Azure Security Benchmark: Updated Labels to Microsoft Cloud Security Benchmark
Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →
Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →
Added Log Ingestion API support with OAuth 2.0 authentication — modernizes data ingestion from legacy HTTP Data Collector API. Read More →
Moves critical IP filtering variables inside parser function to prevent incorrect filtering and potential data loss. Read More →
Added South Africa (za) regional API endpoint support, expanding global deployment coverage for Trend Micro Vision One data ingestion. Read More →
SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →
SAP Reader role permissions significantly reduced for agentless connector, implementing least-privilege access while maintaining monitoring capabilities. Read More →
ASIM AssetEntity schema now enforces cloud platform enumeration and adds source traceability field. Read More →
Proofpoint connectors now send user-agent headers with solution package version information for improved API request identification. Read More →
Trellix solution transitioned from preview to GA status, now production-ready for deployment. Read More →
Qualys VM Knowledge Base solution now includes a Codeless Connector Framework (CCF) implementation for automated vulnerability data ingestion alongside the existing legacy connector. Read More →
TheHive CCF connector promoted to General Availability with improved custom fields processing, removing preview limitations for security incident management workflows. Read More →
Critical data fidelity fix restores missing AlertOriginalStatus field in Microsoft Defender XDR ASIM AlertEvent parser, resolving alert status visibility gap. Read More →
Added configurable RiskScoreThreshold parameter to prevent low-risk IOCs from generating incident comments. Read More →
Microsoft removed the explicit SecurityAdmin requirement from the A365 Observability connector, but GlobalAdmin — the highest privilege level in Azure AD — is still required. This is not a reduction in required privilege. Read More →
Imperva Cloud WAF CCF connector migrates from private preview custom tables to public preview standard tables. Read More →
Tenable VM vulnerability parser now extracts CVSS 4.0 vector components and VPR v2 threat intelligence previously unmapped from ingested vulnerability scans. Read More →
Fixes field mapping inconsistencies in Corelight aggregation parsers that caused data loss and adds aggregation filtering to the Data Explorer workbook. Read More →
Varonis Purview schema update adds new fields and corrects data types, improving query reliability for asset tracking and classification data. Read More →
Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks. Read More →
Two new threat scan event types added to ingestion with regex fix for PascalCase field extraction. Read More →