> For the complete documentation index, see [llms.txt](https://docs.dropzone.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.dropzone.ai/release-summary/2026/release-202601-summary.md). # January This summary covers all product updates released in January 2026, including the releases from: * January 8 – 14 * January 15 – 21 * January 22 – 28 * January 29 – February 4 Across these releases, we focused on improving investigation quality, reducing false positives, expanding integration coverage, enhancing APIs, and strengthening reliability and performance. *** ## Investigation Quality & Signal Clarity January releases significantly improved investigation decisiveness and noise reduction: * Expanded “normal activity” baselines for users, devices, IPs, and cloud environments. * Introduced multi-signal alert investigations that break large SIEM cases into focused sub-investigations with a single consolidated conclusion. * Added new insight tags such as **Invalid Credentials** and **Research Scanner**. * Improved classification for: * Research scanners and internet-wide scanning activity * OAST testing * Pretexting lure phishing * Pirated software alerts * Reconnaissance and enumeration activity * Enhanced Microsoft Defender malware investigations with richer file origin, reputation, and prevalence context. * Reduced false positives by better recognizing expected activity (authorized security tools, MSP admin behavior, service accounts, test environments). *** ## Integration Expansion & Enhancements January introduced new integrations and major improvements across existing ones: ### New & Expanded Integrations * Azure Monitor / Log Analytics * Vectra AI * Exabeam (Beta) * Expanded support across Microsoft 365, Defender, Sentinel, CrowdStrike, Sumo Logic, Datadog, Cato Networks, GreyNoise, ReversingLabs, and Custom Threat Intelligence. ### Integration Improvements * Parallelized and optimized SIEM queries (Microsoft Sentinel, Panther, Sumo Logic). * Improved large query summarization across Microsoft, Google SecOps, and Sumo Logic. * Enhanced enrichment handling when queries return partial or empty results. * Added severity-based filtering and exclusion controls for SentinelOne. * Expanded Advanced Hunting and table mappings in Microsoft Defender. * Improved retry logic, error handling, and performance for long-running or complex queries. *** ## APIs & Automation January included major API enhancements: * Added Customer APIs to: * Manage response actions (create, update, delete) * Configure investigation thresholds * Manage global company settings * Introduced Integration Management APIs to: * List, create, update, test, enable/disable, and delete integrations * Retrieve available integration types and schemas * Improved context and knowledge APIs with sorting capabilities. * Increased reliability of asynchronous indicator lookups and investigation workflows. *** ## User Experience & Workflow Improvements Several updates focused on usability and triage efficiency: * Launched a new investigation list view with swimlanes for faster prioritization. * Added an upgrade status page for visibility during maintenance windows. * Improved alert readability with automatic title shortening. * Shortened and refined investigation conclusion summaries. * Added copy-to-clipboard support for summaries and tag explanations. * Surfaced alert reinvestigation chains directly in the UI. * Enhanced the context library with improved filtering and investigation linking. *** ## Phishing, Identity & Email Enhancements * Improved phishing email parsing, including uncommon encodings. * Enhanced handling of legitimate SaaS platforms used in phishing campaigns. * Improved identity threat detection for suspicious logins from uncommon hosting providers. * Refined handling of invalid credential scenarios. * Improved email header parsing and URL extraction reliability. *** ## Security, Performance & Reliability January releases also strengthened core platform stability: * Improved performance for large, multi-table SIEM queries. * Enhanced error handling for long-running queries. * Hardened backend dependencies and container configurations. * Improved structured JSON parsing and metadata extraction robustness. * Enhanced UI and API behavior during upgrades and client-side errors. *** ## Overall Impact The January 2026 releases focused on: * Delivering more decisive, lower-noise investigations * Expanding integration depth and reliability * Increasing automation and API control * Improving analyst workflow efficiency * Strengthening platform performance and resilience Together, these updates continue to advance investigation quality at scale while reducing operational friction for security teams. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.dropzone.ai/release-summary/2026/release-202601-summary.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.