search
WebsiteTest DriveStatus

January 22, 2026

hashtag
Highlights

  • Added support for multi-signal alert investigations, breaking large SIEM cases into focused sub-investigations with a single consolidated conclusion.

  • Expanded integrations with Azure Monitor / Log Analytics (new) and Vectra AI (new), plus major enhancements across Microsoft, SentinelOne, CrowdStrike, and more.

hashtag
New Features

hashtag
Multi-Signal Alert Investigations

  • Added support for investigating multi-signal alerts by automatically breaking large SIEM cases into focused sub-investigations and generating a single consolidated conclusion.

hashtag
Alert Reinvestigation Chains

  • Alert reinvestigation chains are now surfaced in the UI so you can see how an alert has evolved across multiple alert versions and investigations.

hashtag
New Insight Tags

  • Added an Invalid Credentials insight tag to highlight investigations where authentication attempts fail across all observed attempts.

Customer action: Review and update your System Events / workflow rules (if applicable) to automatically de-prioritize these investigations when appropriate.

  • Added a Research Scanner insight tag that recognizes known internet-wide research scanners and can automatically treat related activity as benign when it meets defined criteria.

hashtag
Integrations

hashtag
Azure Monitor / Log Analytics

hashtag
Vectra AI

hashtag
Improvements

  • Reduced false positives across investigations by better recognizing expected activity (service accounts, test environments, MSP admin behavior, authorized security tools).

  • Improved identity threat detection for suspicious login attempts from uncommon hosting providers.

  • Improved Microsoft 365 file activity investigations using richer Microsoft Graph and audit telemetry where available.

  • Improved summarization for large query results across Microsoft Defender, Microsoft Sentinel, Google SecOps, and Sumo Logic.

  • Enhanced the context library with improved filtering and better links back to investigations.

  • Improved platform reliability and performance during upgrades, long-running investigations, and large query workloads.

hashtag
Integration Improvements

hashtag
SentinelOne

  • Added severity-based filtering options to restrict ingested alerts.

hashtag
Microsoft Graph

  • Expanded Microsoft 365 audit and enrichment coverage for investigation context.

hashtag
Microsoft Defender

  • Updated table mappings and expanded Advanced Hunting query coverage, including additional cloud activity scenarios.

hashtag
Microsoft Sentinel

  • Improved performance with parallelized table queries.

  • Improved summarization of large query results.

  • Enhanced error handling for long-running queries.

hashtag
Azure

  • Added automatic discovery of Log Analytics workspaces and table schemas to support richer queries.

hashtag
Sumo Logic

  • Improved Windows event and email security querying.

  • Enhanced evidence handling when queries return no results.

  • Improved retry behavior for more consistent query results.

hashtag
CrowdStrike

  • Added configurable case-name filtering for CrowdStrike Next-Gen SIEM cases.

hashtag
Cato Networks

  • Improved evidence handling when no data is returned.

hashtag
Okta

  • Improved user enrichment so it works even when only a username (not a full email address) is available.

hashtag
GreyNoise

  • Improved identification of scanner-related activity to support scanner-aware insights.

hashtag
ReversingLabs

  • Added stricter domain validation to prevent malformed lookups.

hashtag
Custom Threat Intelligence

  • Improved indicator lookup reliability for asynchronous investigations.

PreviousJanuary 29, 2026NextJanuary 15, 2026

Last updated

Was this helpful?