# January 29, 2026 ## Highlights * Added new classification and prioritization for research scanners, OAST testing, pretexting lures, and pirated software to better distinguish testing, noise, and real risk. * Improved investigation outcomes for internet research scanning, reconnaissance activity, and Microsoft Defender malware detections to reduce noise and increase decisiveness. * Expanded integration capabilities for Microsoft 365 / Defender, Sumo Logic, Panther, and CrowdStrike ThreatGraph. * Shortened investigation conclusion summaries and made tag explanations easier to copy and share in tickets and reports. *** ## New Features ### Research Scanner Classification * Improved handling of well-known internet research scanners, reducing noise from expected scanning activity. ### OAST Testing Handling * Improved handling of OAST (Out-of-Band Application Security Testing). ### Pretexting Lure Phishing Handling * Improved handling of pretext lure phishing attacks. ### Pirated Software Handling * Improved handling of pirated software alerts. ### Research Scanner Benign Conclusion Strategy * Added a new system strategy to improve handling of research scanners found in alerts. *** ## Improvements ### Outcome Summaries * Added length controls to investigation conclusion summaries so they remain concise and easier to scan while preserving key findings and recommendations. ### Reconnaissance & Enumeration Alerts * Refined outcome logic so reconnaissance and enumeration against sensitive infrastructure are more decisively classified when clearly malicious, reducing ambiguous results. ### Microsoft Defender Malware Investigations * Expanded investigation steps for Microsoft Defender malware detections to capture file origin, reputation, and prevalence more consistently, improving decision quality. ### Related Alert Analysis * Enriched related-alert hypotheses with additional conclusion and tagging context so related alerts are grouped and explained more clearly. ### Alert Classification * Improved classification of certain infrastructure alerts (including Fortinet administrator logins) so they are mapped more accurately to identity-focused attack surfaces. ### Investigation Reinvestigation Chains * Optimized how reinvestigation chains are calculated and stored, reducing query overhead today and enabling future filtering and reporting enhancements. ### Tag Explanations in the UI * Updated tag hover behavior so explanations now use a popover that supports text selection and copying, making it easier to include rationale in tickets and runbooks. ### Analysis Robustness * Improved robustness of structured JSON handling and time/metadata extraction used by the analysis engine, reducing rare parsing and extraction failures in investigations. *** ## Security & Reliability * Updated backend dependencies and container images to incorporate recent security patches and library fixes, improving overall platform security posture. * Adjusted internal health checks and container configuration to avoid false-positive health alerts and improve resilience during deployments. *** ## Bug Fixes ### CrowdStrike ThreatGraph * Fixed token refresh handling so missing permissions and configuration issues now surface as clear authorization errors instead of generic unauthorized responses. ### URL Sandbox * Resolved a browser navigation issue that could prevent analysis of some URLs behind proxies, improving analysis success rates for content hosted on major cloud providers. *** ## Integration Improvements ### Microsoft 365 & Defender * Added support for querying specific named and shared calendars when assessing user availability or travel status. * Improved endpoint enrichment so device investigations more reliably surface hostname and related context when pivoting from IP-only data. * Enhanced investigation flows for Microsoft Defender malware alerts to automatically gather richer file context (origin, reputation, and prevalence). ### Sumo Logic * Improved automatic query correction and retry behavior when Sumo Logic rejects generated searches, increasing reliability of log retrieval during investigations. ### Panther * Modernized the Panther query workflow by running table queries in parallel, adding per-table retries, and capturing empty and error responses as evidence for better transparency. * Refined Panther query generation logic to better handle complex questions and avoid generation issues seen in some environments.