Azure Security Benchmark: Updated Labels to Microsoft Cloud Security Benchmark

Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →

ExtraHop RevealX: Azure Monitor Logs Ingestion API Replaces Legacy HTTP Data Collector

Added Log Ingestion API support with OAuth 2.0 authentication — modernizes data ingestion from legacy HTTP Data Collector API. Read More →

Cisco Umbrella ASIM Parser: Fixing Variable Scope Bug in IP Filter Logic

Moves critical IP filtering variables inside parser function to prevent incorrect filtering and potential data loss. Read More →

Trend Micro Vision One Connector: South Africa Region Support Added

Added South Africa (za) regional API endpoint support, expanding global deployment coverage for Trend Micro Vision One data ingestion. Read More →

SOC Prime CCF: Three New Detection Rules for Platform Security Events

SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs. Read More →

SAP Agentless Connector: Reduced Permission Model for Enhanced Security

SAP Reader role permissions significantly reduced for agentless connector, implementing least-privilege access while maintaining monitoring capabilities. Read More →

ASIM AssetEntity Schema: EntitySource Enumeration and EntityOriginalSource Added

ASIM AssetEntity schema now enforces cloud platform enumeration and adds source traceability field. Read More →

Proofpoint TAP and POD Connectors: User-Agent Header Added for Solution Version Tracking

Proofpoint connectors now send user-agent headers with solution package version information for improved API request identification. Read More →

Trellix Solution Enters GA: Production Ready for Cyberthreat Detection

Trellix solution transitioned from preview to GA status, now production-ready for deployment. Read More →

Qualys VM: CCF Connector Adds Vulnerability Intelligence Stream

Qualys VM Knowledge Base solution now includes a Codeless Connector Framework (CCF) implementation for automated vulnerability data ingestion alongside the existing legacy connector. Read More →

TheHive Connector: Production-Ready with Enhanced Custom Fields Mapping

TheHive CCF connector promoted to General Availability with improved custom fields processing, removing preview limitations for security incident management workflows. Read More →

ASIM AlertEvent Parser: Microsoft Defender XDR Missing AlertOriginalStatus Field Restored

Critical data fidelity fix restores missing AlertOriginalStatus field in Microsoft Defender XDR ASIM AlertEvent parser, resolving alert status visibility gap. Read More →

Recorded Future: IOC Enrichment Noise Reduction via Risk Score Thresholding

Added configurable RiskScoreThreshold parameter to prevent low-risk IOCs from generating incident comments. Read More →

Microsoft A365 Observability Connector: Explicit SecurityAdmin Requirement Removed

Microsoft removed the explicit SecurityAdmin requirement from the A365 Observability connector, but GlobalAdmin — the highest privilege level in Azure AD — is still required. This is not a reduction in required privilege. Read More →

Imperva Cloud WAF: Production Ready CCF Connector with Standard Tables

Imperva Cloud WAF CCF connector migrates from private preview custom tables to public preview standard tables. Read More →

Tenable VM Parser: CVSS 4.0 and VPR v2 Field Mapping Restores Missing Vulnerability Scoring Data

Tenable VM vulnerability parser now extracts CVSS 4.0 vector components and VPR v2 threat intelligence previously unmapped from ingested vulnerability scans. Read More →

Corelight: Enhanced Data Fidelity for Network Aggregation Events

Fixes field mapping inconsistencies in Corelight aggregation parsers that caused data loss and adds aggregation filtering to the Data Explorer workbook. Read More →

Varonis Purview Connector: Schema Update Enhances Data Fidelity and Field Coverage

Varonis Purview schema update adds new fields and corrects data types, improving query reliability for asset tracking and classification data. Read More →

Microsoft Threat Intelligence: Detection Logic Optimization Risks in Domain/URL Mapping Rule

Analytic rule optimization introduces potential detection gaps by reordering deduplication before indicator validity checks. Read More →

Commvault Security IQ: Enhanced Threat Scan Event Coverage and Parser Fix

Two new threat scan event types added to ingestion with regex fix for PascalCase field extraction. Read More →