FeatureLogPulse SIEM: real-time detections, MITRE ATT&CK coverage, risk-based alerting, and a Notables triage workflow
FeatureThreat intelligence: IOC store, manual watchlists, Spamhaus ASN-DROP feeds, and a threat landscape with geo map and IOC enrichment of risk events
FeatureUEBA behavior baselines with impossible-travel, first-seen, and volume-spike detection
FeatureSOAR response actions gated behind propose-and-approve, so the AI proposes and a human approves before anything runs
FeatureSigma rule import: transpile and bulk-import SigmaHQ rules to LPQL, with ~3,000 rules bundled as managed content packs
FeatureService Intelligence: entity discovery, service mapping, KPIs, anomaly detection, and blast-radius analysis
FeatureOAuth-secured MCP server: connect Claude and other AI agents to your read tools, plus propose-and-approve write tools for detections, alerts, KPIs, and pipelines
FeatureCloud connectors for Entra ID, Microsoft 365, and AWS CloudTrail, with canonical cloud-audit normalization
FeatureAI-driven notable investigations with auto-close, re-investigate, and server-side log-pattern compression
FeatureFull invoicing system: VAT invoices with PDF, VIES validation, and AI credit top-ups
FeatureAmazon Bedrock as an AI provider for EU/GDPR (AVG) data residency
ImprovementConsolidated Security and Observability hubs with tabbed navigation
FixGeoIP enrichment now loads reliably at worker startup via the ClickHouse dictionary
v0.11.0May 2026Unified Workspace & Agent Fleet
FeatureUnified Workspace bringing AI investigation and LPQL search together under /workspace with split and inline canvas layouts
FeatureSource-and-time scope picker to target investigations across logs, dashboards, pipelines, alerts, and lookups
FeatureQuick Ask overlay: ask Byte from anywhere via the header button or Ctrl+I, replacing the old slide-out
FeatureAgent Fleet management: bulk upgrades, one-click remote actions, and Vector run-state with last-heartbeat visibility
FeatureManaged Proxmox VE pipeline template with a guided setup wizard
FeatureOnboarding tour and getting-started checklist on the home page
FeatureNew input types including auditd and Proxmox syslog, plus built-in parser templates on the Fleet page
FeatureWorkspace Activity feed merging searches and sessions, plus a Saved + Recent LPQL library
ImprovementReal-time toast notifications over a shared SSE stream, with reconnect that keeps investigations live across page navigation
ImprovementBrotli/gzip response compression and AI prompt caching for faster, cheaper queries
FixQueries are now killed on client disconnect, freeing ClickHouse resources mid-stream
v0.10.0April 2026AI Investigator, v2
FeatureByte: rebranded AI assistant (formerly Copilot) integrated in dashboard and header
FeatureWorkspace knowledge tools: investigator now draws on saved data models, services, and parser rules
FeatureProactive get_system_health_snapshot tool for single-pass health checks
FeatureScope checks and honest insight-mode reporting in AI investigations
Featureupdate_panel / remove_panel events on the investigation canvas
Improvementisolated-vm sandboxing for safer pipeline execution
ImprovementPulse animation on PulseCanvas for live log visualisation
ImprovementLogTable events mode with richer parsed-field and attribute rendering
ImprovementStats queries and visualizations overhaul for faster dashboards
FixIPv4-mapped IPv6 handling in BLOCKED_IP_RANGES
v0.9.0March 2026Visual Pipelines & Kubernetes
FeatureVisual Pipeline editor with drag-and-drop node library
FeatureKubernetes integration via Helm chart
ImprovementLPQL syntax highlighting in docs
FeatureVector agent support
v0.8.0February 2026
FeatureAI Anomaly Detection with Modified Z-Score algorithm