# February 19, 2026 *** ## Highlights * Added **ANY.RUN** as a new threat intelligence integration for file, URL, domain, and IP lookups. * Improved investigation accuracy for management agents, Microsoft Edge activity, firewall admin changes, SSH admin logins, and double-extension email attachments. * **\[Beta]** Updated investigation experience with a new blast radius summary and a dashboard chart comparing original vs. analyst feedback outcomes. * Redesigned **Context Memory** table with expiration dates and improved usability. *** ## New Features ### \[Beta] Blast Radius Summary * Added an explicit blast radius summary to investigation conclusions. * Highlights impacted users, hosts, and assets at a glance. ### \[Beta] Outcome Comparison Chart * Introduced a dashboard chart comparing original investigation outcomes with analyst feedback over time. * Helps track tuning effectiveness and accuracy trends. *** ## Integrations ### ANY.RUN * Added support for ANY.RUN threat intelligence. * Enables file hash, URL, domain, and IP lookups directly from investigations. **Customer action:**\ Configure your ANY.RUN API key in the integrations page to begin enriching investigations with sandbox intelligence. *** ### Wiz Threat (Webhook) * Added a Wiz Threat webhook handler to ingest Wiz detections as alerts in Dropzone. **Customer action:**\ Point Wiz Threat webhooks to the Dropzone endpoint and select the Wiz Threat handler in alert source configuration. *** ## Improvements ### Investigation Accuracy * Refined classification for common operational scenarios: * PowerShell from device management tools * Microsoft Edge and WebView2 activity * Management service agents * Firewall policy changes by admins * SSH admin logins * Ensures expected activity is treated as benign while preserving detection of suspicious behavior. * Strengthened detection for clearly malicious patterns: * Double-extension email attachments * HTML smuggling techniques * Improved differentiation between: * Command-and-control traffic * Research scanner IPs * Genuine external scanning *** ### Email Investigations * Updated summaries to rely on **email addresses instead of display names**. * Reduces confusion in spoofing scenarios. *** ### Context Memory * Redesigned table with: * Active and Inactive tabs (with counters) * Rich filtering (including entity type) * Sortable columns * “Used count” linking to related investigations * Added optional **expiration dates** for context entries. * Preserves filters when switching views. *** ### IP Activity Context * Expanded analysis to include **Elasticsearch data**. * Enables better “how common is this IP” insights. *** ### System Settings * Standardized Company Name handling. * Supports automatic population during provisioning for consistent investigation context. *** ## Security & Reliability * Added retry logic and improved error handling for **ReversingLabs** lookups. * Improves resilience for URL and domain reputation enrichment. *** ## Bug Fixes ### Investigations List & Dashboard Navigation * Fixed issues where: * Switching priority tabs with “Show Closed” enabled showed incorrect results. * Dashboard drilldowns displayed incorrect tab content. *** ### ReversingLabs * Fixed handling of non-HTTP/HTTPS URL schemes. * Added retries for certain 400-series errors. *** ### Metrics API * Fixed error in “time to investigation by source” endpoint. * Ensures dashboards render correctly even with incomplete timing data. *** ## Integration Improvements ### Splunk & Splunk ES * Updated investigation summaries to correctly reference endpoints. * Improved deduplication using a coalesce key. * Added regex-based title filters to exclude specific notables. **Customer action:**\ Review and configure title exclusion patterns to suppress unwanted alert types. *** ### ReversingLabs * Improved handling of unsupported URL schemes. * Added retry logic for transient “BAD REQUEST” responses. *** ### Vectra AI * Expanded user enrichment with: * Account state * Severity and scoring * Tags * Direct links to Vectra account view *** ### Panther * Improved query generation: * Better time condition handling * Improved DISTINCT logic * Enhanced logging of failed queries * Reduced validation errors and empty query attempts. *** ### Palo Alto XDR & XSIAM * Added tag-based regex filters (include/exclude). * Enables precise control over ingested alerts and cases. **Customer action:**\ Configure tag filters in XDR/XSIAM settings to refine ingestion scope. *** ### Elasticsearch * Improved IP activity analysis by querying indexes in parallel. * Reduces timeouts and improves responsiveness. *** ### Microsoft Defender & Microsoft Ecosystem * Added registry evidence awareness for malware alerts. * Improves follow-on queries and investigation context. *** ### Threat Intelligence & Scanners * Refined classification of: * Research scanner IPs * External scanning * Outbound botnet command-and-control traffic * Prevents misclassification of legitimate research infrastructure or outbound activity. ***