July 2026
One AI SOC front door — and deeper hardening
July brings the AI SOC Hub together as a single operational surface, teaches threat intelligence to look backwards in time, and closes out a round of security-as-design work on credentials and secrets.
AI SOC
AI SOC Hub — one page for every AI capability
A dedicated AI SOC landing page with traffic-light AI status, a clear "AI-handled vs. waiting for your decision" split, top-risk focus cards, and one-click Confirm / Dismiss / Escalate. Everything the AI does for you, visible in one place.
Threat Intelligence
Retrospective IOC hunting
New threat indicators are automatically matched against up to 180 days of your historical events — IPs, domains, URLs, and file hashes. A "Historical Hits" view, on-demand backfill with progress, and alerts on critical finds mean yesterday's blind spot is caught today.
Security Hardening
Secure admin bootstrap & forced password change
Default credentials are gone. The admin account is now bootstrapped with a strong, one-time-displayed password, and bootstrap admins must set a new password on first login — no fresh install ever runs with a known credential.
Security Hardening
All secrets encrypted at rest
Notification tokens, threat-feed keys, and firewall credentials are stored encrypted in the database instead of plaintext config, masked in every API response, and revealed in the UI only briefly on explicit request.
Deployment
Deployment mode switching restored
The guided wizard for switching between Integrated, Segmented, and Physical Diode modes works end-to-end again — preview the change, see the feature impact, then commit, all from the UI.
Deployment
Segmented mode: enrichment fully functional
External enrichment now round-trips through the relay, so results reach the platform while the backend never touches the internet directly — including securely relayed API keys for keyed providers.
Asset Management
Asset detail drill-down
Every asset now has its own detail page with a risk-score breakdown, its vulnerabilities, and its alerts — deep-linked from the patch table, dashboard widgets, and the vulnerabilities page.
Detection
Inspectable network Sigma matches
Community Sigma rules matched against network events are now fully inspectable, with match history per rule — so you can see exactly why a rule fired and how often it fires over time.