-
tomas.kracmar released this
2026-04-22 06:30:20 +00:00 | 34 commits to main since this releaseWhat's New
Saved Searches (Bookmarks)
- Save filter combinations with a name and recall them instantly.
- Save filters button in the filters panel.
- Saved searches appear as pill chips — click to apply, × to delete.
- Scoped per user (
created_byfrom tokensub).
AI Event Explanation with GUID Resolution
- New
POST /api/events/{id}/explainendpoint sends an event + related events to the LLM for a security-focused explanation. - GUID resolution: extracts UUIDs from the raw event and resolves them via Microsoft Graph (users, groups, service principals, devices) before sending to the LLM.
- The LLM now sees human-readable names instead of raw GUIDs.
Operation-Level Privacy Gating
- Replaced broad service-level blocking with fine-grained operation-level privacy controls.
PRIVACY_SENSITIVE_OPERATIONShides specific operations (e.g.MailItemsAccessed,Send,Search-Mailbox) across all services.PRIVACY_SERVICESstill available for broad service-level blocking if needed.- Both gated by
PRIVACY_SERVICE_ROLES(e.g.SecurityAdministrator,ComplianceAdministrator). - Unauthorized users still see admin actions like
Add-MailboxPermissionandSet-Mailbox, but not email reading/sending logs.
UI Polish
- Teams added to default noisy service exclusion alongside Exchange and SharePoint.
- Filter state persisted to
localStorageand restored on reload. - Result pills now treat
"True"as green (success). - Copy and Explain buttons in the raw event modal.
Upgrade Notes
docker compose pull && docker compose up -dOptional: configure privacy gating in
.env:PRIVACY_SENSITIVE_OPERATIONS=MailItemsAccessed,Search-Mailbox,Send,ChatMessageRead PRIVACY_SERVICE_ROLES=SecurityAdministrator,ComplianceAdministratorDownloads