# January 8, 2026 ## Highlights * Added new Customer API endpoints for configuration and secret management. * Improved insight tagging accuracy and speed. * Expanded “normal activity” baselines for richer investigation context. * Improved handling of large SIEM query summarization. ## New Features ### Customer APIs * Added API endpoints to manage response actions: * Create * Update * Delete * Added API endpoints to configure investigation thresholds and retrieve current threshold status. * Added API endpoints to read and update global company configuration settings. **Customer action:**\ Customers using automation can now manage these settings programmatically via API. ## Improvements ### Insight Tags * Improved tagging speed and accuracy for investigation context. ### Behavior Baselines * Enhanced “normal activity” baselines for devices, users, and IPs using additional supported telemetry sources. ### Sharing * Added copy-to-clipboard buttons for alert and conclusion summaries. ### Maintenance & Error Messaging * Improved UI and API responses during upgrades and for client-side errors. ### SIEM Query Summarization * Improved performance for summarizing large, multi-table queries. ### People Data Labs * Improved “not found” handling so the UI clearly indicates when no external data is available. ## Bug Fixes ### Cato Networks * Fixed enrichment issues in environments where IPv6 addresses are present. ## Integration Improvements ### SentinelOne * Added severity-based filtering options to restrict ingested alerts. * Expanded exclusion filtering consistency across incident types. **Customer action:**\ If you rely on SentinelOne filters, review your configuration to take advantage of the new options. ### Datadog * Expanded “normal activity” context to include additional GitHub activity signals. ### Cato Networks * Expanded enrichment and query support to improve investigation context. ### Sumo Logic * Added support for querying customer-defined views and VPN logs to improve baseline and investigation context.