nebulock banner
Back to Blog

Nebulog: What's New in Nebulock

By
Damien Lewke
February 9, 2026

Welcome to Nebulog! Each month we’ll share key product updates that strengthen your threat hunting capabilities. This month, we have a new Insights page with an insider threat component, cloud integrations, additional detection coverage, and more.

Insights Dashboard

We've released a new Insights dashboard that surfaces key hunting metrics for your organization. The dashboard includes:

  • Volume of signals generated in your environment and findings created from those signals
  • Deployed Detection Rules created by your team or Nebulock
  • New Detection Rules from Nebulock Hunters

Insider Threat Component

We added an insider threat component to Insights, starting with anomalous file creation detection. You can view per-host anomalous file creation events and expand the view for a graphical timeline analysis where the vertical bars are interactive.

Hunt from Findings

Users now have the ability to multithread hunts without losing context in a current hunt. When performing a hunt, you can pivot a new hunt with one click using the Hunt Finding button to investigate the finding further.

New Integrations

AWS CloudTrail

By integrating CloudTrail with Nebulock, you can hunt across endpoint, identity, and cloud telemetry to identify privilege escalation, persistence, and lateral movement. You can also pivot to writing behavioral detections across these data sources.

SIEM Egress Support

We've added an egress integration with Microsoft Sentinel giving you flexibility in how you route detections and findings to your existing security stack.

More details on these integrations and our full list of integrations are here.

Detection Coverage Expansion

Detection coverage now extends to IAM and cloud telemetry. You can write behavioral detections across your entire environment, from CrowdStrike endpoints to AWS CloudTrail and Microsoft Entra ID.

SOC 2 Type II

In case you missed it, we recently completed our SOC 2 Type II audit with our report. Security remains fundamental to how we build Nebulock and deliver agentic threat hunting to our customers. Visit our Trust Center for more on our security approach.

Nebulock logo
Written by
Damien Lewke
Hunting the Notepad++ Update Hijack
Hunting the Notepad++ Update Hijack
Nebulog: What's New in Nebulock
Nebulog: What's New in Nebulock
Hunting OpenClaw and Agentic AI Through Behavior
Hunting OpenClaw and Agentic AI Through Behavior
coreSigma: Developing an Endpoint Security Framework Pipeline
coreSigma: Developing an Endpoint Security Framework Pipeline
Hunting DigitStealer: Behaviors That Give Away macOS Infostealers
Hunting DigitStealer: Behaviors That Give Away macOS Infostealers
CVE-2025-55182: Finding Behaviors That Give Away React Server Components RCE
CVE-2025-55182: Finding Behaviors That Give Away React Server Components RCE
The Agentic Threat Hunting Framework
The Agentic Threat Hunting Framework
Vibe Hunting: Outcome-Driven Threat Hunting
Vibe Hunting: Outcome-Driven Threat Hunting
coreSigma: Expanding Sigma Detection for macOS
coreSigma: Expanding Sigma Detection for macOS
Why I Joined Nebulock
Why I Joined Nebulock
Introducing Nebulock: Agentic Threat Hunting for Everyone
Introducing Nebulock: Agentic Threat Hunting for Everyone
previous
Nebulog: What's New in Nebulock
next
Nebulog: What's New in Nebulock

Subscribe Now

Get the latest Nebulock news direct to your inbox