missing Mandatory Fields Causing Data Fidelity Gap</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14631/</link><pubDate>Fri, 10 Jul 2026 16:24:56 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14631/</guid><description>TimeGenerated and Type fields were absent from the Cisco Secure Endpoint ASIM AlertEvent parser output, causing null returns for all rows referencing these now-mandatory schema fields in downstream queries.</description></item><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>Infoblox SOC Insights: New CCF Connector Replaces Deprecated Legacy Integration</title><link>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</link><pubDate>Thu, 09 Jul 2026 22:19:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-09-pr-14651/</guid><description>Infoblox SOC Insights gains a native CCF-based data connector via REST API polling, restoring structured ingestion of BloxOne Threat Defense insights into the InfobloxInsight_CL table after prior connectors were deprecated.</description></item><item><title>Cisco Meraki CCF Connector Expands to Cover Rogue AP Detection and Network Inventory</title><link>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</link><pubDate>Wed, 08 Jul 2026 21:22:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-08-pr-14629/</guid><description>The Cisco Meraki CCF connector (v3.1.0) adds four new ingestion streams - Organizations, Organization Networks, Network Clients, and Wireless Air Marshal Events - extending coverage beyond the original ASIM event types to include wireless threat detection and full network inventory visibility.</description></item><item><title>Imperva Cloud WAF CCF Connector Graduates to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</link><pubDate>Tue, 07 Jul 2026 21:34:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14637/</guid><description>The Imperva Cloud WAF CCF connector moves from Public Preview to GA, with connector UI template variables replaced by the literal ImpervaWAFCloud table name - no ingestion logic changes.</description></item><item><title>Azure WAF Log4j Detection: Schema Gap Closed for details_message_s and details_msg_s Fields</title><link>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</link><pubDate>Tue, 07 Jul 2026 11:52:51 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-07-pr-14611/</guid><description>The AzureWAFmatching_log4j_vuln Analytic Rule was silently missing CVE-2021-44228 exploit attempts in WAF logs that surfaced details_message_s via AdditionalFields or used the details_msg_s column variant, leaving a schema-dependent blind spot in Log4Shell detection.</description></item><item><title>ESET PROTECT Platform Connector: Dependency Rollback Including Cryptography Downgrade Warrants Review</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</link><pubDate>Fri, 03 Jul 2026 11:07:29 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14536/</guid><description>The ESET PROTECT Platform Function App connector rolls back several Python dependencies to lower versions, including cryptography from 48.0.0 to 43.0.1, without documented CVE justification &amp;ndash; operators should verify no security regressions are introduced.</description></item><item><title>Recorded Future: Defender Portal Migration Breaks Incident Creation -- Playbooks Redesigned Around Analytic Rules</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</link><pubDate>Fri, 03 Jul 2026 09:26:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14199/</guid><description>Recorded Future v3.2.20 removes direct incident creation from four playbooks (now incompatible with the unified Microsoft Defender portal) and introduces new Analytic Rules to restore incident generation from custom log tables.</description></item><item><title>Wiz Connector Overhaul: Agentless DCR Push Integration Adds Detections Stream, Eliminates Function App Attack Surface</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</link><pubDate>Fri, 03 Jul 2026 09:26:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</guid><description>Wiz v3.0.1 replaces the legacy Azure Function pull connector with a native DCR push integration, adding a new WizDetectionsV3_CL data stream and removing the need for customer-hosted infrastructure or shared workspace keys.</description></item><item><title>BlueVoyant Claude Compliance Connector: DCR Schema Expanded with Activity Fields, Sensitive request_body Removed</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</link><pubDate>Fri, 03 Jul 2026 07:29:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14585/</guid><description>The BlueVoyant Anthropic Claude Compliance CCF connector v1.0.1 expands the DCR schema with dozens of activity-specific fields required for hunting and detection, and removes the request_body column to prevent ingestion of potentially sensitive data.</description></item><item><title>Entra ID Brute-Force Detection: Sort Order Fix Corrects Anomaly Decomposition Input</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</link><pubDate>Fri, 03 Jul 2026 06:43:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14589/</guid><description>The BruteForceAgainstanEntraAuthenticatedWindowsDevice Analytic Rule was building unsorted time-series arrays for series_decompose_anomalies, meaning anomaly detection results could be incorrect or inconsistent across executions &amp;ndash; this fix enforces chronological ordering and stable serialization before make_list.</description></item><item><title>GitHub AzStorage Connector: Expanded api.request Fields Land in New GitHubAuditLogsV3_CL Table</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</link><pubDate>Thu, 02 Jul 2026 11:15:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14561/</guid><description>The GitHub Azure Storage CCF connector gains a new V3 table with 10 additional api.request fields including token_scopes, request_method, request_body, status_code, and url_path, improving visibility into API-level attacker activity in GitHub audit logs.</description></item><item><title>AI Agents Hunting Queries Migrated to Unified AgentsInfo Table -- Connector-Split Queries Retired</title><link>http://sentinelchangelog.net/posts/2026-07-02-pr-14594/</link><pubDate>Thu, 02 Jul 2026 10:38:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-02-pr-14594/</guid><description>Seven consolidated AI agent hunting queries now target the unified Defender XDR AgentsInfo table, replacing 26 connector-specific queries split across the A365 and Copilot Studio connectors; existing deployments still running the old AIAgentsInfo-based queries have had no effective hunting coverage since the table split was introduced.</description></item><item><title>Rapid7 InsightVM CCF Connector Promoted to General Availability</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</link><pubDate>Wed, 01 Jul 2026 19:47:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14604/</guid><description>The Rapid7 InsightVM CCF data connector moves out of Public Preview to GA, updating the API version to the stable 2025-09-01 release.</description></item><item><title>QRadar Migration Tool: Summary Row and Delimiter Changes Affect CSV Output Format</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14590/</link><pubDate>Wed, 01 Jul 2026 06:12:26 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14590/</guid><description>The QRadar collector script (v0.4.1) appends a sentinel summary row of all active Log Source Types to the exported rules CSV and switches bracket-list formatting from comma to pipe separators, breaking any downstream parsers expecting the previous format.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</link><pubDate>Mon, 29 Jun 2026 13:21:35 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</guid><description>The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life.</description></item><item><title>Microsoft Entra ID Assets Connector: EntraEligibleMembers Table Added (Preview)</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</link><pubDate>Mon, 29 Jun 2026 08:58:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14568/</guid><description>The Microsoft Entra ID Assets connector gains a new EntraEligibleMembers table checkbox in the portal, expanding Privileged Identity Management (PIM) visibility for eligible role assignment tracking.</description></item><item><title>Salesforce Service Cloud ASIM Authentication Parser: Extended to Cover CCF V2/V3 Connector Tables</title><link>http://sentinelchangelog.net/posts/2026-06-26-pr-14215/</link><pubDate>Fri, 26 Jun 2026 17:34:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-26-pr-14215/</guid><description>The ASIM Authentication parser for Salesforce Service Cloud now normalises logs from the V2 and V3 CCF connector tables &amp;ndash; environments using the updated codeless connectors were previously producing zero normalised authentication events.</description></item><item><title>Cisco ISE ASIM Auth Parser: Regex Fix Restores EventOriginalType Extraction Across Log Format Variants</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14554/</link><pubDate>Thu, 25 Jun 2026 18:49:15 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14554/</guid><description>A broken regex in both the ASimAuthenticationCiscoISE and vimAuthenticationCiscoISE parsers caused EventOriginalType to return null for Cisco ISE syslog messages that include extended timestamp/sequence prefixes, silently dropping event classification for those log variants.</description></item><item><title>Cybersixgill Actionable Alerts: Packaging Fix for Channel and Step ID Variables (P0)</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14559/</link><pubDate>Thu, 25 Jun 2026 12:15:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14559/</guid><description>P0-labeled packaging-only update to the Cybersixgill Actionable Alerts solution that extracts hardcoded channel and step IDs into template variables in mainTemplate.json &amp;ndash; no YAML content or detection logic changes.</description></item><item><title>Darktrace CCF Connector: Account Entity Mapping Added to Analytic Rules, Closing SaaS Identity Correlation Gap</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</link><pubDate>Thu, 25 Jun 2026 11:35:07 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14546/</guid><description>Two Darktrace Analytic Rules now map user account names as Account entities for SaaS/identity-based incidents, and the DarktraceIncidents_CL table gains a modelBreaches field exposing the full chain of associated model alerts &amp;ndash; data that was previously absent from incident context.</description></item><item><title>Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</link><pubDate>Thu, 25 Jun 2026 09:31:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</guid><description>The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser.</description></item><item><title>Fortinet FortiGate ASIM Auth Parser: Failed and System-Success Login Events Were Silently Dropped</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14548/</link><pubDate>Wed, 24 Jun 2026 16:48:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14548/</guid><description>The FortiGate ASIM Authentication parser was silently discarding event:system failed and event:system success log types, creating a blind spot for credential-based attacks and successful system authentications on FortiGate devices.</description></item><item><title>BitSight Function App Connector: UI Updated to Reflect Log Ingestion API Authentication Requirements</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14487/</link><pubDate>Wed, 24 Jun 2026 08:31:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14487/</guid><description>The BitSight legacy Function App connector UI page was updated to align with the Log Ingestion API (DCR) ingestion path, removing the Workspace ID/Key deployment step and replacing it with Entra ID credential requirements.</description></item><item><title>Microsoft Entra ID Assets Connector Gains Owner and Sponsor Relationship Tables</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14540/</link><pubDate>Wed, 24 Jun 2026 06:03:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14540/</guid><description>Two new identity graph tables &amp;ndash; EntraOwners and EntraSponsors &amp;ndash; are now available in the Microsoft Entra ID Assets connector, expanding the identity relationship data surface for investigating account takeover and privilege escalation paths.</description></item><item><title>Trend Micro Vision One Connector: Indonesia Region Support Added, Deployments in ID Site Were Unable to Ingest</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14533/</link><pubDate>Tue, 23 Jun 2026 06:01:03 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14533/</guid><description>The Trend Micro Vision One Function App connector gains support for the Indonesia (id) API region, resolving a complete ingestion gap for customers deployed on api.id.xdr.trendmicro.com.</description></item><item><title>Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added</title><link>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</link><pubDate>Tue, 23 Jun 2026 05:40:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-23-pr-14537/</guid><description>Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added.</description></item><item><title>New ASIM WebSession Parser Brings AWS WAF Traffic into Normalized Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14496/</link><pubDate>Mon, 22 Jun 2026 21:57:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14496/</guid><description>AWS WAF web session logs can now be ingested and normalized via the ASIM WebSession schema, enabling source-agnostic detections against WAF allow/block/challenge/captcha decisions from the AWSWAF table.</description></item><item><title>SilkTyphoon Child Process Detection: Duplicate Connector Mapping Removed</title><link>http://sentinelchangelog.net/posts/2026-06-22-pr-14428/</link><pubDate>Mon, 22 Jun 2026 10:12:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-22-pr-14428/</guid><description>The SilkTyphoonNewUMServiceChildProcess Analytic Rule carried a duplicate and mistyped connector entry (SecurityEvents instead of SecurityEvent) that could cause connector validation errors or unexpected behaviour in environments relying on connector dependency resolution.</description></item><item><title>AS-Checkmarx-SAST-Ingestion Playbook: Loop Optimization, Parameterized DCE/DCR Names, and CRITICAL Severity Support</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14506/</link><pubDate>Fri, 19 Jun 2026 10:35:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14506/</guid><description>The Checkmarx SAST ingestion Playbook receives pagination fixes, configurable DCE/DCR resource names to support multi-playbook deployments, a corrected severity schema (adding CRITICAL tier), and a reduced default lookback window from 7 to 2 days.</description></item><item><title>Microsoft Defender XDR: OAuth and Device-Code Phishing Hunting Queries Unblocked After ARM-TTK Pipeline Failure</title><link>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</link><pubDate>Thu, 18 Jun 2026 05:58:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-18-pr-14472/</guid><description>Two Defender XDR hunting queries targeting OAuth consent and device-code phishing were blocked from pipeline validation due to ARM-TTK hardcoded URI false positives; KQL refactored to construct URLs via strcat(), restoring deployment and preserving detection semantics.</description></item><item><title>BloodHound Enterprise Workbooks: Parameter Query Failures Fixed with Explicit 30-Day Time Context</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14470/</link><pubDate>Wed, 17 Jun 2026 05:37:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14470/</guid><description>All six BloodHound Enterprise workbooks had parameter dropdown queries silently failing due to missing time context; this fix adds an explicit 30-day timeContext (durationMs: 2592000000) to each parameter, restoring operator visibility into attack paths and posture data.</description></item><item><title>SentinelOne CCF Connector Upgraded to Multi-Instance for MSSP Deployments</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14406/</link><pubDate>Tue, 16 Jun 2026 21:24:47 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14406/</guid><description>The SentinelOne CCF connector now supports multiple simultaneous instances via a grid/context-pane UX, enabling MSSPs to ingest from multiple SentinelOne tenants without deploying duplicate solutions.</description></item><item><title>CCF Solution Packaging Tool Gains Five New Auth Type Handlers</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14500/</link><pubDate>Tue, 16 Jun 2026 20:55:58 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14500/</guid><description>The createCCPConnector.ps1 solution packaging script now supports CiscoDuo, CommVault, VisaXpayToken, BarracudaWAF, and EdgeGrid auth types, unblocking connector packaging for products using these authentication schemes.</description></item><item><title>Zimperium MTD Gains Incident Log Ingestion via Two New CCF Tables</title><link>http://sentinelchangelog.net/posts/2026-06-16-pr-14382/</link><pubDate>Tue, 16 Jun 2026 06:03:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-16-pr-14382/</guid><description>The Zimperium Mobile Threat Defense CCF connector now ingests mobile incident data into two new custom tables, extending threat visibility beyond raw threat events to correlated incident and mitigation workflows.</description></item><item><title>QualysVM Connector Enhanced with QDS Score Parameter</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-14381/</link><pubDate>Mon, 15 Jun 2026 06:38:00 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-14381/</guid><description>Added QDS score parameter to QualysVM CCF connector, enabling users to include Qualys Detection Scores in vulnerability data collection.</description></item><item><title>Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</link><pubDate>Fri, 12 Jun 2026 07:01:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</guid><description>Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility.</description></item><item><title>ASIM Schema Tester: Fixing Critical Validation Gap for Common Fields</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14468/</link><pubDate>Fri, 12 Jun 2026 01:12:32 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14468/</guid><description>Critical fix restores validation of Common schema fields alongside schema-specific fields in ASIM parser testing.</description></item><item><title>AWS Security Hub Solution v3.0.4: Workbook Metadata Correction</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14465/</link><pubDate>Thu, 11 Jun 2026 14:26:21 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14465/</guid><description>Fixes missing workbook metadata in AWS Security Hub solution package without changing detection or ingestion logic.</description></item><item><title>Azure SQL Database Detection Rules: Enhanced MITRE Coverage and Alert Context</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</link><pubDate>Thu, 11 Jun 2026 13:00:36 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-13876/</guid><description>Quality improvements to 10 Azure SQL analytic rules add missing MITRE techniques, alert customization, and standardized query outputs.</description></item><item><title>SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14429/</link><pubDate>Thu, 11 Jun 2026 09:19:52 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14429/</guid><description>Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques.</description></item><item><title>SAP BTP: Enhanced Cloud Integration Deployment Detection with Audit Configuration Events</title><link>http://sentinelchangelog.net/posts/2026-06-11-pr-14430/</link><pubDate>Thu, 11 Jun 2026 09:18:38 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-11-pr-14430/</guid><description>SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments.</description></item><item><title>AWS Security Hub Compliance Workbook Metadata Added to Content Registry</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14452/</link><pubDate>Wed, 10 Jun 2026 13:22:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14452/</guid><description>Workbook metadata entry added for AWS Security Hub compliance visualization — workbook content deployment follows separately.</description></item><item><title>Contrast ADR: Enhanced Attack Event Schema with Code Location and Vector Analysis Fields</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14218/</link><pubDate>Wed, 10 Jun 2026 10:27:10 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14218/</guid><description>CCF connector schema updated to capture additional attack context with codeLocation, vectorAnalysis, and request_parameters fields for improved threat analysis.</description></item><item><title>Solutions Analyzer v9.8: Connector Discovery Accuracy and Documentation Deep-Links</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14425/</link><pubDate>Wed, 10 Jun 2026 03:39:39 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14425/</guid><description>Enhanced Solutions Analyzer tooling improves connector discovery accuracy and adds artifact deep-linking for external integrations.</description></item><item><title>Cyren Threat Intelligence: Data Fidelity Fix Corrects IP Field Pollution by URL UUIDs</title><link>http://sentinelchangelog.net/posts/2026-06-09-pr-14376/</link><pubDate>Tue, 09 Jun 2026 08:01:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-09-pr-14376/</guid><description>DCR transform fix stops storing malware URL UUIDs in IP fields — improves data quality for threat intelligence queries.</description></item><item><title>Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links</title><link>http://sentinelchangelog.net/posts/2026-06-08-pr-14362/</link><pubDate>Mon, 08 Jun 2026 09:50:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-08-pr-14362/</guid><description>Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents.</description></item><item><title>Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</link><pubDate>Fri, 05 Jun 2026 05:39:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</guid><description>Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities.</description></item><item><title>CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</link><pubDate>Fri, 05 Jun 2026 05:38:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</guid><description>CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security.</description></item><item><title>ASIM Authentication Parsers: Palo Alto Data Fidelity Fix for DvcIpAddr Field</title><link>http://sentinelchangelog.net/posts/2026-06-02-pr-14396/</link><pubDate>Tue, 02 Jun 2026 21:22:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-02-pr-14396/</guid><description>ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap.</description></item></channel></rss>