Nebulog: What's New in Nebulock

Written by:

Damien Lewke, Founder & CEO

Published on:

Feb 9, 2026

On This Page

Welcome to Nebulog! Each month we’ll share key product updates that strengthen your threat hunting capabilities. This month, we have a new Insights page with an insider threat component, cloud integrations, additional detection coverage, and more.

Insights Dashboard

We've released a new Insights dashboard that surfaces key hunting metrics for your organization. The dashboard includes:

Volume of signals generated in your environment and findings created from those signals
Deployed Detection Rules created by your team or Nebulock
New Detection Rules from Nebulock Hunters

Insider Threat Component

We added an insider threat component to Insights, starting with anomalous file creation detection. You can view per-host anomalous file creation events and expand the view for a graphical timeline analysis where the vertical bars are interactive.

Hunt from Findings

Users now have the ability to multithread hunts without losing context in a current hunt. When performing a hunt, you can pivot a new hunt with one click using the Hunt Finding button to investigate the finding further.

New Integrations

AWS CloudTrail

By integrating CloudTrail with Nebulock, you can hunt across endpoint, identity, and cloud telemetry to identify privilege escalation, persistence, and lateral movement. You can also pivot to writing behavioral detections across these data sources.

SIEM Egress Support

We've added an egress integration with Microsoft Sentinel giving you flexibility in how you route detections and findings to your existing security stack.

More details on these integrations and our full list of integrations are here.

Detection Coverage Expansion

Detection coverage now extends to IAM and cloud telemetry. You can write behavioral detections across your entire environment, from CrowdStrike endpoints to AWS CloudTrail and Microsoft Entra ID.

SOC 2 Type II

In case you missed it, we recently completed our SOC 2 Type II audit with our report. Security remains fundamental to how we build Nebulock and deliver agentic threat hunting to our customers. Visit our Trust Center for more on our security approach.

February 18, 2026

Hunting the Notepad++ Update Hijack

Software supply chain attacks have shifted from occasional, high-profile incidents into a repeatable and increasingly preferred intrusion technique and the Notepad++ incident is the latest evolution. This gives hunters a case for looking at deviations from behavioral baselines.

February 3, 2026

Hunting OpenClaw and Agentic AI Through Behavior

This Hunt Mode breaks down the behaviors that give away OpenClaw (formerly ClawdBot / MoltBot), regardless of how it is packaged, renamed, or delivered.

January 28, 2026

coreSigma: Developing an Endpoint Security Framework Pipeline

The need for standardized macOS detection capabilities is clear. Based on the response to introducing coreSigma, we wanted to make it even easier for the community to gain additional macOS observability and implement their own macOS detections in their environment. That’s why we’ve made coreSigma publicly available in the Nebulock GitHub repository.

Find hidden threats between the layers

Beacuse breaches happen in silence

Get a Demo