> For the complete documentation index, see [llms.txt](https://docs.dropzone.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.dropzone.ai/release-summary/2026/release-202602-summary.md). # February This summary covers all product updates released in February 2026, including the releases from: * February 5 – 11 * February 12 – 18 * February 19 – 25 * February 26 – March 4 Across these releases, we focused on improving investigation accuracy and context, expanding threat intelligence capabilities, enhancing integrations at scale, and introducing new analyst-facing workflows and intelligence surfaces. *** ## Investigation Quality & Signal Clarity February releases continued to drive more decisive investigations with reduced noise: * Expanded classification logic across: * Identity, VPN, and authentication activity * Endpoint tooling and management agents * Firewall admin changes and SSH activity * Cloud analytics, BI usage, and SaaS access * Email threats including phishing, HTML smuggling, and double-extension attachments * Improved differentiation between: * Legitimate cloud and infrastructure activity vs suspicious behavior * Research scanners vs real external reconnaissance * Command-and-control traffic vs benign outbound connections * Enhanced Microsoft Defender investigations with: * File origin, reputation, and prevalence context * Registry-aware malware analysis * Improved reinvestigation workflows for updated alerts * Introduced **blast radius analysis (Beta)** to identify impacted users, hosts, and assets for email incidents. * Improved investigation summaries: * Shorter, clearer, and more actionable * Better grounded in verifiable evidence (e.g., email address vs display name) *** ## Threat Intelligence & Enrichment February introduced major advancements in threat intelligence capabilities: * Launched a new **Threat Intel workspace**: * Browse and manage intelligence collections * Support for Dropzone-provided and customer-provided indicators * Added **Dropzone-native threat intelligence**: * File hash reputation * Common file behaviors * Parent/child process relationships * Frequency insights * Added **ANY.RUN** integration for sandbox-based enrichment (file, URL, domain, IP). * Improved enrichment reliability and depth: * Combined multiple sources (e.g., AbuseIPDB + hosting provider context) * Better handling of malformed or partial responses * More consistent IP, file, and domain reputation analysis *** ## Integration Expansion & Scalability February significantly expanded integration coverage and performance: ### New & Expanded Integrations * ANY.RUN * Wiz Threat (webhook ingestion) * Continued expansion of: * Microsoft 365 / Defender / Sentinel * Splunk and Splunk ES * Palo Alto Cortex XDR / XSIAM * Exabeam (Beta) * QRadar * Okta * Google Workspace * Panther * Elasticsearch * CrowdStrike *** ### Integration Improvements * Improved query generation, validation, and execution across SIEMs: * Parallel queries and better dataset selection * Reduced timeouts and retries * More resilient handling of partial or empty results * Enhanced enrichment coverage: * Device, user, and identity context * File, registry, and process relationships * Cloud and SaaS activity * Added new filtering and ingestion controls: * Detection-source filters (Microsoft) * Severity and tag-based filtering (SentinelOne, Cortex, Splunk ES) * Improved performance and scalability: * Reduced query volume (e.g., Splunk wildcard grouping) * Better handling of large datasets and long-running queries * Graceful handling of API limits and quota exhaustion *** ## User Experience & Investigation Workflows February introduced several new analyst-facing capabilities: * Added **detection objective summaries** to explain alert intent in plain language. * Introduced **blast radius summaries (Beta)** for quick impact assessment. * Added **outcome comparison dashboards (Beta)** to track investigation accuracy vs analyst feedback. * Released early **Threat Hunter catalog and reporting (Beta)**. * Improved investigation workflows: * Enhanced investigation list with better defaults and navigation * Deep linking and improved triage experience * Clearer evidence presentation (timestamps, time ranges, empty results) * Improved context memory: * Redesigned UI with Active/Inactive views * Added expiration dates and usage tracking * Reduced duplication and improved filtering * Enhanced system observability: * Expanded system events for API calls and enrichment activity * Improved auditability and troubleshooting visibility *** ## Email, Identity & Endpoint Enhancements * Improved phishing detection: * Better parsing of complex headers * Stronger detection of credential-harvesting campaigns * Reduced false positives from legitimate SaaS usage * Enhanced identity and authentication analysis: * Improved Entra ID and hybrid identity enrichment * Better distinction between successful and failed logins * Improved VPN and device posture handling * Strengthened endpoint and process analysis: * Improved process tree reconstruction (especially for Cortex data) * Better file-origin tracking across multiple sources * Reduced false positives for legitimate system processes and updates *** ## Security, Performance & Reliability February releases continued to harden the platform: * Improved API security: * Enforced API key permissions aligned with UI roles * Enhanced system resilience: * Better retry logic and error handling across integrations * Improved handling of timeouts and upstream failures * Optimized performance: * Reduced database and API overhead (e.g., context memory optimizations) * Improved responsiveness under load * Reduced unnecessary prefetching and query overhead * Continued platform hardening: * Dependency updates * Container and infrastructure improvements * More consistent handling of malformed or incomplete data *** ## Overall Impact The February 2026 releases focused on: * Delivering **higher-confidence investigations with less noise** * Expanding **threat intelligence depth and visibility** * Improving **integration scalability and reliability across large environments** * Introducing **new analyst workflows and intelligence surfaces** * Strengthening **platform performance, resilience, and observability** Together, these updates significantly improve Dropzone’s ability to provide rich, contextual, and actionable investigations at scale while supporting increasingly complex security environments. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.dropzone.ai/release-summary/2026/release-202602-summary.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.