search
WebsiteTest DriveStatus

January 29, 2026

hashtag
Highlights

  • Added new classification and prioritization for research scanners, OAST testing, pretexting lures, and pirated software to better distinguish testing, noise, and real risk.

  • Improved investigation outcomes for internet research scanning, reconnaissance activity, and Microsoft Defender malware detections to reduce noise and increase decisiveness.

  • Expanded integration capabilities for Microsoft 365 / Defender, Sumo Logic, Panther, and CrowdStrike ThreatGraph.

  • Shortened investigation conclusion summaries and made tag explanations easier to copy and share in tickets and reports.

hashtag
New Features

hashtag
Research Scanner Classification

  • Improved handling of well-known internet research scanners, reducing noise from expected scanning activity.

hashtag
OAST Testing Handling

  • Improved handling of OAST (Out-of-Band Application Security Testing).

hashtag
Pretexting Lure Phishing Handling

  • Improved handling of pretext lure phishing attacks.

hashtag
Pirated Software Handling

  • Improved handling of pirated software alerts.

hashtag
Research Scanner Benign Conclusion Strategy

  • Added a new system strategy to improve handling of research scanners found in alerts.

hashtag
Improvements

hashtag
Outcome Summaries

  • Added length controls to investigation conclusion summaries so they remain concise and easier to scan while preserving key findings and recommendations.

hashtag
Reconnaissance & Enumeration Alerts

  • Refined outcome logic so reconnaissance and enumeration against sensitive infrastructure are more decisively classified when clearly malicious, reducing ambiguous results.

hashtag
Microsoft Defender Malware Investigations

  • Expanded investigation steps for Microsoft Defender malware detections to capture file origin, reputation, and prevalence more consistently, improving decision quality.

hashtag
Related Alert Analysis

  • Enriched related-alert hypotheses with additional conclusion and tagging context so related alerts are grouped and explained more clearly.

hashtag
Alert Classification

  • Improved classification of certain infrastructure alerts (including Fortinet administrator logins) so they are mapped more accurately to identity-focused attack surfaces.

hashtag
Investigation Reinvestigation Chains

  • Optimized how reinvestigation chains are calculated and stored, reducing query overhead today and enabling future filtering and reporting enhancements.

hashtag
Tag Explanations in the UI

  • Updated tag hover behavior so explanations now use a popover that supports text selection and copying, making it easier to include rationale in tickets and runbooks.

hashtag
Analysis Robustness

  • Improved robustness of structured JSON handling and time/metadata extraction used by the analysis engine, reducing rare parsing and extraction failures in investigations.

hashtag
Security & Reliability

  • Updated backend dependencies and container images to incorporate recent security patches and library fixes, improving overall platform security posture.

  • Adjusted internal health checks and container configuration to avoid false-positive health alerts and improve resilience during deployments.

hashtag
Bug Fixes

hashtag
CrowdStrike ThreatGraph

  • Fixed token refresh handling so missing permissions and configuration issues now surface as clear authorization errors instead of generic unauthorized responses.

hashtag
URL Sandbox

  • Resolved a browser navigation issue that could prevent analysis of some URLs behind proxies, improving analysis success rates for content hosted on major cloud providers.

hashtag
Integration Improvements

hashtag
Microsoft 365 & Defender

  • Added support for querying specific named and shared calendars when assessing user availability or travel status.

  • Improved endpoint enrichment so device investigations more reliably surface hostname and related context when pivoting from IP-only data.

  • Enhanced investigation flows for Microsoft Defender malware alerts to automatically gather richer file context (origin, reputation, and prevalence).

hashtag
Sumo Logic

  • Improved automatic query correction and retry behavior when Sumo Logic rejects generated searches, increasing reliability of log retrieval during investigations.

hashtag
Panther

  • Modernized the Panther query workflow by running table queries in parallel, adding per-table retries, and capturing empty and error responses as evidence for better transparency.

  • Refined Panther query generation logic to better handle complex questions and avoid generation issues seen in some environments.

PreviousJanuaryNextJanuary 22, 2026

Last updated

Was this helpful?