Rapid7 InsightVM Data Connector: Azure Functions Extension Bundle Upgrade to 4.x
Rapid7 InsightVM Function App connector updated to use latest 4.x Azure Functions extension bundles from deprecated 3.x version. Read More →
Rapid7 InsightVM Function App connector updated to use latest 4.x Azure Functions extension bundles from deprecated 3.x version. Read More →
Snowflake detection rule now filters out events lacking QueryExecutionStatus to prevent false alerts from data loading operations. Read More →
Four OAuth-based data connectors now support dynamic redirect URIs, eliminating manual Azure portal configuration requirements. Read More →
OpenSSH authentication parser now correctly extracts source IP addresses from “Invalid user” events regardless of port format. Read More →
GitHub Enterprise audit log connector and 11 accompanying detection rules promoted from Preview to GA status. Read More →
Linux su parser significantly enhanced to capture failed su attempts, correct event classification from Elevation to Logon, and improve field mappings for comprehensive privilege escalation monitoring. Read More →
Palo Alto Cortex Data Lake authentication parser enhanced with schema compliance improvements, performance optimizations, and corrected field mappings for better data fidelity. Read More →
Microsoft 365 Defender authentication parser improved ASIM compliance by removing unnormalized columns and relocating process/hash metadata to AdditionalFields structure. Read More →
Updated outdated links and corrected MITRE ATT&CK technique mapping in detection rules across Microsoft Business Applications, Microsoft Defender XDR, and Windows Security Events solutions. Read More →
SSH authentication parser now accurately identifies logon methods (password, PKI, PAM) and adds improved field mappings for better authentication visibility. Read More →
Azure NTANetAnalytics parser now correctly maps source and destination IP addresses from PublicIPs fields when primary IP fields are empty, closing a data fidelity blind spot. Read More →
New threat detection coverage for SAP BTP Cloud Integration tampering, identity service compromise, and audit service availability. Read More →
AWS S3 Server Access Logs CloudFormation template receives critical security update restricting SQS queue principal from wildcard to S3 service only. Read More →
Major enhancement to Armis data connectors implementing Azure Monitor Logs Ingestion API with DCR support for improved data fidelity and performance. Read More →
Threat Intelligence solution updated with standardised severity field naming and query performance improvements in IP entity analytics. Read More →
SAP BTP connector tools updated with better subaccount handling, connection naming, and performance optimisations. Read More →
Updated Infoblox NIOS parsers exclude additional administrative log categories to improve signal-to-noise ratio. Read More →
Intel471 solution now supports the new Verity471 backend alongside Titan for ingesting malware threat indicators. Read More →
CCF connector update fixes timestamp extraction, adds configurable API endpoints, and expands log data collection for better event visibility. Read More →
Updates Revoke-AADSignInSessions playbook documentation to use correct User.RevokeSessions.All permissions instead of broader User.ReadWrite.All. Read More →