January 8

Highlights

• Added new Customer API endpoints for configuration and secret management.

• Improved insight tagging accuracy and speed.

• Expanded “normal activity” baselines for richer investigation context.

• Improved handling of large SIEM query summarization.

New Features

Customer APIs

• Added API endpoints to manage response actions:

  • Create

  • Update

  • Delete

• Added API endpoints to configure investigation thresholds and retrieve current threshold status.

• Added API endpoints to read and update global company configuration settings.

Customer action: Customers using automation can now manage these settings programmatically via API.

Improvements

Insight Tags

• Improved tagging speed and accuracy for investigation context.

Behavior Baselines

• Enhanced “normal activity” baselines for devices, users, and IPs using additional supported telemetry sources.

Sharing

• Added copy-to-clipboard buttons for alert and conclusion summaries.

Maintenance & Error Messaging

• Improved UI and API responses during upgrades and for client-side errors.

SIEM Query Summarization

• Improved performance for summarizing large, multi-table queries.

People Data Labs

• Improved “not found” handling so the UI clearly indicates when no external data is available.

Bug Fixes

Cato Networks

• Fixed enrichment issues in environments where IPv6 addresses are present.

Integration Improvements

SentinelOne

• Added severity-based filtering options to restrict ingested alerts.

• Expanded exclusion filtering consistency across incident types.

Customer action: If you rely on SentinelOne filters, review your configuration to take advantage of the new options.

Datadog

• Expanded “normal activity” context to include additional GitHub activity signals.

Cato Networks

• Expanded enrichment and query support to improve investigation context.

Sumo Logic

• Added support for querying customer-defined views and VPN logs to improve baseline and investigation context.