OpenAI Connector: Migration to ASIM Standard Improves AI Monitoring Normalization

OpenAI chat completions data now ingests to ASimAgentEventLogs standard table, enabling standardized AI usage monitoring and cross-product correlation. Read More →

XBOW: API Version 2026-04-01 Upgrade Enriches Assessment Data with Attack Credits and Events

XBOW connector upgrades to latest API version, adding attack credits tracking and recent event details to assessment ingestion for improved offensive security visibility. Read More →

ESET PROTECT Platform: Delta Token Migration Eliminates Data Gaps from Timestamp Filtering

ESET connector switches from unreliable timestamp filtering to delta tokens, closing potential data loss gaps during high-volume ingestion periods. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Microsoft Entra ID Protection: Enhanced Detection Logic Filters Out Admin Risk Events

Updated CorrelateIPC_Unfamiliar-Atypical rule adds filtering to exclude admin-triggered atypical travel alerts, improving detection precision. Read More →

Dynatrace Parsers: Critical Timestamp Fix Restores Query Reliability

Data fidelity fix converts Unix epoch millisecond fields to datetime, resolving duplicate typed columns that broke query functionality in Dynatrace parsers. Read More →

M365 Defender ASIM Parser: TargetUserSessionId Field Restoration Fixes Data Fidelity Gap

Missing TargetUserSessionId field in Microsoft 365 Defender ASIM ProcessEvent parsers has been restored, fixing queries that previously returned null for this session correlation field. Read More →

Azure Firewall Detection Quality Overhaul: Enhanced Alert Context and Reduced Query Costs

Comprehensive quality improvements to 11 Azure Firewall detections and 5 hunting queries add entity mappings, custom details, and query optimizations to reduce false positives and improve incident context. Read More →

Workspace Usage Report Workbook: Query Comparison False Positives Fixed

Workbook no longer flags legitimate rule template and active rule pairs as having different query text due to whitespace sensitivity. Read More →

BloodHound Enterprise: Function App Upgrade Fixes Data Collection and Ingestion Gaps

Deployment source moved to stable Microsoft repo, custom table schemas fixed, and Function App ingestion enhanced for reliable attack path visibility. Read More →

Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →

Microsoft Threat Intelligence TAXII Export Connector Moves to General Availability

Microsoft’s TAXII Export connector for Threat Intelligence objects is now GA, removing preview limitations for production TI sharing workflows. Read More →

Salesforce Service Cloud Connector: Enhanced Event Log Coverage and Multi-Domain Support

Major connector upgrade introduces comprehensive event field collection and multi-tenant monitoring capabilities. Read More →

Abnormal Security CCF Connector: Schema Alignment Fixes Column Visibility Gaps

Abnormal Security CCF connector v3.0.1 fixes table column naming to match Microsoft Log Analytics output, restoring access to previously missing metadata fields. Read More →

CrowdStrike Falcon Data Replicator: Incorrect Deprecation Reversed, Connector Restored to Active Status

CrowdStrike’s Function App-based data replicator was incorrectly deprecated and has been restored to active status to maintain government deployment support. Read More →

GreyNoise Threat Intelligence: Packaging Fixes and Security Improvements

Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings. Read More →

ZoomReports: Cloud Recording API Polling Optimized to Reduce Data Duplication

Updates polling interval from 2-day to 1-day window with 1-day delay to eliminate duplicate Zoom cloud recording logs. Read More →

Qualys KB Connector Now GA: Production-Ready Vulnerability Intelligence

Qualys Knowledge Base connector moves from Preview to General Availability, providing production-grade vulnerability intelligence ingestion with enhanced monitoring capabilities. Read More →

Qualys VM Connector: API Version 5.0 Migration Before Deprecation

Qualys VM connector upgraded from API v3.0 to v5.0 to prevent June deprecation cutoff impacting vulnerability data ingestion. Read More →