2026 Releases
29 min
welcome to flare's release notes page, where youβll find the latest updates, features, and improvements weβve rolled out to enhance your cybersecurity experience our mission is to empower security teams with cutting edge tools and insights to defend against emerging threats whether it's new ai powered capabilities, enhanced reporting options, or critical bug fixes, each release is designed to make threat intelligence more actionable, intuitive, and efficient explore how our constant innovations can help you stay one step ahead in the evolving cyber landscape may 2026 new features public api endpoint for 'remediate' and 'ignore' credential event marking release date may 26, 2026 credential workflows can now be marked as 'remediated' or 'ignored' through our public api note that this only covers in platform remediate/ignore states only iem workflows and other integrations remain unaffected by this change teams that manage credentials programmatically no longer need to switch to the platform to take action credential workflows can now be fully automated through api learn more https //api docs flare io/api reference/v4/endpoints/credential actions package registry monitoring as a new emerging source release date may 15, 2026 flare now monitors public package registries as an emerging source, scanning each new release for exposed secrets and author emails tied to your monitored domains published package versions are publicly available indefinitely, meaning a credential leaked in an old release remains exposed even after the publisher has rotated it or moved on by surfacing these exposures early, flare helps you identify supply chain risks and unauthorized access before they are exploited learn more docid\ oc9qrltimxbohtzxbvskj improvements auto fix when searching by domain of email in the credentials browser release date may 28, 2026 when searching by domain of email in the credentials browser, if flare detects that a full email address has been entered instead of a domain, it will automatically extract and apply the domain learn more docid\ d3onszzq0knmu79ma 5oe relevancy score for identifier recommendations release date may 20, 2026 identifier recommendations now display a relevancy score alongside each suggestion the score is based on the identifier type and the estimated number of associated events with scores visible at a glance, you can quickly prioritize which identifiers are worth adding to your monitoring setup and skip the ones that would add noise without value learn more docid\ dksgo5mpzehdemhzxg95f shareable links for filtered named breaches page release date may 13, 2026 you can now copy the url from a filtered named breaches docid\ mfophcda703rhauixoisj page and share it anyone who opens the link will land on the same view with the same filters already applied sharing specific breach views with teammates no longer requires explaining which filters to set one link, same context, instantly tenant admin email alerts for broken idp integrations release date may 1, 2026 flare now runs a daily test idp integrations if a failure is detected, an email is automatically sent to the tenant admin notifying them of the issue silent idp failures can block user access without any obvious signal proactive daily testing means broken integrations surface immediately, before they become a bigger problem fixes release date descriptions may 28, 2026 email/username in leaked credential events is now selectable and copyable a "copy" button has also been added to avoid accidentally opening the identity profile this fix applies to all previously non copyable hyperlinks across the platform may 28, 2026 mssps are now able to delete demo tenants may 14, 2026 fixed an issue where updating a matching policy assigned to an identifier did not correctly exclude future events the fix applies to all future events customers who want to clean up events that slipped through can use the "apply to past events" checkbox on their identifier's matching policy april 2026 π tenant level sso release monday apr 13, 2026 what's new tenant level sso is now available, giving your organization precise control over how users authenticate across tenants why it matters managing authentication across multiple tenants has required workarounds until now tenant level sso gives your admins the flexibility to enforce the right login method per tenant, streamline onboarding, and reduce friction for users operating across tenants all details on the sso and authentication https //docs flare io/sso and authentication page π matching policies for identifiers release friday apr 10, 2026 what's new matching policies are coming to identifiers, giving you precise control over what shows up in your feed compared to ignored terms you'll be able to configure three types of policies on any identifier included keywords β only show events that match specific keywords excluded keywords β remove events containing specific keywords lucene query β combine a full query directly to an identifier (with search query assistant support) note existing ignored terms are automatically migrated to excluded keyword policies why it matters matching policies allow you to precisely implement your monitoring strategy with regular identifiers like domain, keyword, and others cleaner feeds, fresh results, less overhead all details on the matching policies for identifiers docid\ zg1zxobulcijhudrj hkg page march 2026 π£ improvement instant leaked credentials release date march 3, 2026 β¨ what's new we've redesigned how leaked credentials appear across flare each newly detected credential now gets its own event card in the tenant feed β as soon as it is detected β replacing the previous periodic grouping model π key changes β’ credentials now appear within minutes of detection , both in the credentials browser and the tenant feed β’ every new leaked credential triggers its own event card in the tenant feed β’ remediation and ignore statuses are now fully in sync between the tenant feed and the credentials browser π― why it matters previously, delays, inconsistent counts, and disconnected statuses made it harder to act quickly on leaked credentials with this update, your team gets a faster, clearer, and more reliable workflow β so you can detect, validate, and remediate exposed credentials with confidence, wherever you work in flare more details on the leaked credentials events docid\ us0ed0th0wgzrquhgvxp4 page february 2026 π search usage dashboard release date feb 19, 2026 β¨ what's new in flare, you can now explore the search usage page, which shows how global searches are consumedβby member and by tenantβwith the ability to change the date range π― why it matters this new visibility into search usage helps you understand search patterns across your organization, identify power users, monitor consumption by tenant, and make data driven decisions about search resource allocation the flexible date range filtering allows you to analyze trends over time and optimize your search strategy π improved alert channels, now in the integration page release date feb 12, 2026 β¨ whatβs new rebuilt alert channels β we've refactored the entire alert channel framework across 10 supported channels (slack, teams, discord, jira, servicenow, splunk, azure sentinel, email, and webhook) key improvements include better performance and reliability, improved monitoring, and expanded test alert event types alert channels β integrations page β alert channel creation now lives on the integrations page, giving you a single pane of glass for all your integrations (including idp) you'll see a notice on the legacy alert channels tab pointing you to the new location π― why it matters this will enable a centralized view of integrations and permit better performance for alert channels π actor intelligence for chat based sources release date feb 5, 2026 β¨ whatβs new actor intelligence now supports chat based sources, including telegram you can click any underlined actor name in a chat sourced event to access their activity timeline, heatmaps, network graph, and more π― why it matters previously, actor intelligence was limited to forum based actors with threat actors increasingly active on chat platforms, this update lets you investigate and profile telegram actors with the same tools β closing a key visibility gap β οΈ note auto generated analysis is not yet available for chat based actors these will roll out over the coming weeks and will populate automatically these will be auto generated in the coming weeks for now, the analysis may take a minute or two to process when you open the analysis tab π telegram in threat flow release date feb 5 2026 β¨ whatβs new threat flow now ingests data from chat based conversations β including telegram β alongside existing forum coverage π― why it matters conversation explorer and custom intel queries now surface results from telegram channels and groups, giving you visibility into threat actor activity that previously lived outside threat flow's reach this significantly expands the intelligence available when investigating threats or creating intel reports chat based sources are enabled by default to exclude them, adjust your source types in filters january π flare sandbox release date jan 13, 2026 β¨ whatβs new flare has implemented a state of the art sandbox to analyze files found in stealer logs, urls, or uploaded files both dynamic and static analysis are present allowing users to interact with the object in a safe sandbox environment flare will return a verdict on the object as well as a pdf report that includes artifacts, iocs, mitre ttps and more! please note that sandbox is available as an add on and is not included with base flare please reach out to your csm for more details π― why it matters this enables full malware analysis right within the flare platform allowing a smooth workflow from stealer log, malicious website to sandbox analysis we have more planned for the sanbox and are excited to share in the near future π you can learn more here https //docs flare io/sandbox π stealer log navigation release date jan 8, 2026 β¨ whatβs new we introduced a more streamlined interface that makes it easier to scroll through stealer logs while accessing broader context all event views now open in a resizable drawer, allowing users to expand the view horizontally for better visibility and more comfortable browsing π― why it matters the new navigation improves usability and speeds up stealer log investigations security teams can more efficiently analyze stealer log activity and navigate specific content with less friction, leading to faster, more focused threat analysis