SAP ETD: New Telemetry Tampering Detection Rules Target Defense Evasion

Two SAP Enterprise Threat Detection rules added to detect feed silence and per-SID data gaps, addressing T1562 defense evasion techniques. Read More →

SAP BTP: Enhanced Cloud Integration Deployment Detection with Audit Configuration Events

SAP BTP analytic rule reworked to use audit.configuration events, providing richer artifact context and improved actor attribution for Cloud Integration deployments. Read More →

AWS Security Hub Compliance Workbook Metadata Added to Content Registry

Workbook metadata entry added for AWS Security Hub compliance visualization — workbook content deployment follows separately. Read More →

Contrast ADR: Enhanced Attack Event Schema with Code Location and Vector Analysis Fields

CCF connector schema updated to capture additional attack context with codeLocation, vectorAnalysis, and request_parameters fields for improved threat analysis. Read More →

Solutions Analyzer v9.8: Connector Discovery Accuracy and Documentation Deep-Links

Enhanced Solutions Analyzer tooling improves connector discovery accuracy and adds artifact deep-linking for external integrations. Read More →

Cyren Threat Intelligence: Data Fidelity Fix Corrects IP Field Pollution by URL UUIDs

DCR transform fix stops storing malware URL UUIDs in IP fields — improves data quality for threat intelligence queries. Read More →

Digital Shadows: Updated EventReportUrl to Use GreyMatter Platform Links

Digital Shadows analytic rules now use server-provided GreyMatter URLs instead of deprecated portal links, preventing broken URL entities in Sentinel incidents. Read More →

Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility

Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities. Read More →

CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API

CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security. Read More →

ASIM Authentication Parsers: Palo Alto Data Fidelity Fix for DvcIpAddr Field

ASIM Authentication parsers for Palo Alto PAN-OS and GlobalProtect now correctly populate DvcIpAddr field, fixing data fidelity gap. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)

Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →

Logstash Output Plugin: Version 2.2.1 with Enhanced Logging and Security Warnings

Microsoft Sentinel Logstash plugin updated to v2.2.1 with improved batch logging and comprehensive security warnings for vulnerable Logstash versions. Read More →

CrowdStrike API Connector: Multi-Domain Support for Enterprise Deployments

CrowdStrike API connector now supports multiple domain configurations with unique aliases, enabling organizations to ingest data from different CrowdStrike instances simultaneously. Read More →

AWS S3 and CrowdStrike Connectors: Non-Analytics Tier Query Support for Basic/Auxiliary Plans

AWS S3 and CrowdStrike Falcon S3 Data Replicator connectors now support Usage table fallback queries for deployments using Basic/Auxiliary Log Analytics plans. Read More →

Bitdefender GravityZone Solution v3.0.1 Adds Incident Analytics for Endpoint and Email Protection

Complete Microsoft Sentinel solution integrating Bitdefender GravityZone multi-vector threat detection with DCR-based ingestion and XDR correlation. Read More →

BitSight: Function App to CCF Migration Restores Third-Party Risk Visibility

Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →

Cloudflare CCF Workbook: Fixed Field Mapping for New CCF Schema

Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references. Read More →

ASIM AssetEntity Schema: Three New Fields Added in v1.0.0 Release

ASIM AssetEntity schema upgraded to v1.0.0 with three new fields for enhanced entity correlation and snapshot tracking. Read More →

CrowdStrike Content Doctor Enhancement: Improved Detection Logic and Alert Customization

Content Doctor improvements to CrowdStrike Falcon detection rules enhancing KQL logic, MITRE mappings, and alert presentation for critical/high severity detections. Read More →