New Features
The Manage Workflow page displays updated workflow action labels (Activate/Deactivate) and adds a Run action for active workflows.
The History button in the top-right corner of the Workflows Management page redirects you to the Workflow History page, where you can view the execution history for the selected Workflow ID.
Feature Enhancements
The progress of the ArtifactSync Dev Preview workflow is now shown in the feeds workflow.
The Change Password button is hidden for all users authenticated via an external identity provider.
Riskflow allows submitting a question by pressing Enter instead of clicking the Submit button.
Workflow creation displays a warning dialog when navigating back or away with unsaved changes, allowing users to exit or continue configuring their workflow.
In the Data Lake Configuration window, the Next button is disabled immediately after clicking to prevent multiple submissions and improve user experience.
Metadata sections for Device, User, and Product now include additional fields for device serial number, user employee id and product id
Riskflow displays critical entity metadata in query results, keeping users on the Riskflow page and providing a link to pivot to the entity view.
The time of first prediction of a potential device ownership relationship is preserved in owner discovery.
Device Entity view centralizes retired/decommissioned status logic and supports class prioritization for multiple ServiceNow records, improving accuracy across dashboards.
Bug Fixes
The issue where alert-manager failed to update alert rules due to a missing event_type is fixed.
The feed state history endpoint is fixed to prevent consecutive duplicate state entries and ensure only actual state changes are returned.
An issue causing multiple feeds— including CyberArk Privilege Cloud, Microsoft Defender for Endpoint, MDE Software Inventory, and Halcyon Anti-Ransomware— to display incorrect errors in the feed health widget is fixed.
The issue where Data Quality Summary shows no data for 1-hour or 1-day filters is fixed.
The issue where SQL generated by Riskflow for array-typed fields is invalid is fixed.
The issue where the label name for 'Refresh Interval' fields changes unexpectedly in the Data Feed configuration wizard is fixed.
The issue where the Entity Resolution step in feed onboarding shows 'ResolutionMode' instead of Device, User, and Application labels is fixed.
The issue where CDP throws a DML error in cdp.cyber_vulnerabilities ETL is fixed.
The issue where the Test Connection button for Microsoft Entra MFA feeds shows errors is fixed.
The issue where the Test Connection for Halcyon Anti-Ransomware feed fails is fixed.
The issue where Data Lake migration does not create OCSF tables is fixed.
The issue where S3 data source IDs change after submitting the onboarding page, causing ERROR states and SQS retrieval failures is fixed.
The issue where the Actions Query Builder breaks when a struct column contains null data is fixed.
The issue where Advanced Search re-select queries fail to include unlabeled columns is fixed.
The issue where reports do not consistently refresh when navigating via the left navigation pane is fixed.
The issue where a user is redirected to the login page when an error occurs during authentication is fixed.
The issue where canceling a search shows an incorrect error message and prevents new searches due to the cancel button not disappearing is fixed.
The issue where Iceberg Optimizer experienced authentication failures in AWS and Azure environments is fixed.
The issue where Last Inventory Discovered Date in Device Inventory Compliance View pulls the last seen date for all feeds instead of CMDB feeds is fixed.
The issue where ingested bytes and trend line could show different data is fixed.