# January This summary covers all product updates released in January 2026, including the releases from: * January 8 – 14 * January 15 – 21 * January 22 – 28 * January 29 – February 4 Across these releases, we focused on improving investigation quality, reducing false positives, expanding integration coverage, enhancing APIs, and strengthening reliability and performance. *** ## Investigation Quality & Signal Clarity January releases significantly improved investigation decisiveness and noise reduction: * Expanded “normal activity” baselines for users, devices, IPs, and cloud environments. * Introduced multi-signal alert investigations that break large SIEM cases into focused sub-investigations with a single consolidated conclusion. * Added new insight tags such as **Invalid Credentials** and **Research Scanner**. * Improved classification for: * Research scanners and internet-wide scanning activity * OAST testing * Pretexting lure phishing * Pirated software alerts * Reconnaissance and enumeration activity * Enhanced Microsoft Defender malware investigations with richer file origin, reputation, and prevalence context. * Reduced false positives by better recognizing expected activity (authorized security tools, MSP admin behavior, service accounts, test environments). *** ## Integration Expansion & Enhancements January introduced new integrations and major improvements across existing ones: ### New & Expanded Integrations * Azure Monitor / Log Analytics * Vectra AI * Exabeam (Beta) * Expanded support across Microsoft 365, Defender, Sentinel, CrowdStrike, Sumo Logic, Datadog, Cato Networks, GreyNoise, ReversingLabs, and Custom Threat Intelligence. ### Integration Improvements * Parallelized and optimized SIEM queries (Microsoft Sentinel, Panther, Sumo Logic). * Improved large query summarization across Microsoft, Google SecOps, and Sumo Logic. * Enhanced enrichment handling when queries return partial or empty results. * Added severity-based filtering and exclusion controls for SentinelOne. * Expanded Advanced Hunting and table mappings in Microsoft Defender. * Improved retry logic, error handling, and performance for long-running or complex queries. *** ## APIs & Automation January included major API enhancements: * Added Customer APIs to: * Manage response actions (create, update, delete) * Configure investigation thresholds * Manage global company settings * Introduced Integration Management APIs to: * List, create, update, test, enable/disable, and delete integrations * Retrieve available integration types and schemas * Improved context and knowledge APIs with sorting capabilities. * Increased reliability of asynchronous indicator lookups and investigation workflows. *** ## User Experience & Workflow Improvements Several updates focused on usability and triage efficiency: * Launched a new investigation list view with swimlanes for faster prioritization. * Added an upgrade status page for visibility during maintenance windows. * Improved alert readability with automatic title shortening. * Shortened and refined investigation conclusion summaries. * Added copy-to-clipboard support for summaries and tag explanations. * Surfaced alert reinvestigation chains directly in the UI. * Enhanced the context library with improved filtering and investigation linking. *** ## Phishing, Identity & Email Enhancements * Improved phishing email parsing, including uncommon encodings. * Enhanced handling of legitimate SaaS platforms used in phishing campaigns. * Improved identity threat detection for suspicious logins from uncommon hosting providers. * Refined handling of invalid credential scenarios. * Improved email header parsing and URL extraction reliability. *** ## Security, Performance & Reliability January releases also strengthened core platform stability: * Improved performance for large, multi-table SIEM queries. * Enhanced error handling for long-running queries. * Hardened backend dependencies and container configurations. * Improved structured JSON parsing and metadata extraction robustness. * Enhanced UI and API behavior during upgrades and client-side errors. *** ## Overall Impact The January 2026 releases focused on: * Delivering more decisive, lower-noise investigations * Expanding integration depth and reliability * Increasing automation and API control * Improving analyst workflow efficiency * Strengthening platform performance and resilience Together, these updates continue to advance investigation quality at scale while reducing operational friction for security teams.