GreyNoise Threat Intelligence: Packaging Fixes and Security Improvements

Fixed Function App deployment packaging errors and improved security by converting ARM template secrets to secure strings. Read More →

Vaikora Solution: New AI Agent Governance Connector for Microsoft Sentinel

New CCF connector ingests Vaikora AI agent behavioral signals with 3 detection rules for policy violations, anomalies, and high-risk actions. Read More →

SOCRadar XTI Platform: New Extended Threat Intelligence Solution Launches with Bidirectional Sync

SOCRadar XTI Platform solution now available in Content Hub with automated alarm import, incident sync, and comprehensive threat intelligence monitoring capabilities. Read More →

Cyjax Threat Intelligence Platform: Complete Solution for IOC Ingestion and Investigation

New comprehensive Microsoft Sentinel integration adds automated IOC collection, incident enrichment, and interactive threat intelligence dashboards for the Cyjax platform. Read More →

Censys Solution: New Related Infrastructure Playbook Enhances Threat Pivot Capabilities

Censys solution adds playbook and workbook for automated infrastructure pivoting and pivot analysis visualization using the Pivot Analysis API. Read More →

Global Secure Access: Threat Intelligence Detection Restored After URL Regex Failure

Fixed broken URL threat intelligence detection and expanded workbook coverage for new Entra traffic type. Read More →

Check Point Cyberint: Bi-Directional Alert Sync and Critical Data Ingestion Fix

Adds comprehensive bi-directional sync playbooks and fixes critical ref_id column type bug that caused silent data loss in alert ingestion. Read More →

Contrast ADR: CCF Connector Deployment Unlocks Application Attack Visibility

Contrast ADR adds CCF ingestion support with standardized table schemas for production-ready Application Detection and Response monitoring. Read More →

Azure Security Benchmark Workbook: Parameter Filtering Logic Fixed

KQL queries in the Azure Security Benchmark workbook now properly filter by selected compliance domains. Read More →

Tanium CCF Data Connector: Enhanced Endpoint Visibility with DCR-Based Ingestion

New CCF push connector for Tanium enables endpoint compliance, threat response, and patch data ingestion via DCR streams. Read More →

Microsoft Entra ID: Account Creation/Deletion Detection Enhanced Against Timing Evasion

Critical improvements to AccountCreatedandDeletedinShortTimeframe rule extend detection window to 7 days and use immutable UserID correlation to prevent timing-based evasion techniques. Read More →

Azure Security Benchmark: Updated Labels to Microsoft Cloud Security Benchmark

Replaced “Azure Security Benchmark” references with “Microsoft cloud security benchmark” across workbook labels and KQL queries. Read More →

ExtraHop RevealX: Azure Monitor Logs Ingestion API Replaces Legacy HTTP Data Collector

Added Log Ingestion API support with OAuth 2.0 authentication — modernizes data ingestion from legacy HTTP Data Collector API. Read More →

Citrix Analytics: New CCF Push Connector Enables Security Analytics Visibility

New Citrix Analytics CCF solution provides push-based ingestion for SPA and CVAD security events via Azure Monitor Logs Ingestion API. Read More →

Netskope Secure Web Gateway Solution: New Detection Coverage for Cloud Application Visibility

New Netskope solution adds 10 detections for web transaction monitoring including impossible travel, excessive downloads, shadow IT detection, and data exfiltration patterns. Read More →

Corelight: Enhanced Data Fidelity for Network Aggregation Events

Fixes field mapping inconsistencies in Corelight aggregation parsers that caused data loss and adds aggregation filtering to the Data Explorer workbook. Read More →

Microsoft Security Copilot: Six New Detections for AI Assistant Abuse

New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors. Read More →

New Attack Surface Management Solution: blacklens.io Brings External Threat Visibility to Microsoft Sentinel

blacklens.io Attack Surface Management platform now available in Content Hub with webhook-based alert ingestion and automated incident creation. Read More →

Cisco Firepower Workbook: Fixed DeviceProduct Filter Restores Dashboard Functionality

Cisco Firepower workbook queries updated from incorrect ‘Firepower’ to ‘FTD’ filter, fixing non-functional dashboard charts. Read More →

New Censys Solution: Attack Surface Intelligence and Entity Enrichment

Adds comprehensive playbook automation for Censys threat intelligence enrichment, providing IP/domain/certificate context during incident investigation. Read More →