Yes, I still use BI. Here is an incomplete change log (too large)

1. New Events For 3.6.coh

IssueID SecChkID ProductCheckName Event Type Risk Level
------- -------- -------------------------------------- --------------------------- ----------
2121024 19202 RealMedia_Integer_Overflow Unauthorized Access Attempt High
2119004 19963 SOAP_Envelope_Too_Large Denial of Service Low
3113025 20440 ICQ_File_Transfer Suspicious Activity Low
2119013 20495 XML_EntityRef_DoS Denial of Service Low
2119012 20499 XML_Document_Too_Large Denial of Service Low
2118033 20556 HTTP_Auth_ContainsBinary Suspicious Activity Low
2119014 20563 XML_EntityDecl_DoS Denial of Service Medium
2119003 20577 XML_Name_Overflow Suspicious Activity Low
2120071 20635 TCP_Timestamp_DoS Denial of Service Low
3118035 20734 Scada_Modbus_ForceListenOnly Denial of Service High
3118040 20735 Scada_Modbus_ReportSlaveID Suspicious Activity High
2118036 20736 Scada_Modbus_TooLarge Suspicious Activity Medium
3118042 20737 Scada_Modbus_AckExceptionDelay Denial of Service High
2118041 20738 Scada_Modbus_IncorrectLength Denial of Service Medium
3118038 20739 Scada_Modbus_RestartCommunications Denial of Service High
3118037 20741 Scada_Modbus_ClearRegisters Suspicious Activity High
3118039 20742 Scada_Modbus_ReadDeviceID Suspicious Activity High
3118043 20743 Scada_Modbus_SlaveBusyDelay Denial of Service High
2121025 20829 CBO_User_Overflow Unauthorized Access Attempt High
2106193 20830 NNTP_List_Response_Overflow Unauthorized Access Attempt High
2116017 20842 HTTP_Proxy_Cache_Poisoning Unauthorized Access Attempt High
2103035 20909 PE_Overlapping_Header Suspicious Activity Medium


2. Security Content Updates in 3.6.coh
---------------------------------------------------------------
- A false negative was removed from the MSN Messenger parser.
- A false positive was removed from the SNMP parser.
- A false positive was removed from the HTTP parser.
- A false positive was removed with regards to TCP timestamps.
- A false positive was removed from HTTP_Cisco_IOS_Admin_Access.
- A false positive was removed from HTTP_SGI_Handler.
- The Content_Incorrect_Extension signature now associates with .cdr and .mst extensions, and allows any extension for pkzip content.
- Support was added to ASN1_Constr_BitStr_Heap_Corruption for the LDAP, SSL/TLS, Kerberos and ISAKMP protocols.