New group options, DNS dependency preview
05 January 2026
For anyone using group accounts, you now have access to suggestions and events on the group level, meaning you can see and edit all of your suborganizations events and suggestions from the grouphome page. The overviews also show the organization names. To better enabled user management, you can now also see the last login time of users.
A big thing for the coming year will be better graphs and reports, providing more actionable insights. The first one is in beta now:
$dns_dependency_report
This graph shows all your urls on the left, and your domain name servers on the right. This gives a very nice overview of how your DNS dependencies are. You can instantly spot the outliers, and see which domains depend on just a single provider.
Big happy new year server and database cleanup
01 January 2026
The title says it all. Since it's a nice quite day, it was time for a big cleanup.
This has caused delays in scans, sorry about that. If you are doing periodic scans through the API and need the results within a shot time, you likely got less or no results for your scan.
Regular users shouldn't really notice anything.
New vulnerabilities index, software index complete
08 December 2025
Almost all software detection has moved to the new software index. If you want to have a look, use this query:
index=software
It has separate fields for
vendor,
product,
version and
patch (name of the patch), and shows when specific software was
first_seen and
last_seen. This will allow you to check what software you had running in the past. Sometimes a new vulnerability is published and it turns out it has been used for months already. Your current software version might not be vulnerable, but the one last month might have been. You can check that now.
The magic query
$software_vulnerabilities_report and other software queries are now replaced with a fully functional software index. There are fields for
software,
assets,
ip,
url,
cve,
cvss_score,
cvss_severity and, like with the software index,
first_seen and
last_seen fields for every cve seen on every asset. Here are some example queries:
Show all recent vulnerabilities with a cvss_score above 8:
index=vulnerabilities last_seen>-7d cvss_score>8
Show all recent criticals:
index=vulnerabilities last_seen>-7d cvss_severity=critical
Check if you where vulnerable to CVE-2025-23048 last month:
index=vulnerabilities first_seen<-1m cve=CVE-2025-23048
Note that the old magic $software queries will still be supported, so don't worry about migrating any queries/reports you have.
