Skip to main content

Version 1.9.0 Released

Release date: March 27, 2026

This release introduces powerful observability and infrastructure enhancements alongside significant platform expansions. Live Data and Console Logs bring real-time visibility to Directors, Clusters, Devices, Targets, Advanced Routes, and Pipeline Debugger. The new Orchestrated Director extends deployment flexibility for auto-scaling cloud environments. Four new device integrations — Kafka, NATS, CCF, and WEC — broaden platform connectivity. The Data Collection Rule (DCR) Dataset centralizes Windows event and security log management, while Cluster IP support simplifies network routing for clustered deployments. Additional improvements span connection status transparency, notification consistency, MFA reliability, and Content Hub update workflows.

🚀 New Features

  • Orchestrated Director - New Director type introduced for auto-scaling cloud environments where instances are automatically managed, scaled, and replaced by the platform. Designed to support dynamic infrastructure where traditional Director lifecycle management is handled externally, enabling seamless operation in elastic and containerized deployments.

  • Live Data - Real-time data streaming added for Directors, Clusters, Devices, Targets, Advanced Routes, and Pipeline Debugger. Users can monitor activity and diagnose issues in real time without relying solely on historical log data.

  • Console Logs - Directors and Clusters now expose live console logs directly in the interface, providing real-time visibility into service-level operations and diagnostics.

  • Log Stream Column — Log stream column added to Device, Target, Director, and Cluster tables, providing quick access to a 150-minute rolling log stream directly from the list view without navigating into individual configuration pages.

🔧 Improvements

New Devices

  • Kafka - Apache Kafka device integration for ingesting streaming event data.
  • NATS - NATS messaging system device integration for high-performance message collection.
  • CCF - CCF device integration added to the platform.
  • WEC - Windows Event Collector device integration for centralized Windows event forwarding.

Connection Status

  • Connection Status Tooltips - Device, target, and director connection status indicators enhanced with error tooltip support. When a device or target is in a not-connected state, hovering over the connection status now displays the associated error message, giving users immediate visibility into the reason for the connection failure without navigating away from the list view.

Director Management

  • Cluster IP - Cluster configuration expanded with Cluster IP support, enabling all traffic to be routed through a single IP address. This simplifies network configuration and load balancing for clustered Director deployments.

Devices

  • Syslog and TCP Regex Support - Regex filtering support added to Syslog and TCP device configurations, enabling pattern-based log collection control for more precise ingestion from Syslog and TCP sources.

Content Hub

  • Accept All Updates - Accept All action added to the Content Update Review page. When triggered, the platform traverses all child pipelines and automatically accepts pending changes, significantly reducing the manual effort required to apply bulk pipeline updates.

Stats Page

  • Director Filter - Director filter on the Stats page repositioned to the top level, enabling it to apply across all statistics simultaneously. Previously scoped to individual sections, the filter now provides a unified view of statistics for the selected Director.

Platform

  • Notification Improvements - Platform-wide notification system reviewed and improved for consistency and reliability across user interactions. Success, error, and warning notifications have been standardized across the interface, ensuring users receive clear and consistent feedback for all platform actions.

  • Send Feedback - Send Feedback button added to the platform interface, allowing users to submit feedback directly to us. This enables faster issue reporting and helps the team capture real-world usage insights.

Dataset

  • Data Collection Rule (DCR) Dataset - DCR management centralized through the Dataset feature, enabling unified configuration and governance of Data Collection Rules from a single location. As part of this change, the individual Import DCR option previously available within Windows Event Logs and Security Logs configurations has been removed in favor of the centralized Dataset-based approach.

🐛 Bug Fixes

MFA

  • MFA Reset Incorrectly Disabling MFA - Fixed an issue where performing an MFA reset on a user with MFA enabled was disabling MFA entirely instead of resetting the configuration. Reset now correctly prompts the user to reconfigure MFA without altering the enabled state.

Windows & Linux Agentless

  • Username and Password Fields Not Appearing - Fixed an issue in Windows and Linux agentless configurations where disabling the Active Directory (Windows) or Key-based option (Linux) caused the username and password fields to not be displayed, preventing users from completing the configuration.

Content Hub

  • Updates Not Shown Due to Cache - Fixed an issue where the Content Update review page was incorrectly indicating no updates were available due to a stale cache, even when updates existed.

Dataset

  • Event Category Empty in Drawer - Fixed an issue where the Event Category field appeared empty in Dataset drawers, ensuring category information is correctly displayed when viewing Dataset details.

Activity Logs

  • Date Display Inconsistency - Fixed an issue causing confusion in Activity Log date display, ensuring timestamps are presented accurately and consistently across all log entries.