What’s Changed
This release introduces the new Sandbox Result Section that makes sandbox execution output easier to read, understand, and investigate.
-
New Multi-Tab Results Layout
Multiple standalone tables have been consolidated into a tab-based layout, reducing excessive scrolling while preserving relationships between data.
Processes, network flows, and signature hits are now presented side by side in a unified view, with all information directly tied back to process execution. This allows users to quickly understand activity without jumping between disconnected sections. -
Enhanced Process Tree & Contextual Filtering
The Process Tree now clearly visualizes parent-child relationships and execution flow. Selecting a process automatically filters related processes, network flows, and signature hits in the corresponding tables, providing immediate context for a process’s behavior.
Interactive highlighting reinforces relationships between processes, network indicators, and signatures, enabling seamless pivoting within the results. -
Workflow & Table UI Improvements
Priority and Status columns in the Workflows table have been updated to use consistent Chip components, and DivTable headers have been adjusted for better contrast in both dark and light modes. -
Improved Navigation & Form Behavior
Retrohunt result navigation now preserves search queries and filters when opening files, and the Service Detail page no longer enters a modified state when inputs are blurred without actual changes. -
Dependency Upgrade
react-json-viewhas been upgraded to fix incorrect collapsing behavior for sparse arrays.
Added
- Sandbox Result Section
- Introduced a new Sandbox Result Section composed of a Process Tree and a tab-based result viewer for processes, network flows, and signature hits.
- All sandbox artifacts are normalized and correlated through process identifiers (PIDs), allowing deterministic relationships between execution flow, network activity, and detection events.
- The Process Tree acts as the primary context driver: selecting one or more nodes applies contextual filtering across all tabs, ensuring only related artifacts are displayed.
- A shared highlighting and selection state is used across the Process Tree and tabbed views to visually reinforce relationships between PIDs, network indicators, and signature matches.
- The tab system replaces nested or duplicated tables by rendering each artifact type in isolation while preserving cross-section linkage through shared filters and highlight states.
- Designed to be extensible, enabling future additions (e.g., file operations or registry activity) without altering the core interaction model.
Changed
-
Workflows Table UI
Updated the Priority and Status columns to use the same Chip components as the Alert Event Record for better visual clarity and consistency. -
DivTable Styling
Adjusted the header color to appear lighter in dark mode (and darker in light mode) to improve distinction between header and content rows. -
Service Detail Page Behavior
Added a guard to prevent entering the “modified” state when blurring inputs without actual value changes.
Fixed
- Retrohunt Navigation
Fixed the Hits table row click behavior to preserve search queries and filters when navigating to a file.
Dependencies
- React JSON View → v1.27.1 (from v1.26.2)
Fixed incorrecttoggleCollapsedbehavior when handling sparse arrays.