Release History

View all app release history.

MITRE D3FEND
1.0.2601.0 2026-01-24 22:01
First release - MITRE D3FEND version 1.3.0 (2025-12-16 00:12:00+0900)
MITRE ATT&CK
1.1.2601.0 2026-01-23 22:48
Improvements - Added Korean translations for tactics and techniques.
SECUI MF2
1.3.2601.0 2026-01-23 15:25
Added app query commands - Add/list/delete blacklist rules - Add/list/delete host objects Added 22 log schemas - MF2 Audit (audit) - MF2 Cloud URL Block Status (app_cnt_cloud_url_block) - MF2 Daemon Status (mng_daemon) - MF2 FTP Block Status (app_cnt_ftp) - MF2 HA Status (ha_status) - MF2 HA Traffic (ha_traffic) - MF2 Interface Traffic (mng_if_traffic) - MF2 IPS DDOS Detect (ips_ddos_detect) - MF2 NAT Rule Traffic (nat_rule_traffic) - MF2 NAT Traffic (nat_traffic) - MF2 Performance (mng_resource) - MF2 QoS Counter (mng_qos) - MF2 Rule Traffic (fw4_rule_traffic) - MF2 SSL Traffic (app_cnt_ssl4_traffic, app_cnt_ssl6_traffic) - MF2 SSLVPN Traffic (sslvpn3_cnt_traffic) - MF2 SSLVPN Tunnel Status (sslvpn3_cnt_tunnel) - MF2 Traffic (fw4_traffic, fw6_traffic) - MF2 Oversubscription (mng_oversubscription) - MF2 VPN Tunnel Count (vpn_cnt_tunnel_use) - MF2 Webclient Limit (app_cnt_webclient_limit) - MF2 Webclient Transaction (app_cnt_webclient_all) - MF2 Webfilter Status (app_cnt_urlblock) Others - Added Unknown log schema - Added MF2 Perf dashboard
Recorded Future
1.0.2601.0 2026-01-21 14:36
First release - Support dashboard and 17 query commands.
MITRE ATT&CK
1.0.2601.0 2026-01-21 00:45
First release - MITRE ATT&CK Enterprise 18.1 version (2025-11-13) - Query commands: mitre-attack-analytics, mitre-attack-data-sources, mitre-attack-campaigns, mitre-attack-detection-strategies, mitre-attack-softwares, mitre-attack-mitigations, mitre-attack-techniques, mitre-attack-groups, mitre-attack-data-components, mitre-attack-relations, mitre-attack-tactics
BLUEMAX NGF
1.9.2601.0 2026-01-20 23:08
Changelog - Added support for WELF log format - Fixed log schema display names - Added 7 new log schemas - Blacklist (fw4_blacklist) - FQDN management (fqdn_management) - QoS counter (qos_cnt) - SSL VPN client profile (sslvpn_client_resource) - SSL VPN tunnel monitoring (sslvpn_monitoring) - SSL VPN user auth (sslvpn_user_auth) - Web filter (urlblock) Bug fix - Fixed issue for some query commands not showing proper query plan - Fixed issue where time filter was not being applied on the dashboard **Before updating the app, delete the Bluemax NGF app dashboard and update the app for the dashboard to show correct log schema display names**
Experimental
1.10.2512.0 2026-01-14 13:51
Bug Fixes - Fixed an issue where using log command in subqueries caused a NullPointerException. - Removed explain command that had been moved to the query optimizer app, resolving conflicts with the query optimizer app.
Sigma Rules
1.0.2601.0 2026-01-10 02:02
First release - rules-emerging-threats, rules-threat-hunting resources - 2026-01-05 6fe7343bf79306884b05837d5e03bcbcb141ce50 commit snapshot
BLUEMAX ADS
1.1.2512.0 2025-12-29 21:49
Added parsing and schema for new log types - Authentication-based defense (auth_base_defense) - Blacklist block (blacklist_block) - HA status (ha_status_cnt) Added support for parsing key-value format logs
Microsoft 365
1.4.2512.0 2025-12-29 13:43
Add connection profile timeout options
GitHub
1.3.2512.0 2025-12-29 11:30
Added `profile` option to the `github-audit-logs` query command
PacketCYBER
1.0.2512.0 2025-12-25 22:15
First release - Support dedicated log parser, log schemas, logger model
Slack
1.3.2512.0 2025-12-25 17:07
Add Slack Audit Log Collector and Dashboard - Requires auditlogs:read in Slack User OAuth Scope Add Slack Account Dashboard - Requires users:read, users:read.email, and team:read in Slack User OAuth Scope - If users:read.email or team:read is not granted, email and team name will display as null
Microsoft Azure
1.3.2512.0 2025-12-24 18:59
Logger start time option added - When running the collector for the first time or after initialization, logs are retrieved starting from start time option base. - Incremental collection continues from previous collection time upon relaunch - If not entered, retrieves oldest log based on current subscription settings
NGFCTI
1.3.2512.0 2025-12-23 22:34
New FCTI Dashboards - News, Alerts, Threat Reports, Advisories, Early Warnings, Notices, IP Feed, URL Feed, Domain Feed, MD5 Feed, SHA256 Feed
Splunk
1.5.2511.1 2025-12-23 14:47
Changelog * Added spl option for splunk-search query command. **Feature for 1.5.2511.0 version that allowed variables in splunk-search SPL query has been disabled. Instead, use Logpresso query to create SPL query string and use splunk-search spl option.**
Splunk
1.5.2511.0 2025-12-23 14:40
**This version might not have query working correctly when using set variable, use 1.5.2511.1 instead.** Changelog - Added support for variables in SPL query in `splunk-search` command
UMV WSS
1.0.2512.0 2025-12-22 17:22
First release - Support alert, upload, health, rpc, audit log types - Support dedicated log parser, log schemas, logger model, datasets, dashboards, and detection rules.
eStreamer
1.1.2512.0 2025-12-19 18:32
Improvements - Added option to include original logs in collectors and extended commands - Fixed error message display
Google Workspace
1.8.2512.0 2025-12-19 18:14
Added raw log inclusion option to activity log-related extended commands - Added raw option to google-workspace-admin-logs, google-workspace-drive-logs, google-workspace-login-logs, google-workspace-meet-logs, google-workspace-chat-logs commands - When enabled, raw data is included in the line field as a JSON string Added option to include raw logs in the Activity Log Collector - Added `include_event_raw` option to control whether raw logs are collected When reinstalling the app, please deactivate the Google Workspace app first before proceeding with the upgrade.