# February This summary covers all product updates released in February 2026, including the releases from: * February 5 – 11 * February 12 – 18 * February 19 – 25 * February 26 – March 4 Across these releases, we focused on improving investigation accuracy and context, expanding threat intelligence capabilities, enhancing integrations at scale, and introducing new analyst-facing workflows and intelligence surfaces. *** ## Investigation Quality & Signal Clarity February releases continued to drive more decisive investigations with reduced noise: * Expanded classification logic across: * Identity, VPN, and authentication activity * Endpoint tooling and management agents * Firewall admin changes and SSH activity * Cloud analytics, BI usage, and SaaS access * Email threats including phishing, HTML smuggling, and double-extension attachments * Improved differentiation between: * Legitimate cloud and infrastructure activity vs suspicious behavior * Research scanners vs real external reconnaissance * Command-and-control traffic vs benign outbound connections * Enhanced Microsoft Defender investigations with: * File origin, reputation, and prevalence context * Registry-aware malware analysis * Improved reinvestigation workflows for updated alerts * Introduced **blast radius analysis (Beta)** to identify impacted users, hosts, and assets for email incidents. * Improved investigation summaries: * Shorter, clearer, and more actionable * Better grounded in verifiable evidence (e.g., email address vs display name) *** ## Threat Intelligence & Enrichment February introduced major advancements in threat intelligence capabilities: * Launched a new **Threat Intel workspace**: * Browse and manage intelligence collections * Support for Dropzone-provided and customer-provided indicators * Added **Dropzone-native threat intelligence**: * File hash reputation * Common file behaviors * Parent/child process relationships * Frequency insights * Added **ANY.RUN** integration for sandbox-based enrichment (file, URL, domain, IP). * Improved enrichment reliability and depth: * Combined multiple sources (e.g., AbuseIPDB + hosting provider context) * Better handling of malformed or partial responses * More consistent IP, file, and domain reputation analysis *** ## Integration Expansion & Scalability February significantly expanded integration coverage and performance: ### New & Expanded Integrations * ANY.RUN * Wiz Threat (webhook ingestion) * Continued expansion of: * Microsoft 365 / Defender / Sentinel * Splunk and Splunk ES * Palo Alto Cortex XDR / XSIAM * Exabeam (Beta) * QRadar * Okta * Google Workspace * Panther * Elasticsearch * CrowdStrike *** ### Integration Improvements * Improved query generation, validation, and execution across SIEMs: * Parallel queries and better dataset selection * Reduced timeouts and retries * More resilient handling of partial or empty results * Enhanced enrichment coverage: * Device, user, and identity context * File, registry, and process relationships * Cloud and SaaS activity * Added new filtering and ingestion controls: * Detection-source filters (Microsoft) * Severity and tag-based filtering (SentinelOne, Cortex, Splunk ES) * Improved performance and scalability: * Reduced query volume (e.g., Splunk wildcard grouping) * Better handling of large datasets and long-running queries * Graceful handling of API limits and quota exhaustion *** ## User Experience & Investigation Workflows February introduced several new analyst-facing capabilities: * Added **detection objective summaries** to explain alert intent in plain language. * Introduced **blast radius summaries (Beta)** for quick impact assessment. * Added **outcome comparison dashboards (Beta)** to track investigation accuracy vs analyst feedback. * Released early **Threat Hunter catalog and reporting (Beta)**. * Improved investigation workflows: * Enhanced investigation list with better defaults and navigation * Deep linking and improved triage experience * Clearer evidence presentation (timestamps, time ranges, empty results) * Improved context memory: * Redesigned UI with Active/Inactive views * Added expiration dates and usage tracking * Reduced duplication and improved filtering * Enhanced system observability: * Expanded system events for API calls and enrichment activity * Improved auditability and troubleshooting visibility *** ## Email, Identity & Endpoint Enhancements * Improved phishing detection: * Better parsing of complex headers * Stronger detection of credential-harvesting campaigns * Reduced false positives from legitimate SaaS usage * Enhanced identity and authentication analysis: * Improved Entra ID and hybrid identity enrichment * Better distinction between successful and failed logins * Improved VPN and device posture handling * Strengthened endpoint and process analysis: * Improved process tree reconstruction (especially for Cortex data) * Better file-origin tracking across multiple sources * Reduced false positives for legitimate system processes and updates *** ## Security, Performance & Reliability February releases continued to harden the platform: * Improved API security: * Enforced API key permissions aligned with UI roles * Enhanced system resilience: * Better retry logic and error handling across integrations * Improved handling of timeouts and upstream failures * Optimized performance: * Reduced database and API overhead (e.g., context memory optimizations) * Improved responsiveness under load * Reduced unnecessary prefetching and query overhead * Continued platform hardening: * Dependency updates * Container and infrastructure improvements * More consistent handling of malformed or incomplete data *** ## Overall Impact The February 2026 releases focused on: * Delivering **higher-confidence investigations with less noise** * Expanding **threat intelligence depth and visibility** * Improving **integration scalability and reliability across large environments** * Introducing **new analyst workflows and intelligence surfaces** * Strengthening **platform performance, resilience, and observability** Together, these updates significantly improve Dropzone’s ability to provide rich, contextual, and actionable investigations at scale while supporting increasingly complex security environments.