January
This summary covers all product updates released in January 2026, including the releases from:
January 8 – 14
January 15 – 21
January 22 – 28
January 29 – February 4
Across these releases, we focused on improving investigation quality, reducing false positives, expanding integration coverage, enhancing APIs, and strengthening reliability and performance.
Investigation Quality & Signal Clarity
January releases significantly improved investigation decisiveness and noise reduction:
Expanded “normal activity” baselines for users, devices, IPs, and cloud environments.
Introduced multi-signal alert investigations that break large SIEM cases into focused sub-investigations with a single consolidated conclusion.
Added new insight tags such as Invalid Credentials and Research Scanner.
Improved classification for:
Research scanners and internet-wide scanning activity
OAST testing
Pretexting lure phishing
Pirated software alerts
Reconnaissance and enumeration activity
Enhanced Microsoft Defender malware investigations with richer file origin, reputation, and prevalence context.
Reduced false positives by better recognizing expected activity (authorized security tools, MSP admin behavior, service accounts, test environments).
Integration Expansion & Enhancements
January introduced new integrations and major improvements across existing ones:
New & Expanded Integrations
Azure Monitor / Log Analytics
Vectra AI
Exabeam (Beta)
Expanded support across Microsoft 365, Defender, Sentinel, CrowdStrike, Sumo Logic, Datadog, Cato Networks, GreyNoise, ReversingLabs, and Custom Threat Intelligence.
Integration Improvements
Parallelized and optimized SIEM queries (Microsoft Sentinel, Panther, Sumo Logic).
Improved large query summarization across Microsoft, Google SecOps, and Sumo Logic.
Enhanced enrichment handling when queries return partial or empty results.
Added severity-based filtering and exclusion controls for SentinelOne.
Expanded Advanced Hunting and table mappings in Microsoft Defender.
Improved retry logic, error handling, and performance for long-running or complex queries.
APIs & Automation
January included major API enhancements:
Added Customer APIs to:
Manage response actions (create, update, delete)
Configure investigation thresholds
Manage global company settings
Introduced Integration Management APIs to:
List, create, update, test, enable/disable, and delete integrations
Retrieve available integration types and schemas
Improved context and knowledge APIs with sorting capabilities.
Increased reliability of asynchronous indicator lookups and investigation workflows.
User Experience & Workflow Improvements
Several updates focused on usability and triage efficiency:
Launched a new investigation list view with swimlanes for faster prioritization.
Added an upgrade status page for visibility during maintenance windows.
Improved alert readability with automatic title shortening.
Shortened and refined investigation conclusion summaries.
Added copy-to-clipboard support for summaries and tag explanations.
Surfaced alert reinvestigation chains directly in the UI.
Enhanced the context library with improved filtering and investigation linking.
Phishing, Identity & Email Enhancements
Improved phishing email parsing, including uncommon encodings.
Enhanced handling of legitimate SaaS platforms used in phishing campaigns.
Improved identity threat detection for suspicious logins from uncommon hosting providers.
Refined handling of invalid credential scenarios.
Improved email header parsing and URL extraction reliability.
Security, Performance & Reliability
January releases also strengthened core platform stability:
Improved performance for large, multi-table SIEM queries.
Enhanced error handling for long-running queries.
Hardened backend dependencies and container configurations.
Improved structured JSON parsing and metadata extraction robustness.
Enhanced UI and API behavior during upgrades and client-side errors.
Overall Impact
The January 2026 releases focused on:
Delivering more decisive, lower-noise investigations
Expanding integration depth and reliability
Increasing automation and API control
Improving analyst workflow efficiency
Strengthening platform performance and resilience
Together, these updates continue to advance investigation quality at scale while reducing operational friction for security teams.
Last updated
Was this helpful?