Skip to main content

2026-01-23 — CMS Migration, .NET 10 Upgrade, and Agent Improvements

Content Management System (CMS) Migration

  • Analytical rules, security content, and CMS capabilities are now fully integrated into the IRIS platform, delivering a unified experience for managing detection rules and security content without switching between tools.

Platform Upgrade to .NET 10

  • The platform has been upgraded to .NET 10, improving performance, security, and long-term supportability across all services.

Agent Center Enhancements

  • Administrators can now update agent container images directly from the Agent Center, reducing operational overhead when deploying new agent versions.
  • Agent efficacy improvements: agents now have access to sign-in logs, directory logs, device timelines, and related incidents as investigation tools — enabling richer, more accurate automated investigations.
  • Default AI model capacity increased to 150K tokens per minute, improving agent throughput for high-volume environments.

Gamebook Fixes

  • Resolved an issue where the gamebook approval button was not functioning correctly in the incident detail modal.

Notification Settings

  • Users can now toggle severity-based notifications without requiring recipients to be configured first, simplifying initial notification setup.

Filtering Experience

  • Filters across the portal now persist as you navigate between pages, eliminating the need to re-apply filters repeatedly.

Bug Fixes

  • Fixed an issue where API error responses with empty bodies caused client-side errors.
  • Fixed null reference errors when agents array was uninitialized.
  • Resolved issues with SentinelOne and Azure response module configuration logic.
  • Fixed security rule detail page errors.

2025-12-23 — Command 2.0 Dashboard and Metrics Platform

Command 2.0 Dashboard

  • The Command page has been redesigned with a new dashboard layout featuring at-a-glance operational metrics, giving security teams immediate visibility into their security posture.

New Dashboard Widgets

  • Incident Tracker Overview — Track open, in-progress, and resolved incidents across all workspaces in a single view.
  • Closed Incident Rule Trends — Understand which detection rules are driving the most resolved incidents over time.
  • Workspace Closed Incident Trends — Compare incident resolution performance across workspaces.
  • Gamebook Activity Widget — Monitor active gamebook executions and their current status in real time.
  • Gamebook History Widget — Review past gamebook runs with outcomes and timing for post-incident analysis.

Agent Deployment Improvements

  • Added support for selecting preferred AI models in the Agent Center.
  • Continued support for standard agent deployment alongside newer deployment options for existing customers.

CrowdStrike Integration Enhancements

  • Incident descriptions from CrowdStrike are now automatically generated with richer context.
  • CrowdStrike incident comments are now fetched from audit logs, providing a complete conversation history within IRIS.

SentinelOne Integration Enhancements

  • Added support for SentinelOne threat classifications (verdicts), giving analysts clearer disposition information.
  • Fixed incident description formatting for SentinelOne incidents.

Bug Fixes

  • Fixed workspace filter not resetting to “All Workspaces” correctly.
  • Resolved inaccurate time filtering for the 24-hour filter option.
  • Fixed custom time filter unable to change from an existing custom selection.
  • Fixed duplicate rule entity mapping errors.

2025-11-18 — Agent GA Readiness, Audit Trail, and Gamebook Improvements

Audit Trail System

  • A comprehensive audit trail is now available for incident updates, entity investigations, and status changes. Security teams can review a full history of who did what and when — critical for compliance and post-incident review.
  • Audit logs for user sign-in and directory events are now queryable within the platform.

Agent Improvements for General Availability

  • Agents now automatically trigger investigations on new incidents, reducing mean-time-to-respond without manual intervention.
  • Real-time gamebook status updates are now streamed to the UI — no more refreshing to see investigation progress.
  • Gamebook execution results are now visible directly on the Gamebook page.
  • Agent response flow improved with better error handling and detailed comments when issues occur.
  • Prevented duplicate agent investigations on the same incident.
  • Agent UI refined for general availability readiness.

Workspace Group Management

  • Group member details, including member lists, are now visible in the group viewing slider within workspace settings.

Data Source Activity

  • The data source activity graph has been enhanced for better readability and alignment.

Bug Fixes

  • Fixed time filter refresh behavior on the incidents page.
  • Fixed agent response button remaining active when agent is not properly configured.
  • Fixed Defender incident comment creation for comments exceeding 1,000 characters.
  • Resolved incorrect log search results for Microsoft Defender data sources.
  • Fixed data source query results mapping to use column names instead of index positions, improving reliability.

2025-10-17 — Ticketing Orchestrator, Agent Optimization, and Time Filters

Ticketing Orchestrator

  • Introduced a new ticketing orchestration layer that improves reliability and consistency when creating and managing tickets across integrated ticketing systems (Jira, ServiceNow, Autotask).

Agent Flow Optimization

  • The agent investigation and response flow has been optimized for performance, with improved classification mapping and enriched logging for better troubleshooting.

Time Filter Improvements

  • Time filters throughout the portal now correctly display in local time instead of UTC, and the refresh behavior has been improved.

Bug Fixes

  • Fixed ticket creation for Microsoft Defender incidents in Autotask.
  • Resolved entity context menu appearing for non-Microsoft sourced incidents.

2025-09-04 — CMS 3.0, Notification System, and Agent Center

CMS 3.0 Release

  • The Content Management System has been finalized with an updated user interface, improved rule details pages, and refined commenting capabilities for security content collaboration.

Notification System

  • A new notification settings system allows workspace administrators to configure alert recipients, severity thresholds, and notification preferences per workspace — ensuring the right people are notified about the right events.
  • Notification recipients can be added and removed directly from workspace settings.

Agent Center

  • A redesigned Agent Center creation experience with step validation, an Azure region picker for selecting agent resource locations, and an improved configuration details view.
  • Agent deployment reliability has been significantly increased with improved error handling and processing time.

Feature Flag Cleanup

  • Gamebooks 2.0 and Workspace Management features are now generally available — feature flags have been removed, making these capabilities available to all users by default.

Bug Fixes

  • Fixed deployment table routing when switching workspaces.
  • Fixed notification delivery issues identified during QA.
  • Resolved IAM management component flag check issues.
Questions about the release notes? Contact us at [email protected].