<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Workbooks on sentinelchangelog.net</title><link>http://sentinelchangelog.net/tags/workbooks/</link><description>Recent content in Workbooks on sentinelchangelog.net</description><generator>Hugo -- 0.157.0</generator><language>en</language><lastBuildDate>Fri, 10 Jul 2026 09:21:28 +0000</lastBuildDate><atom:link href="http://sentinelchangelog.net/tags/workbooks/index.xml" rel="self" type="application/rss+xml"/><item><title>Okta SSO Detection Suite: Richer Alert Context, Configurable Thresholds, and Corrected Entity Mappings Across 9 Rules and 10 Hunting Queries</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</link><pubDate>Fri, 10 Jul 2026 09:21:28 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14498/</guid><description>Nine Analytic Rules and ten Hunting Queries for Okta SSO have been overhauled with configurable thresholds, allowlist variables, improved JSON parsing, and corrected entity mappings, closing fidelity gaps that degraded Sentinel entity behaviour and alert context.</description></item><item><title>New Netskope Alerts and Events Solution: DLP, Shadow IT, and Malware Threat Visibility via CCF Blob Storage Connector</title><link>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</link><pubDate>Fri, 10 Jul 2026 06:05:09 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-10-pr-14560/</guid><description>A new Microsoft Sentinel solution delivers full-stack Netskope Security Cloud visibility including DLP incidents, malware detections, policy enforcement, and Shadow IT via a CCF Blob Storage connector ingesting gzip-compressed positional CSV into a 254-column custom table.</description></item><item><title>Orca Security Alerts: New CCF Push Connector Replaces Deprecated Shared Key Auth with Microsoft Entra ID</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</link><pubDate>Fri, 03 Jul 2026 12:30:33 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14545/</guid><description>A new CCF Push connector for Orca Security Alerts replaces the legacy Log Analytics Shared Key ingestion path with Microsoft Entra ID app authentication via the Logs Ingestion API, eliminating the deprecated shared-key attack surface while retaining backward compatibility.</description></item><item><title>Wiz Connector Overhaul: Agentless DCR Push Integration Adds Detections Stream, Eliminates Function App Attack Surface</title><link>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</link><pubDate>Fri, 03 Jul 2026 09:26:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-03-pr-14491/</guid><description>Wiz v3.0.1 replaces the legacy Azure Function pull connector with a native DCR push integration, adding a new WizDetectionsV3_CL data stream and removing the need for customer-hosted infrastructure or shared workspace keys.</description></item><item><title>Abnormal Security Solution: Full Detection Coverage Added for CCF Push Connector (v3.1.0)</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</link><pubDate>Wed, 01 Jul 2026 07:53:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14419/</guid><description>The Abnormal Security solution now ships four scheduled Analytic Rules, four Hunting Queries, four parsers, a workbook, and a Playbook â closing a complete detection gap that existed since the CCF Push connector was introduced in v3.0.0 with no bundled detections.</description></item><item><title>WithSecure Elements Connector Migrated to CCF: Function App Infrastructure Eliminated</title><link>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</link><pubDate>Wed, 01 Jul 2026 06:14:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-07-01-pr-14256/</guid><description>A new CCF-based WithSecure Elements solution (v4.0.0) replaces the Azure Function connector, removing the Azure Function, Storage Account, and Key Vault dependency stack while the legacy Function App solution is deprecated in place with a transition buffer for existing deployments.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API with Managed Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</link><pubDate>Mon, 29 Jun 2026 13:21:35 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14558/</guid><description>The Fortinet FortiNDR Cloud Function App connector has been migrated from the deprecated HTTP Data Collector API (using client secret credentials) to the Log Ingestion API using Managed Identity - deployments running the previous version were heading toward a complete ingestion failure as the old API reaches end-of-life.</description></item><item><title>New Workbook: Hybrid Attack Kill-Chain Hunting Across Cloud and On-Prem Identity</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</link><pubDate>Mon, 29 Jun 2026 06:09:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14575/</guid><description>A new behavior-led hunting workbook registers in Microsoft Sentinel covering end-to-end hybrid identity attack scenarios across 7 MITRE ATT&amp;amp;CK phases, correlating signals from Entra ID, Azure, on-prem AD, and Defender XDR.</description></item><item><title>New Solution: Hybrid Attack Chain Hunting Across On-Premises, Cloud, and Kubernetes</title><link>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</link><pubDate>Mon, 29 Jun 2026 04:21:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-29-pr-14427/</guid><description>A new Microsoft Sentinel Solution ships 55+ multi-stage hunting queries designed to detect attacker pivots across on-premises identity, Azure control plane, Kubernetes, and Microsoft Entra ID &amp;ndash; covering full kill chains that individual, single-source detections routinely miss.</description></item><item><title>New Solution: Vaikora for O365 Brings CTASD-Powered Phishing Quarantine Telemetry into Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</link><pubDate>Thu, 25 Jun 2026 11:56:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14289/</guid><description>A brand-new Sentinel solution for Vaikora for O365 (by Data443) adds three Analytic Rules over the VaikoraO365_Quarantine_CL custom table &amp;ndash; covering high-confidence phishing/suspected quarantine events, abnormal quarantine volume spikes, and engine-offline detection &amp;ndash; plus an incident-response Playbook and a quarantine dashboard Workbook.</description></item><item><title>Cybersixgill Actionable Alerts: CCF Connector Added with Unified Parser Bridging Legacy and New Tables</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</link><pubDate>Thu, 25 Jun 2026 11:34:30 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14524/</guid><description>The Cybersixgill Actionable Alerts solution adds a new CCF-based data connector alongside a unified parser that abstracts both the legacy Azure Function table (CyberSixgill_Alerts_CL) and the new CCF table (CyberSixgillAlertsV2_CL), ensuring hunting queries and workbooks continue working regardless of which connector is deployed.</description></item><item><title>Netskope Web Transactions: 51-Field Schema Expansion Unlocks Threat Protection and Endpoint Posture Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</link><pubDate>Thu, 25 Jun 2026 09:31:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-25-pr-14492/</guid><description>The NetskopeWebTransactions_CL schema gains 51 new fields covering malware detections, endpoint posture, process activity, identity/authorization, and remote geo — all parser column references have also shifted from raw W3C names to DCR-normalised PascalCase, requiring query updates on any existing saved searches or Analytic Rules built against this parser.</description></item><item><title>Trend Micro Cloud App Security: CCF Connector Added with Dual-Schema Parser for Legacy and Modern Ingestion Paths</title><link>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</link><pubDate>Wed, 24 Jun 2026 05:24:24 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-24-pr-14388/</guid><description>A new CCF-based Data Connector (TrendMicroCASConnector) is added alongside the existing Azure Functions connector, with the TrendMicroCAS parser updated to union both ingestion paths so all existing detections, hunting queries, and workbooks continue to work without modification.</description></item><item><title>Fortinet FortiNDR Cloud Connector: Migration from Deprecated HTTP Data Collector API to Log Ingestion API</title><link>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</link><pubDate>Fri, 19 Jun 2026 09:00:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-19-pr-14295/</guid><description>The FortiNDR Cloud Function App connector has been fully rewritten to use the Azure Monitor Log Ingestion API, replacing the retired HTTP Data Collector API &amp;ndash; deployments still on v3.0.x have had zero ingestion since the legacy API was deprecated.</description></item><item><title>BloodHound Enterprise Workbooks: Parameter Query Failures Fixed with Explicit 30-Day Time Context</title><link>http://sentinelchangelog.net/posts/2026-06-17-pr-14470/</link><pubDate>Wed, 17 Jun 2026 05:37:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-17-pr-14470/</guid><description>All six BloodHound Enterprise workbooks had parameter dropdown queries silently failing due to missing time context; this fix adds an explicit 30-day timeContext (durationMs: 2592000000) to each parameter, restoring operator visibility into attack paths and posture data.</description></item><item><title>Darktrace CCF Migration: New ActiveAI Security Platform Connector Replaces Legacy REST API</title><link>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</link><pubDate>Mon, 15 Jun 2026 03:10:20 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-15-pr-13523/</guid><description>New CCF-based Darktrace connector with enhanced visibility across six data streams and modernized detection logic.</description></item><item><title>UniFi Site Manager: New CCF Solution Adds Network Infrastructure Monitoring and Attack Surface Coverage</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</link><pubDate>Fri, 12 Jun 2026 10:15:11 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14253/</guid><description>Community solution deploys 21 detections for UniFi network security posture, ISP performance degradation, and infrastructure defense evasion tactics.</description></item><item><title>Utimaco ESKM Integration: Enterprise Key Management Monitoring Arrives in Sentinel</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</link><pubDate>Fri, 12 Jun 2026 07:51:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14306/</guid><description>New solution enables Microsoft Sentinel monitoring of Utimaco Enterprise Secure Key Manager KMIP operations and authentication events.</description></item><item><title>Akamai Guardicore v3.1.0: Function App Eliminated, CCF Migration Simplifies Microsegmentation Monitoring</title><link>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</link><pubDate>Fri, 12 Jun 2026 07:01:44 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-12-pr-14225/</guid><description>Akamai Guardicore connector migrates from Azure Functions to Codeless Connector Framework, removing infrastructure overhead while preserving microsegmentation visibility.</description></item><item><title>AWS Security Hub Compliance Workbook Metadata Added to Content Registry</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14452/</link><pubDate>Wed, 10 Jun 2026 13:22:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14452/</guid><description>Workbook metadata entry added for AWS Security Hub compliance visualization — workbook content deployment follows separately.</description></item><item><title>Cisco ETD: Migration to Message Event Logs API with Enhanced Email Security Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14290/</link><pubDate>Wed, 10 Jun 2026 10:40:25 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14290/</guid><description>Labeled P0 — assess deployment or pipeline breakage risk explicitly. Complete connector overhaul migrates to new Message Event Logs REST API providing enhanced email visibility beyond convicted messages.</description></item><item><title>StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio</title><link>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</link><pubDate>Wed, 10 Jun 2026 10:24:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-10-pr-14259/</guid><description>Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration.</description></item><item><title>Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</link><pubDate>Fri, 05 Jun 2026 10:14:45 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14286/</guid><description>Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks.</description></item><item><title>Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</link><pubDate>Fri, 05 Jun 2026 05:39:27 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14275/</guid><description>Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities.</description></item><item><title>CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API</title><link>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</link><pubDate>Fri, 05 Jun 2026 05:38:19 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-05-pr-14181/</guid><description>CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security.</description></item><item><title>Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files</title><link>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</link><pubDate>Thu, 04 Jun 2026 10:47:14 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-04-pr-13449/</guid><description>Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting.</description></item><item><title>Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment</title><link>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</link><pubDate>Mon, 01 Jun 2026 04:39:34 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-06-01-pr-14245/</guid><description>Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.</description></item><item><title>42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</link><pubDate>Fri, 29 May 2026 16:38:05 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14210/</guid><description>Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss.</description></item><item><title>Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</link><pubDate>Fri, 29 May 2026 08:53:48 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-13905/</guid><description>Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details.</description></item><item><title>Workspace Usage Report Workbook: Version 1.6.5 Metadata Update</title><link>http://sentinelchangelog.net/posts/2026-05-29-pr-14353/</link><pubDate>Fri, 29 May 2026 08:07:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-29-pr-14353/</guid><description>Workspace Usage Report workbook bumped to v1.6.5 with updated description mentioning Microsoft Sentinel and Defender support.</description></item><item><title>AWS Security Hub Compliance Workbook: Comprehensive Security Posture Visualization Now Available</title><link>http://sentinelchangelog.net/posts/2026-05-28-pr-13870/</link><pubDate>Thu, 28 May 2026 12:40:08 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-28-pr-13870/</guid><description>New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management.</description></item><item><title>BitSight: Function App to CCF Migration Restores Third-Party Risk Visibility</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14356/</link><pubDate>Wed, 27 May 2026 19:04:26 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14356/</guid><description>Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion.</description></item><item><title>Cloudflare CCF Workbook: Fixed Field Mapping for New CCF Schema</title><link>http://sentinelchangelog.net/posts/2026-05-27-pr-14246/</link><pubDate>Wed, 27 May 2026 10:09:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-27-pr-14246/</guid><description>Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references.</description></item><item><title>AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings</title><link>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</link><pubDate>Mon, 18 May 2026 07:30:57 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-18-pr-14101/</guid><description>Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.</description></item><item><title>Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage</title><link>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</link><pubDate>Tue, 12 May 2026 09:22:23 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-12-pr-14126/</guid><description>Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces.</description></item><item><title>Zimperium MTD: New CCF Push Connector for Mobile Threat Telemetry</title><link>http://sentinelchangelog.net/posts/2026-05-08-pr-13947/</link><pubDate>Fri, 08 May 2026 06:14:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-08-pr-13947/</guid><description>Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline.</description></item><item><title>Workspace Usage Workbook: IsBillable Column Display Labels Corrected</title><link>http://sentinelchangelog.net/posts/2026-05-07-pr-14214/</link><pubDate>Thu, 07 May 2026 04:36:13 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-07-pr-14214/</guid><description>Fixed inverted display labels in WorkspaceUsage workbook where billing status showed opposite values.</description></item><item><title>GitHub Advanced Security Parser Migration: CLv2 Compatibility and Schema Updates</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-14209/</link><pubDate>Wed, 06 May 2026 09:39:18 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-14209/</guid><description>Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments.</description></item><item><title>Workspace Usage Report Workbook: Query Comparison False Positives Fixed</title><link>http://sentinelchangelog.net/posts/2026-05-06-pr-14114/</link><pubDate>Wed, 06 May 2026 08:17:50 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-06-pr-14114/</guid><description>Workbook no longer flags legitimate rule template and active rule pairs as having different query text due to whitespace sensitivity.</description></item><item><title>Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity</title><link>http://sentinelchangelog.net/posts/2026-05-05-pr-14107/</link><pubDate>Tue, 05 May 2026 09:58:40 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-05-05-pr-14107/</guid><description>Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring.</description></item><item><title>GreyNoise Threat Intelligence: Packaging Fixes and Security Improvements</title><link>http://sentinelchangelog.net/posts/2026-04-30-pr-14032/</link><pubDate>Thu, 30 Apr 2026 11:13:54 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-30-pr-14032/</guid><description>Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings.</description></item><item><title>Vaikora Solution: New AI Agent Governance Connector for Microsoft Sentinel</title><link>http://sentinelchangelog.net/posts/2026-04-27-pr-13983/</link><pubDate>Mon, 27 Apr 2026 06:25:41 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-27-pr-13983/</guid><description>New CCF connector ingests Vaikora AI agent behavioral signals with 3 detection rules for policy violations, anomalies, and high-risk actions.</description></item><item><title>SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync</title><link>http://sentinelchangelog.net/posts/2026-04-23-pr-13858/</link><pubDate>Thu, 23 Apr 2026 05:24:37 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-23-pr-13858/</guid><description>SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities.</description></item><item><title>Cyjax Threat Intelligence Platform: Complete Solution for IOC Ingestion and Investigation</title><link>http://sentinelchangelog.net/posts/2026-04-22-pr-13902/</link><pubDate>Wed, 22 Apr 2026 09:06:53 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-22-pr-13902/</guid><description>New comprehensive Microsoft Sentinel integration adds automated IOC collection, incident enrichment, and interactive threat intelligence dashboards for the Cyjax platform.</description></item><item><title>Censys Solution: New Related Infrastructure Playbook Enhances Threat Pivot Capabilities</title><link>http://sentinelchangelog.net/posts/2026-04-17-pr-13994/</link><pubDate>Fri, 17 Apr 2026 07:15:59 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-17-pr-13994/</guid><description>Censys solution adds playbook and workbook for automated infrastructure pivoting and pivot analysis visualization using the Pivot Analysis API.</description></item><item><title>Global Secure Access: Threat Intelligence Detection Restored After URL Regex Failure</title><link>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</link><pubDate>Thu, 16 Apr 2026 12:15:17 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-16-pr-14052/</guid><description>Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type.</description></item><item><title>Check Point Cyberint: Bi-Directional Alert Sync and Critical Data Ingestion Fix</title><link>http://sentinelchangelog.net/posts/2026-04-15-pr-13790/</link><pubDate>Wed, 15 Apr 2026 14:01:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-15-pr-13790/</guid><description>Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion.</description></item><item><title>Contrast ADR: CCF Connector Deployment Unlocks Application Attack Visibility</title><link>http://sentinelchangelog.net/posts/2026-04-15-pr-13954/</link><pubDate>Wed, 15 Apr 2026 04:58:02 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-15-pr-13954/</guid><description>Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring.</description></item><item><title>Azure Security Benchmark Workbook: Parameter Filtering Logic Fixed</title><link>http://sentinelchangelog.net/posts/2026-04-13-pr-14039/</link><pubDate>Mon, 13 Apr 2026 13:36:42 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-13-pr-14039/</guid><description>KQL queries in the Azure Security Benchmark workbook now properly filter by selected compliance domains.</description></item><item><title>Tanium CCF Data Connector: Enhanced Endpoint Visibility with DCR-Based Ingestion</title><link>http://sentinelchangelog.net/posts/2026-04-13-pr-13958/</link><pubDate>Mon, 13 Apr 2026 12:24:43 +0000</pubDate><guid>http://sentinelchangelog.net/posts/2026-04-13-pr-13958/</guid><description>New CCF push connector for Tanium enables endpoint compliance, threat response, and patch data ingestion via DCR streams.</description></item></channel></rss>