What's New in this Release

ai driven security operations (ai soc) turbine 26 0 0 introduces foundational capabilities for ai driven security operations (ai soc), combining traditional soc workflows with ai powered capabilities to accelerate security operations, reduce false positives, and enhance analyst productivity through intelligent automation the ai soc solution integrates hero ai capabilities throughout soc workflows, enabling intelligent alert analysis to determine true/false positives and prioritize threats, automated threat intelligence correlation that synthesizes results from multiple providers, case investigation assistance with ai powered recommendations and remediation guidance, and knowledge management with context aware access to procedures and best practices these experiences are powered by hero ai deep agents the investigation and response agent assists analysts in triaging and investigating incoming signals, the playbook generator agent helps create playbooks to automate and streamline investigation and response workflows, and the ingestion agent accelerates onboarding by connecting to third party apis to ingest alerts and signals ai soc ingestion makes it faster to connect sources and bring alerts and signals into ai soc, reducing time to value from the alert or security event view, analysts can kick off playbook creation to streamline investigation and response workflows these capabilities are delivered through hero ai and core platform enhancements in this release, enabling ai assisted security automation workflows playbook generator agent hero ai companion now supports playbook building mode, enabling users to generate and modify playbooks using natural language users can describe their automation needs in plain text or provide a complete text runbook, and playbook generator agent will create the corresponding playbook flow automatically the playbook builder uses ai agents powered by claude code sdk to understand requirements, search for appropriate components from the tenant and marketplace, and generate valid turbine playbook json that follows schema specifications the playbook gererator handles complex playbook structures including triggers, actions, conditional logic, loops, variable management, and error handling when a playbook flow is being generated or updated, canvas is automatically placed in a disabled state to prevent conflicting changes once generated, users can refine playbooks using natural language or manually edit them using canvas features generated playbooks are automatically validated to ensure they are executable, and comprehensive error handling with detailed messages and retry capabilities ensures a smooth experience even when encountering rate limiting, token limits, or generation failures this feature significantly reduces the time and expertise required to build complex automation workflows, making playbook creation accessible to users of all technical levels for more information, see docid\ hvrzctyqyv7h6oz3bb0wo full screen mode for code editor code editors across the platform now support full screen mode, making it easier to work with long or complex scripts users can expand the editor for more workspace and switch back to the regular view when done this capability is available in all code editors for a consistent experience across platform the feature is fully configurable, if a user prefers not to display the expand icon, it can be turned off switching between views is quick and simple, helping orchestrator stay focused and work efficiently view sub component run details in the playbook test console users can now view component error messages and run details directly from playbook runs previously, when a component failed, there was no way to see the underlying error or execution details the playbook run now includes links to the corresponding component run, allowing users to access error messages and execution details without navigating away from the playbook run view this improvement provides better visibility into playbook execution and makes troubleshooting component failures more efficient, reducing the time needed to diagnose and resolve issues receive and manage notifications directly within applications turbine now supports real time, in app notifications triggered through notification actions, helping teams stay informed without relying solely on email and respond faster to critical incidents directly within the platform notifications are displayed per tenant by default, with the ability to view notifications across all tenants providing greater oversight when configured with a link, notifications can take users directly to the relevant record or playbook, enabling faster investigation and action a new notification usage dashboard provides visibility into notification activity, including how many notifications were sent from a specific action and how many were delivered to individual users this helps teams monitor usage and adjust, especially important as email notification limits apply users can manage their notification preferences in their profile settings and choose to receive in app notifications, email notifications, or both for more information, see docid\ udxf9o vxfs9o uloagtv and docid\ wg9lf7ksq7ikfdidmdufs improved ssp content migration turbine 26 0 0 offers re architected and rewritten ssp import/export functionality to significantly improve reliability, data integrity, and overall performance when moving ssp content between tenants and environments this improvement ensures smoother ssp import and exports, clearer error handling, and more efficient content transfers across turbine major improvements stronger data integrity controls the system properly updates linked content when updated/deleted the system routinely performs clean up jobs ensuring data integrity ssps no longer fail on orphaned content (i e playbooks referencing components that do not exist) clearer, actionable error messages error messages now show the names of missing components, not just their idsrequired actions to proceed with import/export are clearly indicated optimized import performance with progress visibility performance has been significantly enhanced through the implementation of batch processing and parallel processing a progress spinner has been added to the import flow to display the overall import status and percentage completion for each step these updates make ssp import/export more predictable, stable, and efficient for both enterprise and mssp customers scim support for additional identity providers turbine's scim (system for cross domain identity management) integration now supports jumpcloud and ping identity, expanding on our existing okta support to make user and group management even more seamless scim enables automated user provisioning, deprovisioning, and group management between identity providers and turbine, reducing administrative overhead and ensuring consistent access control for more information, see docid\ bloqrtsr4dcwvwvzezs5d and docid\ xsmfd aiwemv2bht1rz4e