Rapid7 InsightVM Data Connector: Azure Functions Extension Bundle Upgrade to 4.x

Rapid7 InsightVM Function App connector updated to use latest 4.x Azure Functions extension bundles from deprecated 3.x version. Read More →

Snowflake Multiple Failed Queries Detection: Fixed False Positives from Load Operations

Snowflake detection rule now filters out events lacking QueryExecutionStatus to prevent false alerts from data loading operations. Read More →

OAuth Data Connectors: Dynamic Redirect URI Support Simplifies Authentication Setup

Four OAuth-based data connectors now support dynamic redirect URIs, eliminating manual Azure portal configuration requirements. Read More →

ASIM SSH Authentication Parser: Improved Invalid User Event Parsing

OpenSSH authentication parser now correctly extracts source IP addresses from “Invalid user” events regardless of port format. Read More →

GitHub Enterprise Cloud Connector: Audit Log Data Ingestion Now Generally Available

GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →

ASIM Authentication Parser: Linux Su Command Enhanced with Failed Authentication Support

Linux su parser significantly enhanced to capture failed su attempts, correct event classification from Elevation to Logon, and improve field mappings for comprehensive privilege escalation monitoring. Read More →

ASIM Authentication Parser: Palo Alto Cortex Data Lake Performance and Schema Fixes

Palo Alto Cortex Data Lake authentication parser enhanced with schema compliance improvements, performance optimizations, and corrected field mappings for better data fidelity. Read More →

ASIM Authentication Parser: Microsoft 365 Defender Schema Compliance Enhancement

Microsoft 365 Defender authentication parser improved ASIM compliance by removing unnormalized columns and relocating process/hash metadata to AdditionalFields structure. Read More →

Multi-Solution Link Updates: MITRE Technique Corrections and Reference Refreshes

Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →

ASIM Authentication Parser: Enhanced SSH Authentication Method Detection

SSH authentication parser now accurately identifies logon methods (password, PKI, PAM) and adds improved field mappings for better authentication visibility. Read More →

ASIM NetworkSession Parser: Critical IP Address Mapping Fix for Azure NSG Flow Data

Azure NTANetAnalytics parser now correctly maps source and destination IP addresses from PublicIPs fields when primary IP fields are empty, closing a data fidelity blind spot. Read More →

SAP BTP: 10 New Enterprise Security Detections for Cloud Integration and Identity Service

New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability. Read More →

AWS Access Logs: Security Enhancement for SQS Principal Access Control

AWS S3 Server Access Logs CloudFormation template receives critical security update restricting SQS queue principal from wildcard to S3 service only. Read More →

Armis IoT Security Solution: Enhanced Log Ingestion and Data Collection Rule Integration

Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →

Threat Intelligence: Alert Severity Field Standardisation and Query Optimisation

Threat Intelligence solution updated with standardised severity field naming and query performance improvements in IP entity analytics. Read More →

SAP BTP Tools: Improved Connection Management and Subaccount Naming

SAP BTP connector tools updated with better subaccount handling, connection naming, and performance optimisations. Read More →

Infoblox NIOS Parsers: Enhanced Log Filtering Reduces Noise in DHCP Monitoring

Updated Infoblox NIOS parsers exclude additional administrative log categories to improve signal-to-noise ratio. Read More →

Intel471: Added Verity471 Platform Support for Enhanced Malware Intelligence

Intel471 solution now supports the new Verity471 backend alongside Titan for ingesting malware threat indicators. Read More →

Ermes Browser Security Connector — Enhanced Data Fidelity and Multi-Tenant Support

CCF connector update fixes timestamp extraction, adds configurable API endpoints, and expands log data collection for better event visibility. Read More →

Microsoft Entra ID Playbooks: API Permission Updates for Session Revocation

Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All. Read More →