Product Documentation

What's new?

Notable new features, enhancements, and bug fixes.

The Anvilogic platform releases continuously. This list is periodically updated with the latest functionality and changes

Release 7.44

June 18, 2025

  • New Features & Enhancements

    • MITRE ATT&CK upgraded to v17

  • Bug Fixes

    • Issues related to Unified Detect and Search.

Release 7.43

June 12, 2025

  • New Features & Enhancements

    • Allowlisting now native to Anvilogic Platform

      • Not yet available customers with Splunk App

    • Unified Detect for Splunk v2

      • Search on Splunk without Waygate

  • Bug Fixes

    • Issues related to Search, Gold Normalization Macros, search and tuning insights.

Release 7.42

June 5, 2025

  • New Features & Enhancements

    • Private preview of Search and Build Agents, AI Workbench

    • Enhancements to threat scenario creation workflow

    • Enhancements to configuring rule validation including expiration settings

  • Bug Fixes

    • Issues related to Detect summary pages, Maturity score, Threat Priorities, Threat Identifiers, Threat scenarios, and Cases.

Release 7.41

May 29, 2025

  • New Features & Enhancements

    • Ability for the Copilot to analyze an SOI (threat scenario)

  • Bug Fixes

    • Issues related to bulk import, gold normalization and insights.

Release 7.40

May 22, 2025

  • New Features & Enhancements

    • Enhancements within Updates section of home page

    • Ability to see Groups within access control

  • Bug Fixes

    • Issues related to Gold normalization, Unified search and Integrations.

Release 7.39

May 15, 2025

  • New Features & Enhancements

    • General availability of Unified Detect for Databricks

      • Support for Databricks on GCP

    • Revised processing of Insights and Copilot EOI analyzer

  • Bug Fixes

    • Issues related to Maturity score, home page, docs and threat scenarios

Release 7.38

May 08, 2025

  • New Features & Enhancements

    • Enhanced EOI drilldown to use unified search across all supported data respositories (excluding Splunk), improving access and consistency across key pages.

    • Robust data ingestion support for Google SCC Alerts

  • Bug Fixes

    • Issues related to threat scenario creation/modification

Release 7.37

May 01, 2025

  • New Features & Enhancements

    • TI Recommendations - Enhance the recommendation engine to include trending topics and Insights

  • Bug Fixes

    • Groups attributes fetching require changes for Microsoft Azure SSO

    • Import Rules - Bulk import functionality is not working

Release 7.36.0.2

April 30, 2025

  • Bug Fixes

    • Unable to edit macros

Release 7.36

April 24, 2025

  • New Features & Enhancements

    • Extract SAML Attribute Names from SAML Response XML (Case-Insensitive)

    • Raise a Health Insight when all the required fields are not mapped for a feed normalization macro

    • Allow ability to add Victim Platform when importing rules

    • Auditing capabilities for Search and UD queries

  • Bug Fixes

    • Issues related to threat scenarios

Release 7.35

April 17, 2025

  • New Features & Enhancements

    • Enable Productivity Score Metrics - Alerts, Triage Dwell Time, Triage Percentage and Alert to Analyst ratio across all data repositories

    • Raise a Health Insight when there is significant volume drop in EOIs within Databricks

    • Monte Copilot can now invoke EOI Analyzer

  • Bug Fixes

    • Issues related to macros and unified search

Release 7.34

April 10, 2025

  • New Features & Enhancements

    • Support Unified Detect for Databricks running on Azure

  • Bug Fixes

    • Issues related to threat scenarios and Azure integration

Release 7.33

March 27, 2025

This release includes the following features and enhancements:

  • Data Onboarding

    • You can now ingest any log data from AWS S3 buckets directly into Anvilogic, expanding data ingestion flexibility.

    • Introduced a macro-based approach for normalizing raw events from the Silver table to the Gold table.

    • Anvilogic will automatically create and manage Snowflake Tasks & Streams, abstracting pipeline complexities from the user.

    • Users can now request Monte Copilot to auto-generate SQL normalization logic for transforming raw data from Silver to Gold.

    • Copilot leverages table schemas, data repositories, and domains to generate Snowflake SQL, streamlining data standardization.

  • Copilot - EOI Analyzer

    • Users can now ask Copilot to analyze an Event of Interest (EOI) from a Threat Identifier, enabling seamless investigation.

Release 7.32

March 20, 2025

This release includes the following features and enhancements:

  • Introduces new health insights for issues related to the data integrations

Release 7.31

March 13, 2025

This release includes the following enhancements:

  • Threat identifiers created using Unified Detect now show the update () icon when there are rule updates available. Previously, update notifications were not available for threat identifiers created from Unified Detect.

  • Pipeline updates for the Crowdstrike EDR and Proofpoint vendor alerts, as well as push alerts.

Release 7.30.2

March 6, 2025

This maintenance release includes various bug fixes.

Release 7.30.1

February 27, 2025

This maintenance release includes various bug fixes.

Release 7.30

February 20, 2025

This release provides support for integrating Databricks on AWS as a Beta feature for all customers.

Release 7.29.1

February 13, 2025

This maintenance release includes the following enhancements:

  • If you don't have Splunk configured, EOI drilldown links won't be active anymore.

  • Updates to the algorithm for recommending rules in the Armory.

  • Bug fixes in the Azure and Databricks integrations.

Release 7.29

February 6, 2025

This release includes enhancement to the Databricks integration to include creating a group, and adding the service principal to the group, along with a variety of bug fixes.

Release 7.28

January 30, 2025

This release includes the following enhancements:

  • Enhancements to the Azure UD integration.

  • Bug fixes and enhancements to the Databricks integration.

  • Enhancements to some tuning recommendations. including priority tuning for some threat identifiers.

Release 7.27

January 23, 2025

This release enables you to configure rule enrichment macros used to customize the Enrich component in the Unified Detect builder.

Release 7.26

January 16, 2025

This release includes the refactored workflow for creating threat identifiers. The new workflow integrates the Unified Detect rule builder for various data repositories.

Release 7.25

January 9, 2025

This release enables you to quickly identify macros with available updates from the home page, list of macros, and macro details.

Release 7.24

December 19, 2024

This release includes the following new features and enhancements:

  • Deobfuscator tool for Monte Copilot.

  • Updated Monte Copilot API endpoints to provide entity analysis in your investigations.

Release 7.23

December 12, 2024

This release includes various bug fixes and enhancements related to data onboarding.

Release 7.22.1

November 21, 2024

This release includes various bug fixes.

Release 7.22.0

November 14, 2024

This release includes a new hunting insight for unusual IP location.

Release 7.21.0

November 7, 2024

This release introduces the following enhancements:

  • Enhancements to Azure UD data feeds, ability to configure the ADX cluster size, and including Azure as a data logging platform in the first-time onboarding.

  • Enhancements to SSO SAML configuration:

    • Prevent password change and reset

    • Invitations are no longer sent to new users for SAML enabled accounts

    • SAML Group Mapping enable accounts will reflect the corresponding roles in Anvilogic, and the roles are also included in audit events.

  • Google Cloud Platform (GCP) logs Snowflake integration.

  • Previously, you can only view diffs for rules imported from the Armory. This release expands this capability so that you can view diffs for custom imported rules.

Release 7.20

October 24, 2024

This release introduces a new Snowflake integration to onboard the data in your Amazon S3 buckets and generate detections on that data.

Release 7.19

October 17, 2024

An architectural adjustment to have threat scenarios are run directly on the Anvilogic platform, rather than being deployed on your Snowflake environment. This change simplifies the management of threat scenarios, reducing the overhead involved in maintaining custom code for multiple data repositories. This adjustment also ensures minimal delays or data loss when gathering EOIs from various log repositories, leading to more effective threat detection.

Release 7.18

September 26, 2024

This release introduces the following feature enhancements:

  • The threat scenario deployment workflow is updated so that threat scenarios are first added to the Workspace before they are deployed.

  • The Search and Unified Detect page is enhanced to support search across Azure data feeds and macros on the Anvilogic platform.

Release 7.17

September 19, 2024

This release introduces Azure as a supported data logging platform.

Release 7.15

August 22, 2024

This release includes the following enhancements:

  • The integrations workflow to get data sources into Snowflake is enhanced to provide self-managed pipeline options the UI when available.

  • The QnA tool in Monte Copilot is enriched with information from the Anvilogic Armory so that it can now pull information about threat identifiers and threat scenarios, in addition to its existing capability of pulling data from Google searches and Anvilogic Forge Threat Reports.

Release 7.14

August 8, 2024

This release makes Monte Copilot generally available under a licensing model.

This release also addresses a variety of bug fixes, including the following:

  • The ability for users to validate a rule via API.

  • The ability to sync feeds when onboarding task is incomplete and is pending on data feeds sync from Snowflake.

Release 7.13

July 29, 2024

This release includes the following enhancements:

  • MonteAI Copilot is enhanced with additional tools such as IoC to check if an URL or IP address is an indicator of compromise (IoC), and AnvilogicAllowlistProcessRegexGenerator to help you generate regex patterns for allowlisting benign processes.

  • The UI libraries are updated to provide an enhanced experience. In some cases, you may notice a slight difference in the look and feel of the page or component.

Release 7.12

July 11, 2024

This release includes the following new features and enhancements:

  • On-demand sync for data feeds.

  • Additional event types are supported for the Lacework vendor alert integration.

  • The existing Snowflake Custom Data integration for Anvilogic-managed pipelines is replaced by separate Cribl Stream and Forward Events integrations.

Release 7.11

June 27, 2024

This release provides the ability to create and manage your own techniques and sub-techniques outside of the MITRE ATT&CK framework.

Release 7.10

June 13, 2024

The Threat Priorities page is updated so that when you are viewing your prioritized threat techniques, the default view is now a list of prioritized techniques. Previously, you saw a matrix view of your prioritized techniques by default. You can click List View or Matrix View to switch between the views.

Release 7.9

May 30, 2024

This release includes the following features and enhancements:

  • Ability to auto accept tuning insights.

  • Upgrade to version 15.1 of the MITRE ATT&CK framework. This upgrade introduces additional data categories for alerts on the Anvilogic platform.

Release 7.8

May 16, 2024

This release includes enhancements to the alert ingestion pipeline with machine learning-based enrichments and improved performance.

Release 7.7.1

May 9, 2024

This maintenance release provides support for Microsoft Security Alerts and Incidents vendor alert integration.

Release 7.7

May 2, 2024

This release includes the following features and enhancements:

  • (Beta) MonteAI Copilot, your SOC assistant trained by the common personas within the SOC to help assist any person within the SOC. MonteAI Copilot has access to the commonly used tools and data sets that enable these personas to perform their day-to-day activities.

  • (Beta) Auto Investigate automatically populates the Hypothesis and Resolution in hunting insights generated after May 2, 2024 to help you perform more efficient investigations.

  • The CrowdStrike FDR integration for self-managed pipelines is enhances to support additional data types.

Release 7.6

April 18, 2024

This release includes a variety of bug fixes, and the addition of the edit_hunting_insight_automation privileges to the Content Developer role.

Release 7.5

April 4, 2024

This release provides Google Workspace Snowflake integration to get your admin, drive, and login events into Snowflake to generate detections on the Anvilogic platform.

Release 7.4

March 21, 2024

This release introduces the beta version of the ability to create native Snowflake threat scenarios.

Release 7.3

March 7, 2024

This is a maintenance release to address performance issues and includes several bug fixes.

Release 7.2

February 22, 2024

This release includes back-end enhancements in the Unified Search area, along with a variety of bug fixes.

Release 7.1

February 8, 2024

This release provides the following new features and enhancements:

  • A redesigned investigation experience, featuring a new timeline that makes it easier to pivot from the timeline and add EOIs and notes to the timeline.

    • The EOI Summary dashboard is moved under the Detect in the navigation bar.

    • Saved investigation are called cases, which can be managed and shared by your team of analysts.

  • The workflow for deploying trending topics and detection packs is updated to align with the threat scenario deployment workflow, where macro verification happens at the end of the workflow instead of at the beginning.

Release 7.0.1

February 1, 2024

Introducing Ask MonteAI, enabling you to interact with the product documentation using MonteAI from any page on the Anvilogic platform.

Release 7.0

January 25, 2024

This release provides the ability to create and manage your own platforms outside of the MITRE ATT&CK framework.

Last updated

Was this helpful?