Skip to main content
Stay up to date with the latest features, improvements, and fixes to the Wirespeed platform.
Oct 28, 2025
  • Improved Case and Impact UI on mobile devices
  • Exclusion creations, edits, and deletions are now tracked in the system log
  • Increased the amount of data extracted from Jamf Protect detections
  • Chat Ops tests are now easier with typeahead user searching
  • Various SMS chatops improvements
  • Fixed how we extract command line arguments for Sentinel One
  • Remapped how we handle Entra Connect tampering
  • Fixed a bug in manager chatops verdicts
  • Added average MTTV, MTTD, and MTTR to cases
Oct 24, 2025
  • 🍞 Upgraded to the Bun 1.3 runtime
  • Improved background job processing for added resiliency during long-running jobs
  • Added non-interactive sessions in Microsoft sign-in logs
  • Verdict rules can now insert a friendly explanation into your timeline
  • Added new categories for private credential exposure for VIPs, evasive activities in email, and more
Oct 22, 2025
  • SMS chat ops is now available! Learn more here
  • Mimecast integration added
  • AI analysis for some live off the land executions is now live
  • Automated impact identification is now in beta testing, Wirespeed will identify all activities performed by a user after suspicious activity is alerted on.
  • Fixed API bug when attempting to enable LOTL endpoint auto containment
  • Directory/Endpoint tag automations are now logged to the system log
  • Case reopening is now added to the case timeline
Oct 10, 2025
  • Improved next steps granularity when containment is partially successful
  • Added detection from 3 new RMM tools
  • Add 200 new detection mappings for Vectra integrations
  • CSV exports are now available on the cases and detections pages. Exports have a limit of 100k rows.
  • Bug fix for billable user counts on the Clients page for service providers
Oct 8, 2025
  • Improved retry handling for ticket creation in external systems
  • Cases with >24 hours of delay from the source are now closed automatically
  • Benign chat ops responses are now saved as exclusions
  • Refactored login verdict handling to remove low confidence verdict rules
  • New experimental AI analysis for live off the land executions is now being run in read-only mode
  • Verdict is now available in the Case details view
  • Reduced false positives for suspicious email identification after a suspicious login
  • Team, Case, and User deletion bug fixes
  • Service Providers can now whitelabel the following:
    • Email “from” name
    • Email reply-to address
    • In-product support button email address
    • Email signature and footer address
  • Historic Cases can now be reopened for further inspection
Sep 29, 2025
  • Increased webhook durability
  • Enhanced file grouping
  • Optimized memorary usage on detection consumption
  • Improved JSON parsing date parsing
  • Enhanced OAuth client credential grant handling
  • Fixed monitor logic for better accuracy
  • Improved duplicate detection lookups
  • Updated bun version
Sep 25, 2025
  • Vectra integration is now available!
  • Enhanced NATS consumer durability
  • Prevented chat ops when a monitor is already active
  • Enhanced chat ops to avoid notifying users who have timed out recently
  • Improved HVA value handling to not override manually set values during endpoint syncing
  • Optimized malware algorithms
  • Added categorizations for Falcon Cloud Security
  • Allowed VIP chat ops during testing
Sep 17, 2025
  • Improved AITM behavior detection
  • Improved unicode handling
  • Upgraded Crowdstrike Falcon endpoint syncs to use bulk fetching
  • Refactored enrichment to analyze files concurrently
Sep 15, 2025
  • Updated our algorithm to more accurately detect live off the land scenarios
  • Improved JSON parsing across all integrations
  • Adjusted our parser to better support inconsistencies observed in Microsoft data
  • If a detection is added to a case, ticket integrations (e.g. Jira) will note so via a comment
Sep 10, 2025
  • Service Provider name will now be used in client Timelines
  • Team list now identifies external members, easing Service Provider team management
  • Improve monitoring so that detection monitors in the same case stay in sync with one another
  • Improve date parsing for syslog ingestion
  • Update Jira Cloud integration to faciliate templated summary and optional sending of closed detections
  • Fixed bug where the IP page would not load for private IP addresses
Sep 9, 2025
  • 20 new and updated integration categorizations
  • Simulated breach detection
  • Identification and new verdict rules for masquerading files
  • Added category for Business Email Compromise (BEC), was previously mapped to Login alerts
  • Added category for Account Compromise
  • Added category for Lateral Movement
  • Fixed bug on events page where click-to-search functionality duplicated values
  • Clients table for Service Providers is now sortable
  • Improved detection of authorized RMM tools
  • Active monitors are displayed below escalated cases in the navigation bar
Aug 31, 2025
  • 11 new and updated integration categorizations
Aug 28, 2025
  • Webhooks are now processed asynchronously to increase reliability
  • Billable users & endpoints are available underneath your Team page, or the Clients page for service providers
  • 47 new and updated integration categorizations
Aug 24, 2025
  • User and Endpoint details pages have been updated to show related detections
  • User details page exposes authentication patterns
  • Dedicated category for business email compromise added
  • Updated details grid available on all entity details pages
  • Removed files, user agents, locations, processes, ip addresses, and domains from left-hand navigation
  • New command pallette available via cmd+k or ctrl+k to search the removed navigation items above
  • AI summary is now the default case description
Aug 22, 2025
  • You can now delete your team by navigating to the Teams page and selecting “Delete Team”. This action is irreversible.
  • New API endpoint POST /team/switch - Service providers can use this with a service provider API key to manage multiple tenants.
Aug 20, 2025
  • Fixed custom detection query timeouts by updating query generation logic to use proper partitioning keys.
  • Generic Syslog and JSON log importers are now generally available.
  • Improved endpoint and user correlation to prioritize active managed users over dormant ones.
Aug 17, 2025
  • Improved cases dashboard now shows mean time to detect, verdict, respond, and contain.
  • Timeline logging improvements for ingestion of historic detections on initial integration.
  • Lowered required thresholds for Apple Private Relay and ISP logins from trusted locations.
  • Improved live off the land tool detection for pwsh.exe and winpty-agent.exe.
  • Improved remote management tool detection for ScreenConnect and NinjaOne.
Aug 12, 2025
  • Jira comments sync back to Wirespeed and are shown in the cases view.
  • IPv6 addresses are flattened by default
  • Integration categorization and parsing improvements for Crowdstrike and Okta
Aug 5, 2025
  • In the Events view, you can now click properties to automatically add them to the search bar.
  • When creating a user you can now opt them out of activity emails.
  • New and updated mappings for Microsoft.
July 30, 2025
  • Jira Cloud is now available! Review our documentation to learn how Wirespeed cases can create Jira issues and how closing issues in Jira can close the issue in Wirespeed.
  • Updated Microsoft UAL parsing and tidying of AWS GuardDuty permissions checks.
  • Prioritize managed users in directory user searches.
July 28, 2025
  • Hunts and Monitors are now generally available!
    • Hunts are deep analyses using 30-day patterns, threat intelligence, and device validation that hunts for any clues or indications that may inform a detection.
    • Monitors are continuous surveillance executing rules at regular intervals to detect repeat patterns over extended periods (days to weeks), generating cases when specific threat patterns match.
  • New mappings for JAMF Protect.
  • Added the ability to test ChatOps with unamanaged user, making it easier than ever to see a live demo of ChatOps in action.
July 23, 2025
  • Cisco Duo authentications logs are now available in Wirespeed! Check out our integration docs to learn how to get started.
  • Custom detection changes are logged to your audit log.
  • Detections table verdict and page size filters were not working as expected.
  • New and fixed mappings for detections from Microsoft and Crowdstrike.
July 18, 2025
  • Certain OCSF observables were not being properly identified on authentication events.
  • Containment and chat ops actions are more clear in the What Happened summary.
  • Improved detection mappings for vulnerable drivers, brute force, and email malware alerts.
July 12, 2025
  • Checkpoint Harmony spam and graymail alerts are no longer considered detections. They will still be enriched and available in the data lake.
July 11, 2025
  • Need a quick birds eye view of your Detections? Go checkout out the new stats at the top!
  • You asked for it, we delivered: Apple Private Relay 🍏 handling has been added to our verdict rules.
  • You’re not using Chatops? Onboard a group today to instantly increase the effectiveness and intelligence of your Wirespeed deployment.
  • Subscribe to changelog updates at https://docs.wirespeed.co/changelog/rss.xml.
July 7, 2025
  • Leverage the full power of Clickhouse by using Wirespeed’s Advanced Queries. Seriously, go check out the docs for this one. Start or continue your journey to become a Wirespeed Superuser!
  • Updated our user algorithm, making our directory decision making even smarter.
  • Ever wonder if your mobile endpoints are responsible for more cases? You can now filter cases by “Was Mobile” to learn more about what your mobile devices are triggering.
July 1, 2025
June 27, 2025
  • Added ability for Service Providers to provide default ChatOps messaging for client teams.
June 25, 2025
  • Updated verdict ordering for better prioritization
  • Added TOR logins to verdict algorithm
  • Fixed timeline display issues for improved event tracking
June 23, 2025
  • Microsoft sign-in log processing is now generally available
June 19, 2025
  • Okta sign-in log processing is now generally available
  • Enhanced directory user automation rules for email domain matching
  • Increased clarity of threat indicator data
June 18, 2025
  • AI Case Summaries: you can now view a AI-generated summary of every case
  • Added ability to ingest all assets from detection sources and option to tag them as HVT
June 11, 2025
  • JAMF Protect integration has been enabled for Beta testing
June 10, 2025
Welcome to our new changelog! Items will be added here as soon as they are released.