2026 Releases
21 min
welcome to flare's release notes page, where youβll find the latest updates, features, and improvements weβve rolled out to enhance your cybersecurity experience our mission is to empower security teams with cutting edge tools and insights to defend against emerging threats whether it's new ai powered capabilities, enhanced reporting options, or critical bug fixes, each release is designed to make threat intelligence more actionable, intuitive, and efficient explore how our constant innovations can help you stay one step ahead in the evolving cyber landscape april 2026 π tenant level sso release monday apr 13, 2026 what's new tenant level sso is now available, giving your organization precise control over how users authenticate across tenants why it matters managing authentication across multiple tenants has required workarounds until now tenant level sso gives your admins the flexibility to enforce the right login method per tenant, streamline onboarding, and reduce friction for users operating across tenants all details on the https //docs flare io/sso and authentication page π matching policies for identifiers release friday apr 10, 2026 what's new matching policies are coming to identifiers, giving you precise control over what shows up in your feed compared to ignored terms you'll be able to configure three types of policies on any identifier included keywords β only show events that match specific keywords excluded keywords β remove events containing specific keywords lucene query β combine a full query directly to an identifier (with search query assistant support) note existing ignored terms are automatically migrated to excluded keyword policies why it matters matching policies allow you to precisely implement your monitoring strategy with regular identifiers like domain, keyword, and others cleaner feeds, fresh results, less overhead all details on the docid\ zg1zxobulcijhudrj hkg page march 2026 π£ improvement instant leaked credentials release date march 3, 2026 β¨ what's new we've redesigned how leaked credentials appear across flare each newly detected credential now gets its own event card in the tenant feed β as soon as it is detected β replacing the previous periodic grouping model π key changes β’ credentials now appear within minutes of detection , both in the credentials browser and the tenant feed β’ every new leaked credential triggers its own event card in the tenant feed β’ remediation and ignore statuses are now fully in sync between the tenant feed and the credentials browser π― why it matters previously, delays, inconsistent counts, and disconnected statuses made it harder to act quickly on leaked credentials with this update, your team gets a faster, clearer, and more reliable workflow β so you can detect, validate, and remediate exposed credentials with confidence, wherever you work in flare more details on the docid\ us0ed0th0wgzrquhgvxp4 page february 2026 π search usage dashboard release date feb 19, 2026 β¨ what's new in flare, you can now explore the search usage page, which shows how global searches are consumedβby member and by tenantβwith the ability to change the date range π― why it matters this new visibility into search usage helps you understand search patterns across your organization, identify power users, monitor consumption by tenant, and make data driven decisions about search resource allocation the flexible date range filtering allows you to analyze trends over time and optimize your search strategy π improved alert channels, now in the integration page release date feb 12, 2026 β¨ whatβs new rebuilt alert channels β we've refactored the entire alert channel framework across 10 supported channels (slack, teams, discord, jira, servicenow, splunk, azure sentinel, email, and webhook) key improvements include better performance and reliability, improved monitoring, and expanded test alert event types alert channels β integrations page β alert channel creation now lives on the integrations page, giving you a single pane of glass for all your integrations (including idp) you'll see a notice on the legacy alert channels tab pointing you to the new location π― why it matters this will enable a centralized view of integrations and permit better performance for alert channels π actor intelligence for chat based sources release date feb 5, 2026 β¨ whatβs new actor intelligence now supports chat based sources, including telegram you can click any underlined actor name in a chat sourced event to access their activity timeline, heatmaps, network graph, and more π― why it matters previously, actor intelligence was limited to forum based actors with threat actors increasingly active on chat platforms, this update lets you investigate and profile telegram actors with the same tools β closing a key visibility gap β οΈ note auto generated analysis is not yet available for chat based actors these will roll out over the coming weeks and will populate automatically these will be auto generated in the coming weeks for now, the analysis may take a minute or two to process when you open the analysis tab π telegram in threat flow release date feb 5 2026 β¨ whatβs new threat flow now ingests data from chat based conversations β including telegram β alongside existing forum coverage π― why it matters conversation explorer and custom intel queries now surface results from telegram channels and groups, giving you visibility into threat actor activity that previously lived outside threat flow's reach this significantly expands the intelligence available when investigating threats or creating intel reports chat based sources are enabled by default to exclude them, adjust your source types in filters january π flare sandbox release date jan 13, 2026 β¨ whatβs new flare has implemented a state of the art sandbox to analyze files found in stealer logs, urls, or uploaded files both dynamic and static analysis are present allowing users to interact with the object in a safe sandbox environment flare will return a verdict on the object as well as a pdf report that includes artifacts, iocs, mitre ttps and more! please note that sandbox is available as an add on and is not included with base flare please reach out to your csm for more details π― why it matters this enables full malware analysis right within the flare platform allowing a smooth workflow from stealer log, malicious website to sandbox analysis we have more planned for the sanbox and are excited to share in the near future π you can learn more https //docs flare io/sandbox π stealer log navigation release date jan 8, 2026 β¨ whatβs new we introduced a more streamlined interface that makes it easier to scroll through stealer logs while accessing broader context all event views now open in a resizable drawer, allowing users to expand the view horizontally for better visibility and more comfortable browsing π― why it matters the new navigation improves usability and speeds up stealer log investigations security teams can more efficiently analyze stealer log activity and navigate specific content with less friction, leading to faster, more focused threat analysis