Features & improvements
- New: ability to investigate events with the help of AI
- New: Async function in Google SecOps
- New: permission system for management API keys (exposer)
- New(beta): Agentic Workflows ( documentation )
- New(beta): Arcanna AI Assistant ( documentation )
- Improvement: ability to filter expired API keys
- Improvement: added event ids on the error log alerts
- Improvement: added knowledge base metrics to model metrics endpoint
- Improvement: added token lifespan to MicrosoftGraphEmail integration
- Improvement: job and model metrics
- Improvement: Management API token now has a "don't expire" option
- Improvement: now you can chose from more label colors when defining your use case
- Improvement: on Feedback-page\Feedback-Drawer for a better user experience
- Improvement: OpenSearch integration now can provide post-decisions
- Improvement: Watchdog watchers now check for pipeline delays
Bug fixes:
- Fixed an issue with the clean-up of deleted jobs past remnants
- Fixed an issue where changes on integrations we're not detected by jobs created through exposer
- Fixed an issue with "JOB_ID" env variable on Code Block: now it will be properly selected on cloned jobs
- Fixed an issue where jobs with QRadar input would fail to retrieve events when offense_source are missing from the offense
- Fixed an issue where job-in-job would sometime not process all the existing documents
- Fixed an issue where Custom Field would not retain "output field value"
- Fixed an issue for API Key page: could not be opened in new tab
- Fixed an issue for DFIR Iris integration
- Fixed an issue caused by OpenThreatIntel integration: sometimes the ingestion pipeline of a job would be blocked
- Fixed a corner case where "Rollback trained model" functionality was working properly
- Fixed an issue where OpenSearch could not be used as output integration
- Fixed an issue where boolean values could not be used for filtering on Feedback Page