Burrow Release Notes

Notable changes to the Burrow security and audit layer of Squirrel. Customer-facing release notes — updates that affect what you see, do, or rely on in the dashboard and email.

Burrow ships as continuous deploy — there are no versioned releases. Entries below are dated and describe the change in customer-observable terms.

2026-06-30

A batch of usability and reliability improvements:

• Identity dossier AI summary card now visible. The 2 to 4 sentence AI summary of each user's typical behaviour now appears at the top of the Profile tab on the Identity dossier. Previously the dashboard was not surfacing the summary even though it was being generated.
• Forage "Search this entity" button on cold-storage jobs. Every READY rehydrate row in the Cold Storage panel now has a one-click blue button that auto-fills the User filter, populates the date range to span the rehydrated months, and runs the Forage search. No more retyping entity names after a rehydrate completes.
• Top MITRE tab populates correctly. The Top MITRE tab on the Burrow home page now shows real adversary-technique counts for the lookback window (T1078 Valid Accounts, T1486 Data Encrypted for Impact, etc.). Previously the tab showed "No data" due to a tag-handling issue.
• Entity exceptions now suppress emails immediately. When you add a Suppress entity exception, the very next detection pass picks it up and per-alert emails (plus consolidated incident card emails) skip the matching alerts. Previously there was a brief window where new alerts could email even though the exception was loaded. Every suppression is journaled in the suppression journal with the reason for audit.
• Search button on Identities page replaces type-as-you-go. Typing in the search box no longer fires a query per keystroke. Press Enter or click Search to submit — feels faster and avoids partial-input flicker.
• Identities page filter no longer leaks service-account rows. Searching for a user no longer accidentally returned app@sharepoint* rows alongside the intended match. Multiple defence-in-depth fixes applied.
• Cold-storage rehydrate stability improvements. Three reliability fixes: failed jobs now stop and report instead of looping indefinitely; status is preserved across the full job lifecycle; failure logs are more diagnosable.
• Forage handles single-result searches correctly. Searches that returned exactly one matching user no longer occasionally produced a client-side error on the aggregate cards. Backend and frontend both made defensive.
• Audit collection chunked catch-up. After an outage, Burrow now collects historical events in chunks back-to-back, producing live alerts progressively as catch-up runs. Memory stays bounded regardless of gap size.
• Audit collection retries transient errors. Microsoft-side 5xx, 429, and timeout errors on individual audit blobs are now retried up to three times with backoff. Truly-lost data is logged distinctly so operators can see what was unrecoverable.
• Weekly briefing now auto-runs. The Monday morning executive briefing generates and emails automatically every week at around 06:00 local. Previously required a manual trigger.
• Ransomware rule co-authoring false-positive fix. Multi-user Office co-authoring (Excel, PowerPoint, Word) was occasionally tripping the ransomware_signature rule. A ratio gate now distinguishes real ransomware (many files, ~1 modification each) from co-authoring (few files, many modifications each).

Earlier

Before June 2026:

• The five-posture detection-tuning model (Permissive / Relaxed / Balanced / Strict / Paranoid) shipped, with per-rule overrides on top.
• The deterministic-rules-plus-AI-narration architecture became the default across alerts, investigations, and the weekly briefing — with the AI safety check verifying every number and name against the source data.
• The Suggestions panel on the Rules page began surfacing tuning recommendations based on operator disposition patterns.
• The daily pattern escalation summary was introduced, replacing N raw per-alert emails for a noisy user-day with one consolidated summary.
• Per-alert Chat persistence between SOC shifts was added.

For changes older than the entries above, contact support@smikar.com — engineering keeps a full change history.

Need help? support@smikar.com.