You can now use new endpoints to help programmatically manage content by importing and exporting a list of rules as well as by viewing all analytics rules and associated attributes.

• Detection Management > Export a list of analytics rules
• Detection Management > Import a list of rules
• Detection Management > Get all analytics rules and their attributes

📘

A maximum of 50 rules can be exported or imported at a time.

You can now use the following endpoints to view events associated to a trigger.

• Threat Center > Get alert details
• Threat Center > Get case details

📘

Only the last event will be included if there are multiple triggers (numeric or correlation rule).

You can now use new endpoints to help programmatically manage content by importing a list of correlation rules as well as exporting a list of correlation rules definitions based on the provided rule IDs.

• Correlation rules > Import a list of correlation rules
• Correlation rules > Export a list of correlation rule definitions

📘

A maximum of 50 rules can be exported at a time.

You can now use existing endpoints to define multiple recurrence patterns for correlation rules with the introduction of a new scheduleConfig property.

• Correlation rules > Get a list of all correlation rules
• Correlation rules > Create a new correlation rule
• Correlation rules > Get correlation rule details
• Correlation rules > Update a correlation rule

Recurrence patterns include several recurrence types (Daily, Weekly, Monthly, Custom). This offers granular control over when correlation rules are active, including specific times, days of the week, or days of the month.

You can now use new endpoints to retrieve a list of notes associated with a specified caseId and also add a new note to a specified case.

• Cases > List notes for a case
• Cases Create a note for a case

This will improve the experience of viewing and update cases.

You can now use a new endpoint to retrieve information about license details:

• License Consumption > Fetch license details and consumptions

This will help to monitor and manage your license entitlement and consumption effectively.

To support the new, improved versions of these endpoints, the following Threat Center endpoints will be supported for 6 months until April 15, 2026, after which they will be deprecated:

• Cases > Update case details (DEPRECATED)
• Cases> Create a new case (DEPRECATED)

We recommend updating your integrations to use the new enhanced endpoints as soon as possible to avoid disruption.

You can now use improved versions of the following Threat Center endpoints:

• Cases > Update case details
• Cases > Create a new case

These endpoints offer new options for case closure and context and now support validated closedReason values — ensuring consistency and accuracy as well as a new supportingReason free text field — allowing you to provide additional context when closing cases. These improvements help streamline case management and improve data quality across your workflows.

As such, the previous versions of these endpoints, Update case details (DEPRECATED) and Create a new case (DEPRECATED) will be supported for 6 months until April 15, 2026, after which they will be deprecated.

You can now use the following endpoints for Cloud Collector configuration and account status:

• Configs > Get Cloud Collector list
• Configs> Get Cloud Collector Config details
• Accounts> Get Cloud Collector Account list
• Accounts> Get Cloud Collector Account details

These endpoints allow you to retrieve collector and account instances as well as View details of a specific account or a specific collector (including status and recent errors).

You can now delete one or more records directly from an existing custom context table via a new public API:

• Context Management > Delete records from an existing custom context table

To delete records from a custom table, specify the values from the primary key column in the request body.