Skip to main content

App Release Notes

A summary of key features introduced in each major release over the last two years.

2026

26.3.0 - Mar 17

  • In-App Audit Logs -- Full audit trail of user actions with filtering, CSV export, and configurable retention.
  • System App -- System Overview elevated to a top-level app consolidating node health, jobs, and NQE executions.
  • On-Demand NQE Verification Diffs -- Row-level diffs computed only when requested, eliminating 20-30 min of background work.
  • STIG Quarterly Update (Y25Q4) -- October 2025 DISA STIG updates for Cisco and Juniper platforms.
  • Telemetry -- Anonymized, aggregated usage data collection to improve the product experience.
  • Automatic Device Type Mismatch Detection -- Platform validates device types after collection and self-corrects mismatches.

26.2.0 - Feb 17

  • Automated CVE DB Scheduling -- On-premise deployments can auto-schedule CVE database downloads at predefined intervals.
  • KPI Category Re-Ordering -- Drag-and-drop ordering for KPI categories on the dashboard.
  • Topology Annotations Improvements -- Improved tools for adding and managing annotations on the network topology map.
  • IBM Cloud GA -- IBM Cloud support reaches general availability.
  • Fortinet User ID and Junos Mac-VRF Modeling -- New modeling support for Fortinet User ID and Juniper mac-vrf.

26.1.0 - Jan 22

  • Dark Mode GA -- Dark mode reaches general availability across topology views and code editor.
  • Vulnerability Page Redesign -- Updated filtering and one-click metric-based data filters on the CVE tab.
  • Query Execution Progress Monitoring -- Live progress updates showing queue position, rows processed, and elapsed time.
  • Customer Secrets Encryption using AWS KMS -- Organization-level encryption keys in AWS KMS with BYOK support.

2025

25.12.0 - Dec 16

  • Configuration Snippet History -- Focus config history on isolated snippets instead of full device configs.
  • Onboarding Application -- Centralized onboarding dashboard with Collection Health and Snapshot Health views.
  • Path Grouping with Underlays -- Reduced path groups by consolidating paths differing only in underlay hops.
  • Engagement Dashboard -- Granular reports segmenting user activity by UI vs. API access for usage optimization.

25.11.0 - Nov 18

  • NQE Ordered Collections -- New order by, limit, and list indexing syntax for NQE queries.
  • Cloud Firewall Policies in NQE -- Distributed policies and reusable network objects for AWS, Azure, and GCP.
  • CISA KEV Integration in NQE -- CVE records include a flag showing whether a vulnerability is actively exploited.
  • Hybrid Custom Collection -- Custom command groups can collect via both CLI and SNMP together.

25.10.0 - Oct 21

  • NQE History -- Track how network data changes across snapshots with historical visibility and retention.
  • Dark Mode (Tech Preview) -- Dark mode available across most of the platform.
  • Remote Collector for On-Premises -- Remote collectors for segmented/remote networks with centralized management.
  • Security-Focused Path Search View -- New path search mode highlighting traffic restriction and NAT devices.

25.9.0 - Sep 16

  • Device Config File History -- Chronological config change visualization across snapshots.
  • Diff Insights and Route Diffs -- New Diff Overview dashboard with warnings, change propagation, and routing diffs.
  • Infoblox DDI: Data Preview and Push Logs -- Preview payloads before pushing to Infoblox plus audit trail.
  • Manual Interface Label Overrides -- Reclassify links between data and management types for better topology control.

25.8.0 - Aug 19

  • DNS Zone Transfer -- Pull hostname records from DNS servers for FQDN resolution in snapshots and path checks.
  • CWE and KEV Data in Vulnerability Analysis -- CISA Known Exploited Vulnerabilities and CWE data for risk prioritization.
  • Alkira Cloud Support -- New modeling support for Alkira cloud exchange points and services.
  • Segment Routing v6 on Cisco IOS-XR -- SRv6 support added for Cisco IOS-XR platforms.

25.7.0 - Jul 22

  • Infoblox DDI Integration -- Push discovered network data to Infoblox IPAM as a NetMRI sync replacement.
  • NQE AI Assist Improvements -- New schema retrieval algorithm improves query generation quality by 21%.
  • Streamlined Vulnerabilities Dashboard -- Optimized page with summarized display and per-device detail drawer.
  • STIGs for F5 and Arista -- New F5 BIG-IP TMOS STIGs (86 rules) and partial Arista STIGs support.
  • Selective Execution for Inventory+ Diffs -- Diffs computed on-demand to preserve performance, with manual trigger.

25.6.0 - Jun 17

  • End of Life Analysis for Fortinet Hardware -- EoL expanded to Fortinet hardware platforms.
  • STIGs Update (DISA CY25Q2) -- 28 new rules integrated within the 90-day target.
  • API Publishing -- Classic device operations and device tags operations APIs published.

25.5.0 - May 20

  • Data Files Importing -- Upload CSV, JSON, or text files for use in NQE queries, stored in snapshots.
  • Collector Queues Visibility -- New UI showing collector job queue position, trigger info, and kill operations.
  • API Token Management -- Org admins can set token lifetime, revoke access, and view usage timestamps.
  • Vulnerability Management for Dell OS9 -- Enhanced configuration-based CVE detection for Dell OS-9 devices.

25.4.0 - Apr 22

  • Enhanced CVE Detection Details -- Five distinct vulnerability states for more precise risk assessment.
  • Topology Annotations -- Add shapes and text annotations to location layouts in topology views.
  • Automatic Cloud Account Discovery -- Newly discovered cloud accounts auto-reported with optional auto-add.
  • Custom Commands Flexible Device Selection -- Custom command groups support per-device targeting via glob matching.

25.3.0 - Mar 18

  • OSPF Data in NQE -- OSPF areas, router roles, and neighbor relationships now queryable in NQE.
  • Structured JSON Support in NQE API -- Complex fields returned as proper JSON objects instead of embedded strings.
  • Multi-Valued Column Filtering in NQE -- Select multiple filter values per column in NQE result tables.
  • End of Life for Palo Alto Prisma SDWAN -- EoL analysis expanded to Palo Alto Prisma SDWAN ION devices.

25.2.0 - Feb 18

  • ACL Lifecycle Data -- ACE hit counts, timestamps, and new firewall rule library queries for PANOS devices.
  • Network Endpoints Discovery GA -- Endpoint discovery, collection (SSH, SNMP, HTTP), and analysis in NQE.
  • Data Connectors in NQE -- Streamlined workflow for defining external data sources (HTTP GET, JSON/CSV/text).
  • End of Life Expansion -- EoL analysis added for F5 TMOS, Fortinet FortiOS, and Checkpoint GaiaOS.

25.1.0 - Jan 21

  • SNMP Data Retention up to 30 Days -- Configurable SNMP data retention from 3 to 30 days.
  • Network Endpoints & Data Connectors -- Redesigned UX separating endpoints from external data sources.
  • Faster Cluster Restore -- Platform available immediately during restore while snapshots continue in background.
  • STIGs Updates -- DISA CY24Q4 updates (42 rules) and 145 new F5 STIGs rules.

2024

24.12.0 - Dec 17

  • Alerting on Intent -- In-app and email alerts when intent check devices exceed performance thresholds.
  • Hiding Geographical Links by Type -- Selectively hide IPSec, GRE, and Management links on the topology map.
  • Network Setup Simplification -- Simplified device addition workflow decoupled from discovery functionality.

24.11.0 - Nov 19

  • End of Life Data in NQE -- In-app EoL analysis for Cisco, Arista, Juniper, and Palo Alto operating systems.
  • OSPF Topology Layer -- New OSPF protocol layer visualization for location views.
  • STIGs Export in CKLB Format -- Export STIG results in native format for DISA STIG Viewer 3.0.
  • STIGs for Palo Alto -- Hundreds of new STIG checks covering ALG, IDPS, and NDM benchmarks.

24.10.0 - Oct 17

  • Performance Monitoring on Intent -- Health monitoring on intent verification paths with threshold-based checks.
  • Path Analysis Diffs -- Side-by-side comparison of path query results between two snapshots.
  • Customizable Insights Dashboard -- Personalized dashboards from pre-built widgets with drag-and-resize layout.
  • Client-Secret Encryption Keys -- Per-collector unique encryption keys for SaaS credentials with key rotation.

24.9.0 - Sep 16

  • NQE Doc and Summary AI Assist GA -- Doc AI answers NQE questions conversationally; Summary AI explains queries.
  • Config-based CVE Analysis for Palo Alto -- Distinguish potential vs. actual vulnerabilities on Palo Alto devices.
  • NQE Date and Time Datatypes -- New Duration, Date, and Timestamp datatypes for NQE queries.
  • STIGs Tag-Based Overrides for Juniper -- Tags can override default STIG device role assignments for Juniper.

24.8.0 - Aug 22

  • Forward AI Assist GA -- Natural language to NQE query generation using Forward's fine-tuned LLM.
  • Device-based Access Control with Globs -- Dynamic device access matching via glob patterns.
  • Storage Management Improvements -- Disk space notifications and automatic derived data invalidation.
  • Improved Visual Handling of Access Points -- APs bundled by upstream device connection to declutter topology.

24.7.0 - Jul 11

  • New NQE Query Editor -- Monaco-based editor with mini map, find-and-replace, and variable autocompletion.
  • Custom Webhook Payloads -- JSON and plain text customization with editable keys and supported variables.
  • Resource-Based Access Control -- Per-device access control separating platform role from data access.
  • Collection Back-Fill on Failure -- Back-fill failed device data with last good data (up to 5 days old).

24.6.0 - Jun 13

  • Vulnerability Device-Centric View -- Default view changed to prioritize remediation per device.
  • NQE Library Search Improvements -- Search now covers query code, description, and intent.
  • NQE-based Dynamic Connections for L3 VPN -- Auto-updated L3 VPN synthetic nodes via NQE queries.
  • IP Address Resolution Details -- Search results show resolution details (interface, subnet, route, etc.).

24.5.0 - May 16

  • Network Performance Dashboard -- Five sub-tabs for interface utilization, packet loss, errors, CPU, and memory.
  • Zone to Host Mapping -- End-hosts mapped to firewall security zones in host cards, blast radius, and NQE.
  • Improved Intent Verification History -- Searchable snapshot timeline with visual indicators and config-change diffs.
  • Improved Workspace Creation -- Retention defaults configurable from 1 day to permanent.

24.4.0 - Apr 11

  • Insight Dashboard -- High-level dashboard with Vulnerabilities, Scorecards, and Lay of the Land sections.
  • Multiple Performance Thresholds -- Interface and CPU utilization now support medium and high thresholds.
  • Automated Diff Notifications -- Subscribe to in-app and email notifications for auto-triggered diffs.
  • Backup & Restore -- Support for immutable S3-compatible storage and S3 ownership override via GUI.

24.3.0 - Mar 14

  • Blast Radius with Multiple Sources -- Run blast radius analysis against multiple sources simultaneously.
  • NQE Query History and Diffs -- Navigate older query versions and diff across versions.
  • Improved NQE Data Model Explorer -- Flat search results categorized by type with clickable navigation.
  • NQE Data Model Additions -- Device type classification, collection interface, interface ACLs, and tunnel MACs.

24.2.0 - Feb 15

  • Blast Radius Expanded Sources -- Accept subnets, devices, interfaces, VRFs, and security zones as sources.
  • Config-based CVE Analysis for Cisco -- Distinguish actual vs. potential vulnerabilities on Cisco devices.
  • NQE Query Execution at Specific Commit -- Pin query execution to a specific commit for CI/CD stability.
  • Cloud NQE Queries -- New queries for unallocated VPC CIDRs, AWS public IPv4 costs, and public IPv4 addresses.

24.1.0 - Jan 18

  • CVE Risk Scores and Publish Dates -- CVSS scores and publish dates added to the Vulnerability page.
  • Cisco and Juniper STIGs Completion -- Full coverage with 1,440+ STIG-based NQE queries.
  • Symmetric Path Verification -- Intent verifications can verify return path symmetry.
  • External Data Paginated Collection -- External data import now supports paginated REST endpoints.