We identified an issue that caused an increase in false alerts from a subset of Threat Detection Rules. To prevent additional noise, we temporarily paused the affected alerting while we confirmed the cause and deployed a fix. The hotfix has now been fully deployed, and the affected detections are operating normally again.
Posted Jan 24, 2026 - 01:15 UTC
Update
Fix Deployment in Progress
Actions Taken: • 17:30 UTC (Completed): Suspended the impacted detection rules to prevent additional false positive alerts. • 20:00 UTC (Completed): Confirmed the root cause as an upstream ASN data update that changed ASO naming and triggered detections. • Ongoing (In Progress): Deploying a hotfix to update detection logic and align with the updated naming.
Posted Jan 23, 2026 - 19:48 UTC
Monitoring
We are addressing a surge in detections related to IP-ASO rules (for example, activity outside AWS, Azure, or GCP). This was triggered by changes in ASO naming conventions.
Actions Taken: • 16:30 UTC (Completed): Impacted detection rules have been suspended to prevent further false positive alerts. • 17:15 UTC (In Progress): Our team is currently investigating the root cause of the ASO name changes and identifying all affected variations. • Ongoing (In Progress): We are developing a logic update to account for the new ASO names. The rules will be resumed once the update is validated and released.