Stay up to date with the latest features, improvements, and fixes to the Wirespeed platform.
Sep 17, 2025
  • Improved AITM behavior detection
  • Improved unicode handling
  • Upgraded Crowdstrike Falcon endpoint syncs to use bulk fetching
  • Refactored enrichment to analyze files concurrently
Sep 15, 2025
  • Updated our algorithm to more accurately detect live off the land scenarios
  • Improved JSON parsing across all integrations
  • Adjusted our parser to better support inconsistencies observed in Microsoft data
  • If a detection is added to a case, ticket integrations (e.g. Jira) will note so via a comment
Sep 10, 2025
  • Service Provider name will now be used in client Timelines
  • Team list now identifies external members, easing Service Provider team management
  • Improve monitoring so that detection monitors in the same case stay in sync with one another
  • Improve date parsing for syslog ingestion
  • Update Jira Cloud integration to faciliate templated summary and optional sending of closed detections
  • Fixed bug where the IP page would not load for private IP addresses
Sep 9, 2025
  • 20 new and updated integration categorizations
  • Simulated breach detection
  • Identification and new verdict rules for masquerading files
  • Added category for Business Email Compromise (BEC), was previously mapped to Login alerts
  • Added category for Account Compromise
  • Added category for Lateral Movement
  • Fixed bug on events page where click-to-search functionality duplicated values
  • Clients table for Service Providers is now sortable
  • Improved detection of authorized RMM tools
  • Active monitors are displayed below escalated cases in the navigation bar
Aug 31, 2025
  • 11 new and updated integration categorizations
Aug 28, 2025
  • Webhooks are now processed asynchronously to increase reliability
  • Billable users & endpoints are available underneath your Team page, or the Clients page for service providers
  • 47 new and updated integration categorizations
Aug 24, 2025
  • User and Endpoint details pages have been updated to show related detections
  • User details page exposes authentication patterns
  • Dedicated category for business email compromise added
  • Updated details grid available on all entity details pages
  • Removed files, user agents, locations, processes, ip addresses, and domains from left-hand navigation
  • New command pallette available via cmd+k or ctrl+k to search the removed navigation items above
  • AI summary is now the default case description
Aug 22, 2025
  • You can now delete your team by navigating to the Teams page and selecting “Delete Team”. This action is irreversible.
  • New API endpoint POST /team/switch - Service providers can use this with a service provider API key to manage multiple tenants.
Aug 20, 2025
  • Fixed custom detection query timeouts by updating query generation logic to use proper partitioning keys.
  • Generic Syslog and JSON log importers are now generally available.
  • Improved endpoint and user correlation to prioritize active managed users over dormant ones.
Aug 17, 2025
  • Improved cases dashboard now shows mean time to detect, verdict, respond, and contain.
  • Timeline logging improvements for ingestion of historic detections on initial integration.
  • Lowered required thresholds for Apple Private Relay and ISP logins from trusted locations.
  • Improved live off the land tool detection for pwsh.exe and winpty-agent.exe.
  • Improved remote management tool detection for ScreenConnect and NinjaOne.
Aug 12, 2025
  • Jira comments sync back to Wirespeed and are shown in the cases view.
  • IPv6 addresses are flattened by default
  • Integration categorization and parsing improvements for Crowdstrike and Okta
Aug 5, 2025
  • In the Events view, you can now click properties to automatically add them to the search bar.
  • When creating a user you can now opt them out of activity emails.
  • New and updated mappings for Microsoft.
July 30, 2025
  • Jira Cloud is now available! Review our documentation to learn how Wirespeed cases can create Jira issues and how closing issues in Jira can close the issue in Wirespeed.
  • Updated Microsoft UAL parsing and tidying of AWS GuardDuty permissions checks.
  • Prioritize managed users in directory user searches.
July 28, 2025
  • Hunts and Monitors are now generally available!
    • Hunts are deep analyses using 30-day patterns, threat intelligence, and device validation that hunts for any clues or indications that may inform a detection.
    • Monitors are continuous surveillance executing rules at regular intervals to detect repeat patterns over extended periods (days to weeks), generating cases when specific threat patterns match.
  • New mappings for JAMF Protect.
  • Added the ability to test ChatOps with unamanaged user, making it easier than ever to see a live demo of ChatOps in action.
July 23, 2025
  • Cisco Duo authentications logs are now available in Wirespeed! Check out our integration docs to learn how to get started.
  • Custom detection changes are logged to your audit log.
  • Detections table verdict and page size filters were not working as expected.
  • New and fixed mappings for detections from Microsoft and Crowdstrike.
July 18, 2025
  • Certain OCSF observables were not being properly identified on authentication events.
  • Containment and chat ops actions are more clear in the What Happened summary.
  • Improved detection mappings for vulnerable drivers, brute force, and email malware alerts.
July 12, 2025
  • Checkpoint Harmony spam and graymail alerts are no longer considered detections. They will still be enriched and available in the data lake.
July 11, 2025
  • Need a quick birds eye view of your Detections? Go checkout out the new stats at the top!
  • You asked for it, we delivered: Apple Private Relay 🍏 handling has been added to our verdict rules.
  • You’re not using Chatops? Onboard a group today to instantly increase the effectiveness and intelligence of your Wirespeed deployment.
  • Subscribe to changelog updates at https://docs.wirespeed.co/changelog/rss.xml.
July 7, 2025
  • Leverage the full power of Clickhouse by using Wirespeed’s Advanced Queries. Seriously, go check out the docs for this one. Start or continue your journey to become a Wirespeed Superuser!
  • Updated our user algorithm, making our directory decision making even smarter.
  • Ever wonder if your mobile endpoints are responsible for more cases? You can now filter cases by “Was Mobile” to learn more about what your mobile devices are triggering.
July 1, 2025
June 27, 2025
  • Added ability for Service Providers to provide default ChatOps messaging for client teams.
June 25, 2025
  • Updated verdict ordering for better prioritization
  • Added TOR logins to verdict algorithm
  • Fixed timeline display issues for improved event tracking
June 23, 2025
  • Microsoft sign-in log processing is now generally available
June 19, 2025
  • Okta sign-in log processing is now generally available
  • Enhanced directory user automation rules for email domain matching
  • Increased clarity of threat indicator data
June 18, 2025
  • AI Case Summaries: you can now view a AI-generated summary of every case
  • Added ability to ingest all assets from detection sources and option to tag them as HVT
June 11, 2025
  • JAMF Protect integration has been enabled for Beta testing
June 10, 2025
Welcome to our new changelog! Items will be added here as soon as they are released.