Skip to main content

2026-03-03 — Agent Execution History & Account Management

Agent Center

  • You can now review a complete history of every Security Delivery Agent execution from the Execution History tab on the Agent Details page. Each entry captures the timestamp, trigger source, incident, data source, severity, AI token usage, and outcome — providing full visibility for compliance and troubleshooting.
  • The portal now displays a notification when a Security Delivery Agent update is available, so you can update without checking manually.

Workspace Management

  • Organization Admins can now permanently delete inactive accounts and all associated data, preventing stale accounts from consuming resources or cluttering the platform.

Bug Fixes

  • Fixed an issue where the Configure and Save button on the agent configuration page was always enabled, even when no changes had been made or the user lacked the required permissions.

2026-03-02 — Webhook Integrations

Bug Fixes

  • Fixed an error that prevented non-partner users from loading the multi-workspace incident list.

2026-02-26 — Defender for Endpoint Agent Automation

Agent Center

  • Security Delivery Agents can now automatically detect and respond to Microsoft Defender for Endpoint incidents without requiring Microsoft Sentinel forwarding. Once configured, ContraForce polls Defender for Endpoint for new incidents and triggers your agent automatically — enabling a fully autonomous response workflow for environments using Defender for Endpoint directly.

Bug Fixes

  • Fixed an issue where users in tenants with 50 or more Microsoft Entra ID group memberships silently lost real-time incident updates and portal connectivity.

2026-02-25 — Gamebook Approval Controls

Gamebook Improvements

  • Reviewers can now Deny a Gamebook queued for approval, removing it from the queue rather than leaving it pending indefinitely.

Bug Fixes

  • Fixed a permissions issue where users with the Incident Analyst role could submit a Gamebook for approval, but it could execute instead of waiting for review.

2026-02-23 — Bug Fixes

Bug Fixes

  • Fixed a layout issue where incident table filters appeared misaligned on screens under 1800px wide.
  • Fixed an issue where the Link Ticket dialog only showed Jira projects A–F (approximately 10 results) and search had no effect, preventing analysts from linking incidents to projects not in the initial list.
  • Fixed an issue where Security Delivery Agents failed to update incident status due to a validation error, causing automation rules to not apply correctly.
  • Fixed an issue where audit log entries for agent-triggered status changes and owner assignments recorded the incorrect account ID.

2026-02-18 — CMS Improvements & Workspace Management

CMS Updates

  • Improved detection rule reliability by fixing issues with multi-table rule deployment.
  • Improved several detection rules for better accuracy and fewer false positives.

Workspace Management

  • You can now delete a pre-onboarded tenant that hasn’t completed setup, simplifying workspace cleanup.
  • Workspace tags now display more relevant contextual information, replacing the outdated “Configuration (XDR + SIEM)” label.

Gamebook Improvements

  • Added a Workspace column to the Gamebook Activity view, making it easier to identify which workspace each Gamebook execution belongs to.

Bug Fixes

  • Fixed a crash on the incidents list when viewing multiple workspaces caused by a module configuration change.
  • Fixed “Last Modification” in Group Management displaying “0 days ago” instead of the actual date.

2026-02-12 — Gamebook Reliability

Agent Center

  • Improved Security Delivery Agent reliability when investigating workspaces where certain Gamebook extensions are not enabled.

Bug Fixes

  • Fixed an issue where Gamebooks could get stuck in a pending or running status.
  • Fixed visual rendering issues in several portal components.

2026-02-10 — Incident Management Improvements

Incident Management

  • Added an Assign to me quick-action button to incident details and the incident modal, enabling analysts to claim incidents faster.
  • Incident IDs now appear consistently in the breadcrumb, URL, and page header for easier reference and sharing.
  • Consolidated workspace filtering — individual table workspace filters have been replaced by the global workspace filter at the top of the page for a cleaner, more consistent experience.

Gamebook Improvements

  • The Gamebook approval button now displays an informative tooltip explaining why approval is unavailable when prerequisites haven’t been met.

Bug Fixes

  • Fixed an issue in the Agent Center where pressing Enter during agent creation would prematurely submit the form.
  • Fixed a data source usage query failure affecting Google Workspace Reports.

2026-02-07 — Dock Panel Improvements

Dock Panel Navigation

  • The dock panel now opens to the Browse tab by default when expanded, providing faster access to workspaces and navigation.
  • The Recent tab now correctly displays workspaces you’ve recently accessed, improving workspace discovery.
  • Added a visual indicator to the active dock panel tab, making it easier to see which tab is currently selected.

Bug Fixes

  • Fixed an issue where the dock panel collapsed when navigating between workspaces.
  • Reduced unnecessary re-renders when interacting with dock panel tabs.

2026-02-06 — Incident Experience & Data Source Monitoring

Incident Details Redesign

  • The incident details experience has been redesigned with improved entity organization, clearer section navigation, and faster load times.
  • Entity lists in incident details now show enriched context directly in the list view.
  • Incident tabs have been reordered to show Comments first, followed by Audit, improving the workflow for analysts reviewing incident activity.

Data Source Activity Monitoring

  • Data source activity charts now update in real-time, giving administrators immediate visibility into ingestion health without refreshing.
  • Added a new “Last Seen” indicator to quickly identify stale or disconnected data sources.

Agent Center

  • Improved agent investigation messaging — when an agent investigation takes longer than expected, the notification now indicates that the agent will continue working in the background rather than showing a timeout error.

Bug Fixes

  • Fixed time zone display issues in incident timestamps.
  • Resolved entity context panel occasionally not loading for certain entity types.
  • Fixed an issue where the Agent Center failed to display available agent updates.
  • Removed an inaccurate tooltip from the Log Search run button.

2026-02-05 — Agent Deployment & Filtering Improvements

Agent Deployment

  • Simplified agent deployment with a new guided wizard that validates Azure prerequisites before provisioning.
  • Added deployment status notifications so administrators know when agents are ready.

Filter Persistence

  • Filters across the Command dashboard, Incidents, and Gamebooks pages now persist across sessions, reducing repetitive filter configuration.

Bug Fixes

  • Fixed agent configuration page not loading when no agents were deployed.
  • Resolved intermittent failures when saving notification preferences.
  • Fixed Gamebook Activity filter not correctly displaying queued Gamebooks.

2026-02-04 — Performance & Stability Updates

Platform Performance

  • Optimized incident list queries, reducing load times by up to 40% for high-volume workspaces.
  • Improved caching for workspace metadata, reducing redundant API calls during navigation.
  • The Incidents page now defaults to a 3-hour time filter instead of 24 hours, improving initial load times for high-volume workspaces.

Gamebook Execution

  • Gamebook execution logs now stream in real-time, providing immediate feedback during manual and automated runs.

Bug Fixes

  • Fixed memory leak in the incident polling service.
  • Resolved rare race condition causing duplicate incident entries in the UI.
  • Fixed an issue where pre-onboarding a new workspace did not correctly assign owner access to the administrator.
  • Fixed an issue where administrators could not access agent configuration from the Agent Center.

2026-02-03 — Workspace Manager & Bug Fixes

Workspace Manager

  • Added tooltips to the CMS and Settings icons in the Workspace Manager, matching the tooltip pattern used elsewhere in the portal.

Bug Fixes

  • Fixed an issue where workspace group membership changes were not reflected until page refresh.
  • Resolved CMS rule deployment failures for workspaces with special characters in their names.
  • Fixed entity search returning incomplete results for IP addresses.
  • Corrected tooltip alignment issues in the Command dashboard widgets.
  • Fixed entity context menu in the Gamebooks workbench requiring a second click to show available actions.
  • Fixed an error when viewing the Alert Rule tab for incidents from Microsoft Defender for Endpoint and other non-Sentinel sources.
  • Fixed incident closure failing for Microsoft Defender for Endpoint incidents.
  • Fixed the Configure and save button remaining clickable after completing Microsoft Sentinel configuration.

2026-01-23 — CMS Migration, .NET 10 Upgrade, and Agent Improvements

Content Management System (CMS) Migration

  • Analytical rules, security content, and CMS capabilities are now fully integrated into the IRIS platform, delivering a unified experience for managing detection rules and security content without switching between tools.

Platform Upgrade to .NET 10

  • The platform has been upgraded to .NET 10, improving performance, security, and long-term supportability across all services.

Agent Center Enhancements

  • Administrators can now update agent container images directly from the Agent Center, reducing operational overhead when deploying new agent versions.
  • Agent efficacy improvements: agents now have access to sign-in logs, directory logs, device timelines, and related incidents as investigation tools — enabling richer, more accurate automated investigations.
  • Default AI model capacity increased to 150K tokens per minute, improving agent throughput for high-volume environments.

Gamebook Fixes

  • Resolved an issue where the gamebook approval button was not functioning correctly in the incident detail modal.

Notification Settings

  • Users can now toggle severity-based notifications without requiring recipients to be configured first, simplifying initial notification setup.

Filtering Experience

  • Filters across the portal now persist as you navigate between pages, eliminating the need to re-apply filters repeatedly.

Bug Fixes

  • Fixed an issue where API error responses with empty bodies caused client-side errors.
  • Fixed null reference errors when agents array was uninitialized.
  • Resolved issues with SentinelOne and Azure response module configuration logic.
  • Fixed security rule detail page errors.

2025-12-23 — Command 2.0 Dashboard and Metrics Platform

Command 2.0 Dashboard

  • The Command page has been redesigned with a new dashboard layout featuring at-a-glance operational metrics, giving security teams immediate visibility into their security posture.

New Dashboard Widgets

  • Incident Tracker Overview — Track open, in-progress, and resolved incidents across all workspaces in a single view.
  • Closed Incident Rule Trends — Understand which detection rules are driving the most resolved incidents over time.
  • Workspace Closed Incident Trends — Compare incident resolution performance across workspaces.
  • Gamebook Activity Widget — Monitor active gamebook executions and their current status in real time.
  • Gamebook History Widget — Review past gamebook runs with outcomes and timing for post-incident analysis.

Agent Deployment Improvements

  • Added support for selecting preferred AI models in the Agent Center.
  • Continued support for standard agent deployment alongside newer deployment options for existing customers.

CrowdStrike Integration Enhancements

  • Incident descriptions from CrowdStrike are now automatically generated with richer context.
  • CrowdStrike incident comments are now fetched from audit logs, providing a complete conversation history within IRIS.

SentinelOne Integration Enhancements

  • Added support for SentinelOne threat classifications (verdicts), giving analysts clearer disposition information.
  • Fixed incident description formatting for SentinelOne incidents.

Bug Fixes

  • Fixed workspace filter not resetting to “All Workspaces” correctly.
  • Resolved inaccurate time filtering for the 24-hour filter option.
  • Fixed custom time filter unable to change from an existing custom selection.
  • Fixed duplicate rule entity mapping errors.

2025-11-18 — Agent GA Readiness, Audit Trail, and Gamebook Improvements

Audit Trail System

  • A comprehensive audit trail is now available for incident updates, entity investigations, and status changes. Security teams can review a full history of who did what and when — critical for compliance and post-incident review.
  • Audit logs for user sign-in and directory events are now queryable within the platform.

Agent Improvements for General Availability

  • Agents now automatically trigger investigations on new incidents, reducing mean-time-to-respond without manual intervention.
  • Real-time gamebook status updates are now streamed to the UI — no more refreshing to see investigation progress.
  • Gamebook execution results are now visible directly on the Gamebook page.
  • Agent response flow improved with better error handling and detailed comments when issues occur.
  • Prevented duplicate agent investigations on the same incident.
  • Agent UI refined for general availability readiness.

Workspace Group Management

  • Group member details, including member lists, are now visible in the group viewing slider within workspace settings.

Data Source Activity

  • The data source activity graph has been enhanced for better readability and alignment.

Bug Fixes

  • Fixed time filter refresh behavior on the incidents page.
  • Fixed agent response button remaining active when agent is not properly configured.
  • Fixed Defender incident comment creation for comments exceeding 1,000 characters.
  • Resolved incorrect log search results for Microsoft Defender data sources.
  • Fixed data source query results mapping to use column names instead of index positions, improving reliability.

2025-10-17 — Ticketing Orchestrator, Agent Optimization, and Time Filters

Ticketing Orchestrator

  • Introduced a new ticketing orchestration layer that improves reliability and consistency when creating and managing tickets across integrated ticketing systems (Jira, ServiceNow, Autotask).

Agent Flow Optimization

  • The agent investigation and response flow has been optimized for performance, with improved classification mapping and enriched logging for better troubleshooting.

Time Filter Improvements

  • Time filters throughout the portal now correctly display in local time instead of UTC, and the refresh behavior has been improved.

Bug Fixes

  • Fixed ticket creation for Microsoft Defender incidents in Autotask.
  • Resolved entity context menu appearing for non-Microsoft sourced incidents.

2025-09-04 — CMS 3.0, Notification System, and Agent Center

CMS 3.0 Release

  • The Content Management System has been finalized with an updated user interface, improved rule details pages, and refined commenting capabilities for security content collaboration.

Notification System

  • A new notification settings system allows workspace administrators to configure alert recipients, severity thresholds, and notification preferences per workspace — ensuring the right people are notified about the right events.
  • Notification recipients can be added and removed directly from workspace settings.

Agent Center

  • A redesigned Agent Center creation experience with step validation, an Azure region picker for selecting agent resource locations, and an improved configuration details view.
  • Agent deployment reliability has been significantly increased with improved error handling and processing time.

Feature Flag Cleanup

  • Gamebooks 2.0 and Workspace Management features are now generally available — feature flags have been removed, making these capabilities available to all users by default.

Bug Fixes

  • Fixed deployment table routing when switching workspaces.
  • Fixed notification delivery issues identified during QA.
  • Resolved IAM management component flag check issues.
Questions about the release notes? Contact us at support@contraforce.com.