Release History

View all app release history.

MITRE ATT&CK
1.0.2601.0 2026-01-21 00:45
First release - MITRE ATT&CK Enterprise 18.1 version (2025-11-13) - Query commands: mitre-attack-analytics, mitre-attack-data-sources, mitre-attack-campaigns, mitre-attack-detection-strategies, mitre-attack-softwares, mitre-attack-mitigations, mitre-attack-techniques, mitre-attack-groups, mitre-attack-data-components, mitre-attack-relations, mitre-attack-tactics
BLUEMAX NGF
1.9.2601.0 2026-01-20 23:08
Changelog - Added support for WELF log format - Fixed log schema display names - Added 7 new log schemas - Blacklist (fw4_blacklist) - FQDN management (fqdn_management) - QoS counter (qos_cnt) - SSL VPN client profile (sslvpn_client_resource) - SSL VPN tunnel monitoring (sslvpn_monitoring) - SSL VPN user auth (sslvpn_user_auth) - Web filter (urlblock) Bug fix - Fixed issue for some query commands not showing proper query plan - Fixed issue where time filter was not being applied on the dashboard **Before updating the app, delete the Bluemax NGF app dashboard and update the app for the dashboard to show correct log schema display names**
Experimental
1.10.2512.0 2026-01-14 13:51
Bug Fixes - Fixed an issue where using log command in subqueries caused a NullPointerException. - Removed explain command that had been moved to the query optimizer app, resolving conflicts with the query optimizer app.
Sigma Rules
1.0.2601.0 2026-01-10 02:02
First release - rules-emerging-threats, rules-threat-hunting resources - 2026-01-05 6fe7343bf79306884b05837d5e03bcbcb141ce50 commit snapshot
BLUEMAX ADS
1.1.2512.0 2025-12-29 21:49
Added parsing and schema for new log types - Authentication-based defense (auth_base_defense) - Blacklist block (blacklist_block) - HA status (ha_status_cnt) Added support for parsing key-value format logs
Microsoft 365
1.4.2512.0 2025-12-29 13:43
Add connection profile timeout options
GitHub
1.3.2512.0 2025-12-29 11:30
Added `profile` option to the `github-audit-logs` query command
PacketCYBER
1.0.2512.0 2025-12-25 22:15
First release - Support dedicated log parser, log schemas, logger model
Slack
1.3.2512.0 2025-12-25 17:07
Add Slack Audit Log Collector and Dashboard - Requires auditlogs:read in Slack User OAuth Scope Add Slack Account Dashboard - Requires users:read, users:read.email, and team:read in Slack User OAuth Scope - If users:read.email or team:read is not granted, email and team name will display as null
Microsoft Azure
1.3.2512.0 2025-12-24 18:59
Logger start time option added - When running the collector for the first time or after initialization, logs are retrieved starting from start time option base. - Incremental collection continues from previous collection time upon relaunch - If not entered, retrieves oldest log based on current subscription settings
NGFCTI
1.3.2512.0 2025-12-23 22:34
New FCTI Dashboards - News, Alerts, Threat Reports, Advisories, Early Warnings, Notices, IP Feed, URL Feed, Domain Feed, MD5 Feed, SHA256 Feed
Splunk
1.5.2511.1 2025-12-23 14:47
Changelog * Added spl option for splunk-search query command. **Feature for 1.5.2511.0 version that allowed variables in splunk-search SPL query has been disabled. Instead, use Logpresso query to create SPL query string and use splunk-search spl option.**
Splunk
1.5.2511.0 2025-12-23 14:40
**This version might not have query working correctly when using set variable, use 1.5.2511.1 instead.** Changelog - Added support for variables in SPL query in `splunk-search` command
UMV WSS
1.0.2512.0 2025-12-22 17:22
First release - Support alert, upload, health, rpc, audit log types - Support dedicated log parser, log schemas, logger model, datasets, dashboards, and detection rules.
eStreamer
1.1.2512.0 2025-12-19 18:32
Improvements - Added option to include original logs in collectors and extended commands - Fixed error message display
Google Workspace
1.8.2512.0 2025-12-19 18:14
Added raw log inclusion option to activity log-related extended commands - Added raw option to google-workspace-admin-logs, google-workspace-drive-logs, google-workspace-login-logs, google-workspace-meet-logs, google-workspace-chat-logs commands - When enabled, raw data is included in the line field as a JSON string Added option to include raw logs in the Activity Log Collector - Added `include_event_raw` option to control whether raw logs are collected When reinstalling the app, please deactivate the Google Workspace app first before proceeding with the upgrade.
AbuseIPDB
1.3.2512.0 2025-12-19 14:54
Improvements - Improved error display when API key authentication fails - Changed connect profile option to optional when executing batch commands
ML Rules
1.2.2512.1 2025-12-19 11:01
Improved compatibility with Sonar - Requires experimental app version 1.6.2510.0 or higher (uses log command) - Requires **Logpresso Sonar 4.0.2502.0** or higher
ML Rules
1.2.2512.0 2025-12-19 10:57
Support #react2shell tagging - Requires experimental app version 1.6.2510.0 or higher (uses log command) - Requires **Logpresso Sonar 4.0.2507.0** or higher
ML Rules
1.1.2510.1 2025-12-19 10:57
Fix false positives for #command_injection related to simple template variable references - Requires experimental app version 1.6.2510.0 or higher (uses log command) - Requires **Logpresso Sonar 4.0.2507.0** or higher