SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion
Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques. Read More →
Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques. Read More →
SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments. Read More →
Workbook metadata entry added for AWS Security Hub compliance visualization — workbook content deployment follows separately. Read More →
CCF connector schema updated to capture additional attack context with codeLocation, vectorAnalysis, and request_parameters fields for improved threat analysis. Read More →
Enhanced Solutions Analyzer tooling improves connector discovery accuracy and adds artifact deep-linking for external integrations. Read More →
DCR transform fix stops storing malware URL UUIDs in IP fields — improves data quality for threat intelligence queries. Read More →
Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents. Read More →
Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities. Read More →
CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security. Read More →
ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap. Read More →
Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →
Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →
Microsoft Sentinel Logstash plugin updated to v2.2.1 with improved batch logging and comprehensive security warnings for vulnerable Logstash versions. Read More →
CrowdStrike API connector now supports multiple domain configurations with unique aliases, enabling organizations to ingest data from different CrowdStrike instances simultaneously. Read More →
AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans. Read More →
Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →
Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →
Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references. Read More →
ASIM AssetEntity schema upgraded to v1.0.0 with three new fields for enhanced entity correlation and snapshot tracking. Read More →
Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →