Product

Nebulog: What's New in Nebulock

Damien Lewke

Founder & CEO

Feb 9, 2026

On This Page

Welcome to Nebulog! This round up includes key product updates that strengthen your threat hunting capabilities. This month, we have a new Insights page with an insider threat component, cloud integrations, additional detection coverage, and more.

Insights Dashboard

We've released a new Insights dashboard that surfaces key hunting metrics for your organization. The dashboard includes:

Volume of signals generated in your environment and findings created from those signals
Deployed Detection Rules created by your team or Nebulock
New Detection Rules from Nebulock Hunters

Insider Threat Component

We added an insider threat component to Insights, starting with anomalous file creation detection. You can view per-host anomalous file creation events and expand the view for a graphical timeline analysis where the vertical bars are interactive.

Hunt from Findings

Users now have the ability to multithread hunts without losing context in a current hunt. When performing a hunt, you can pivot a new hunt with one click using the Hunt Finding button to investigate the finding further.

New Integrations

AWS CloudTrail

By integrating CloudTrail with Nebulock, you can hunt across endpoint, identity, and cloud telemetry to identify privilege escalation, persistence, and lateral movement. You can also pivot to writing behavioral detections across these data sources.

SIEM Egress Support

We've added an egress integration with Microsoft Sentinel giving you flexibility in how you route detections and findings to your existing security stack.

More details on these integrations and our full list of integrations are here.

Detection Coverage Expansion

Detection coverage now extends to IAM and cloud telemetry. You can write behavioral detections across your entire environment, from CrowdStrike endpoints to AWS CloudTrail and Microsoft Entra ID.

SOC 2 Type II

In case you missed it, we recently completed our SOC 2 Type II audit with our report. Security remains fundamental to how we build Nebulock and deliver agentic threat hunting to our customers. Visit our Trust Center for more on our security approach.

April 3, 2026

Hunting Supply Chain Compromises LiteLLM & Axios

Supply chain attacks are not new. What is new is the pace and the precision. In the recent Axios and TeamPCP campaigns, we have different actors, different tooling, but the same fundamental constraint: both must install through package managers, execute outside the language runtime, access credentials, persist, and communicate externally. Each step leaves a behavioral trace that outlasts any IOC list.

Hunt Mode

March 18, 2026

Vespyr: Your Autonomous Hunter

Autonomous hunting means the agent doesn't wait for a user directive. It monitors global intelligence, determines what's relevant to your environment, scopes and executes the hunt, and delivers findings without anyone having to kick it off. The human reviews, validates, and acts. The agent does everything before that.

Product

February 18, 2026

Hunting the Notepad++ Update Hijack

Software supply chain attacks have shifted from occasional, high-profile incidents into a repeatable and increasingly preferred intrusion technique and the Notepad++ incident is the latest evolution. This gives hunters a case for looking at deviations from behavioral baselines.

Hunt Mode

Find hidden threats between the layers

Beacuse breaches happen in silence

Get a Demo