What's New

XDRagon Monitor ships continuously.
Here's what's new.

A curated look at recent releases. XDRagon Monitor follows calendar versioning (CalVer) — every release is tagged, signed, and published on GitHub, where the full changelog lives.

July 2026

One AI SOC front door — and deeper hardening

July brings the AI SOC Hub together as a single operational surface, teaches threat intelligence to look backwards in time, and closes out a round of security-as-design work on credentials and secrets.

AI SOC
AI SOC Hub — one page for every AI capability
A dedicated AI SOC landing page with traffic-light AI status, a clear "AI-handled vs. waiting for your decision" split, top-risk focus cards, and one-click Confirm / Dismiss / Escalate. Everything the AI does for you, visible in one place.
Threat Intelligence
Retrospective IOC hunting
New threat indicators are automatically matched against up to 180 days of your historical events — IPs, domains, URLs, and file hashes. A "Historical Hits" view, on-demand backfill with progress, and alerts on critical finds mean yesterday's blind spot is caught today.
Security Hardening
Secure admin bootstrap & forced password change
Default credentials are gone. The admin account is now bootstrapped with a strong, one-time-displayed password, and bootstrap admins must set a new password on first login — no fresh install ever runs with a known credential.
Security Hardening
All secrets encrypted at rest
Notification tokens, threat-feed keys, and firewall credentials are stored encrypted in the database instead of plaintext config, masked in every API response, and revealed in the UI only briefly on explicit request.
Deployment
Deployment mode switching restored
The guided wizard for switching between Integrated, Segmented, and Physical Diode modes works end-to-end again — preview the change, see the feature impact, then commit, all from the UI.
Deployment
Segmented mode: enrichment fully functional
External enrichment now round-trips through the relay, so results reach the platform while the backend never touches the internet directly — including securely relayed API keys for keyed providers.
Asset Management
Asset detail drill-down
Every asset now has its own detail page with a risk-score breakdown, its vulnerabilities, and its alerts — deep-linked from the patch table, dashboard widgets, and the vulnerabilities page.
Detection
Inspectable network Sigma matches
Community Sigma rules matched against network events are now fully inspectable, with match history per rule — so you can see exactly why a rule fired and how often it fires over time.
June 2026

Faster answers, easier operations, proof under pressure

June focused on the daily experience of running XDRagon Monitor: live-streaming AI, built-in attack simulation to test yourself, operational safety nets, and reporting your board will actually read.

AI SOC
Streaming AI responses
Daily briefings and AI threat context now stream token by token, live — no more waiting on a spinner. If the local AI runtime is unavailable, a rule-based fallback keeps the answers coming.
Validation
AI Red Team Mode
Built-in attack simulation — slow scans, beacon jitter, DNS tunneling, all MITRE-mapped — runs against your own deployment and produces a gap report showing detection coverage per scenario. Test your defenses before an attacker does.
Detection
Kill Chain Visualizer
An interactive seven-stage kill chain view shows where in the attack lifecycle your incidents were detected, with drill-down into each stage and PNG export for reports.
Operations
Automatic backup & guided restore
Daily database backups with seven-day retention, optional S3 upload, and on-demand manual backups. Restore is a guided wizard that takes an automatic safety backup before touching anything.
Reporting
Two-page board report with auto-email
A concise monthly executive report — Security Score, key KPIs, top attack techniques, and compliance status with a plain-language AI narrative — delivered automatically to your board's inbox.
UX
Command palette navigation
Press Cmd+K anywhere and fuzzy-search your way to any page, with recent-page history. The fastest path from "I need to check something" to actually checking it.
Deployment
One-command installation
A single curl command runs a guided installer: prerequisite checks, interactive configuration, auto-generated secrets, and a health-check loop that confirms every service came up. Updates and clean removal use the same script.
Integrations
Webhook notifications: Slack, Teams, PagerDuty
Signed outbound webhooks with provider-specific formatting bring alerts to the tools your team already lives in — with a test button and a full administration UI.
May 2026

Behavioral analytics, patch focus, and compliance that writes itself

May expanded what XDRagon Monitor can see — user and host behavior, credential exposure, more firewall vendors — and turned compliance paperwork into guided, AI-drafted workflows.

Detection
UEBA — user & host behavioral analytics
Per-host process baselines and per-user login baselines detect anomalies like impossible travel, credential stuffing, unusual admin logins, and off-hours activity — with login heatmaps and per-entity behavior profiles.
Vulnerabilities
Patch priority: "patch these first"
A dedicated vulnerabilities view ranks every CVE finding across your assets by known exploitation, severity, and asset criticality — with a ransomware filter — so limited patching time goes where it matters most.
Integrations
Multi-firewall support
Syslog parsers for FortiGate, Sophos XG/XGS, UniFi/EdgeOS, and OPNsense join pfSense — with automatic detection and step-by-step setup guides per vendor, built for the firewalls SMBs actually run.
Compliance
GDPR breach wizard & ISO 27001 export
An AI-drafted GDPR Article 33 notification with a 72-hour deadline countdown and saved drafts, plus a ZIP export of your evidence mapped to ISO 27001 Annex A — honest about any gaps it finds.
Compliance
NIS2 incident notification wizard
A three-step wizard turns an AI incident into an Article 23 notification draft and PDF, with the 24-hour, 72-hour, and 30-day deadlines tracked automatically and urgency banners so nothing slips.
Supply Chain
Signed releases with SLSA build provenance
Every release ships with keyless Sigstore attestation of its SBOM and source archive. One command verifies that what you downloaded is exactly what was built — provable supply-chain integrity.
Threat Intelligence
Dark web credential monitoring
Your domains are monitored against Have I Been Pwned. A known breach combined with a login from a new IP is escalated as a compound anomaly, and breach exposure shows up directly in behavioral profiles.
Detection
Graph-based lateral movement detection
Network-graph analysis spots pivot hosts and new subnet crossings against your baseline, automatically opening MITRE-mapped incidents — and later showing attack duration to distinguish automated from hands-on movement.

Follow along

Every release, changelog entry, and signed artifact is public on GitHub. You can clone the repository and run XDRagon Monitor today — and if you'd like a note when each new release lands, sign up for release updates.