​

Staging Changelog

---

​

March 27, 2026

​

SIEM Providers Admin

• Add SIEM Providers admin page with full CRUD workflow
• Support for Microsoft Sentinel with connection testing before saving
• Set default provider for investigations and incident sync

​

API Key Authentication

• Add API key management for programmatic access
• Scoped API keys with expiration and rotation support

​

Search

• Full-text and semantic search across investigations

​

Fixes

• Fix client credentials modal overflow for long strings
• Fix JWT middleware incorrectly treating Bearer tokens as API keys

---

​

March 26, 2026

​

LLM Model Management

• Add admin Models page with provider selection (Azure, OpenAI, Anthropic, Custom)
• Test model connectivity with live prompt execution
• Configure default model for investigations

​

Authentication

• Add Microsoft Entra ID as identity provider
• Increase token lifetime to 30 minutes
• Fix JWT validation for edge cases
• Fix cross-subdomain auth cookies

---

​

March 25, 2026

​

OAuth2 API Clients

• Add API Clients admin page with create/regenerate/disable workflow
• Client credentials grant for external service integration
• Scoped permissions for service-to-service authentication

​

User Management

• Add admin Users page with search and pagination
• Auto-provision users on first login via Azure Entra ID
• Fix duplicate email issue during auto-provisioning

---

​

March 20–24, 2026

​

Core Platform

• AI-powered SOC investigation engine
• Microsoft Sentinel integration with incident sync
• Interactive knowledge graph for entity exploration
• Scheduled investigations with configurable frequency
• Real-time notifications via SSE and WebSocket
• Session forking for branched investigations
• Deterministic incident enrichment with MITRE ATT&CK mapping