What’s New
This release brings significant improvements across the CyberOptix platform, including two new AI-powered agents for SOC and vulnerability analysis, native Jira integration, a rebuilt code scanner and vulnerability management system, expanded AWS and Azure coverage, enhanced SIEM search capabilities, role-based file access control, a redesigned overview dashboard, and identity provider management.
—
AI-Powered SOC Agent
Say goodbye to alert fatigue. The new CyberOptix SOC Agent is an AI-powered analyst that works around the clock, triaging alerts, correlating incidents, and surfacing what actually matters. It ingests logs from your SIEM, maps activity to the MITRE ATT&CK framework, and delivers analyst-grade assessments in seconds.
With new FortiGate / Fortinet collector support, the SOC Agent now covers even more of your network security stack. This isn’t just automation, it’s like adding a senior analyst to your team that never sleeps.
—
AI-Powered Vulnerability Analysis Agent
Introducing the CyberOptix Vulnerability Agent, your AI-driven engine for making sense of vulnerability noise. The Vuln Agent automatically analyzes findings across DAST, SAST, SCA, network, and cloud scans, prioritizes what’s actually exploitable in your environment, and delivers contextualized recommendations.
It runs continuously through a dedicated analysis pipeline with built-in deduplication, so your team spends less time sorting spreadsheets and more time remediating real risk. Enable it per-organization with per-user approval tracking so you stay in full control of when and how AI is applied.
—
Introducing Jira Integration
We’re excited to announce that CyberOptix now integrates directly with Jira. Connect your Jira instance via OAuth and start bridging the gap between your security team and your engineering workflows. Here’s what you get out of the box:
- Automated ticket creation: Vulnerabilities and findings automatically generate Jira tickets, no copy-pasting, no context switching.
- Ticket rules engine: Configure specificity-based routing rules to send the right tickets to the right Jira projects automatically. Route by severity, scan type, business unit, or any combination that fits your workflow.
- Bidirectional comment sync: Comments added in Cyberoptix appear in Jira and vice versa, your security and engineering teams stay aligned in real time without switching tools.
- Automated reconciliation: A background poller continuously syncs ticket status between CyberOptix and Jira, so your vulnerability tracking is always up to date.
- Jira Service Management (JSM) support: Works with both Jira Software and JSM, so IT and security operations teams are covered.
Setup takes minutes, authenticate with OAuth, configure your routing rules, and you’re live.
—
Unified Vulnerability Management – Completely Rebuilt
We’ve rebuilt vulnerability management from the ground up. Vulnerabilities are now organized into dedicated pipelines per scan type, DAST, SAST, SCA, network, cloud, and CVM, delivering faster queries, sharper filtering, and cleaner dashboards. You can now assign vulnerabilities to team members, track status changes, and add comments directly within the platform, giving your team a true workflow for driving remediation.
New clickable aggregation charts with tabbed layouts make it easy to visualize your vulnerability landscape at a glance and drill into exactly what matters.
—
Code Scanner – Rebuilt from the Ground Up
The CyberOptix Code Scanner has been completely rewritten. Here’s what changed:
- SBOM-based dependency checking: The scanner now generates a full Software Bill of Materials for your repositories and checks every dependency against known vulnerability databases. You get true Software Composition Analysis (SCA) with clear visibility into your third-party risk.
- Cleaner, more readable SAST results: We overhauled how static analysis findings are presented. Vulnerabilities now surface with concise descriptions, clear remediation guidance, and better code context, so developers can actually fix what they find without deciphering cryptic scanner output.
- Separate SAST and SCA pipelines: SAST and SCA findings are now processed independently with dedicated task pipelines, giving you cleaner separation and more accurate deduplication.
If your team ran code scans before and drowned in noisy results, give it another look, this is a different experience.
—
Role-Based File Access Control
File uploads just got a serious security upgrade. You can now assign granular access permissions on a per-file basis, controlling exactly who can view, download, or manage uploaded documents. Choose from role-based permissions to restrict access by job function, or use the user picker to grant access to specific individuals.
Whether it’s a pentest report that only leadership should see, or compliance evidence scoped to your audit team, you now have full control over who sees what, right down to the file level.
—
Massive AWS Security Expansion
We’ve added coverage for 24 new AWS services including Lambda, EKS, ECS, DynamoDB, API Gateway, WAF, Secrets Manager, CloudTrail, and many more. On top of that, over 50 new security checks now run automatically, covering security group rules, ELB configurations, IAM policies, storage encryption, VPC flow logs, deprecated Lambda runtimes, ECR image mutability, and more.
Combined with new cross-account role delegation, you can now monitor your entire AWS footprint from a single pane of glass.
—
Azure – Expanded Coverage
New discovery and consumption support for Microsoft Defender for Endpoint (EDR), Entra ID, and Power Platform. If you’re running Microsoft workloads, CyberOptix now has deeper visibility into your identity, endpoint, and low-code environments.
—
SIEM – Full-Text Search & Visualizations
The SIEM module now features a powerful search bar with full query syntax support, field picker, autocomplete, and inline syntax help. Pair that with new dynamic aggregation charts and configurable result sizes, and your analysts can hunt through logs faster than ever. We’ve also added support for Azure Intune and M365 Management Activity log sources.
—
Redesigned Overview Dashboard
The main dashboard has been completely redesigned with a new system overview, tabbed asset layout, and SOC activity charts, giving leadership and analysts alike a real-time pulse on your security posture the moment they log in.
—
Identity Provider Management
Manage your SAML identity providers directly from the admin console. Configure domain-based redirects, sync brokered users automatically, and manage IDP lifecycle, all without leaving the platform.
—
Platform-Wide Improvements
- 30-second auto-refresh across all pages, no more manual reloading.
- Server-side search for zones, business units, tags, and subnets with a redesigned filter modal.
- Incident wizard enhancements with linked correlations and MITRE ATT&CK mapping.
- Notification templates with updated Teams setup instructions.
- Circuit breaker and retry improvements for more resilient analytics queries.
- Cron-based scan scheduling for full control over scan timing.
—
We’re shipping fast and building the platform you’ve been asking for. Questions or feedback? Reach out to your account team, we’d love to hear from you.
