Cisco ETD: Migration to Message Event Logs API with Enhanced Email Security Visibility

Labeled P0 — assess deployment or pipeline breakage risk explicitly. Complete connector overhaul migrates to new Message Event Logs REST API providing enhanced email visibility beyond convicted messages. Read More →

StealthTalk: New Enterprise Authentication Monitoring Solution with MITRE-Mapped Detection Portfolio

Complete StealthTalk Enterprise solution delivers four analytic rules targeting credential attacks (T1078, T1110, T1098) plus ASIM Authentication parsers and Teams integration. Read More →

Lookout Connector: Critical Data Loss Fix for Mobile Threat Event Identifiers

Lookout Mobile Risk API v2 connector was silently dropping unique event identifiers (oid field), breaking all downstream correlation in detections and workbooks. Read More →

Corelight: Dashboard Restructure and New Asset Classification Tab for Enhanced Network Visibility

Corelight solution restructured workbooks and added asset classification functionality to improve network asset discovery and security monitoring capabilities. Read More →

CyberArk EPM: Migration to DCR and OAuth Authentication Replaces Deprecated Log Analytics API

CyberArk EPM connector updated to use DCR ingestion and OAuth authentication, addressing deprecation of Log Analytics API and improving security. Read More →

Filewall for Microsoft 365: New Solution Adds Data Exfiltration Detection for Exchange and Files

Complete CCF-based solution delivers real-time monitoring of blocked emails and files across Microsoft 365 services with immediate threat alerting. Read More →

Slack Audit Solution: Enhanced Detection Logic and Alert Enrichment

Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring. Read More →

42Crunch API Protection: Critical Migration from Legacy HTTP Collector to CCF Push Connector

Migration addresses deprecated HTTP Data Collector API by implementing CCF OAuth2/Entra ID ingestion — deployments on legacy connector face imminent data loss. Read More →

Azure Security Benchmark Solution: Enhanced Detection Logic and Incident Enrichment (v3.0.5)

Azure Security Benchmark solution updated to v3.0.5 with improved compliance monitoring logic, proper data connector declarations, and enhanced incident alert details. Read More →

Workspace Usage Report Workbook: Version 1.6.5 Metadata Update

Workspace Usage Report workbook bumped to v1.6.5 with updated description mentioning Microsoft Sentinel and Defender support. Read More →

AWS Security Hub Compliance Workbook: Comprehensive Security Posture Visualization Now Available

New AWS Security Hub compliance workbook provides executive dashboards and operational analytics for security findings, compliance tracking, and multi-account posture management. Read More →

BitSight: Function App to CCF Migration Restores Third-Party Risk Visibility

Legacy Function App connector replaced with two CCF connectors for independent security statistics and events ingestion. Read More →

Cloudflare CCF Workbook: Fixed Field Mapping for New CCF Schema

Corrected workbook queries to use normalized ASIM fields from Cloudflare CCF connector, resolving visualization errors from legacy field references. Read More →

AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappings

Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName. Read More →

Flare Solution 3.1.0: Enhanced Threat Intelligence Detection Coverage

Flare Solution updates detection logic and adds three new Analytic Rules for improved threat exposure monitoring across chat platforms, lookalike domains, and underground marketplaces. Read More →

Zimperium MTD: New CCF Push Connector for Mobile Threat Telemetry

Zimperium Mobile Threat Defense migrates to CCF-based push connector, replacing deprecated Azure Function ingestion before June 2026 deadline. Read More →

Workspace Usage Workbook: IsBillable Column Display Labels Corrected

Fixed inverted display labels in WorkspaceUsage workbook where billing status showed opposite values. Read More →

GitHub Advanced Security Parser Migration: CLv2 Compatibility and Schema Updates

Critical fix migrates GitHub parsers and workbooks to support CLv2 ingestion table and updated GitHub alert event schemas, ensuring compatibility across V1 and V2 deployments. Read More →

Workspace Usage Report Workbook: Query Comparison False Positives Fixed

Workbook no longer flags legitimate rule template and active rule pairs as having different query text due to whitespace sensitivity. Read More →

Claroty: Enhanced IoT/OT Detection with Improved Alert Fidelity

Updated 9 analytic rules and 10 hunting queries with strengthened entity mapping, alert details, and MITRE coverage for OT/IoT network monitoring. Read More →