Security teams need better context, faster answers, and the ability to act without bouncing between tools. Every second spent figuring out why a case was triggered, or pivoting out to look up an IP, is a second longer attackers have to operate.
With BitLyft AIR® v1.26, we're sharpening the platform across three areas that matter most to analysts: clearer case notifications, a native CrowdStrike integration for endpoint detection and response, and automatic case enrichment with IP reputation and geolocation data.
The result is faster triage, stronger endpoint coverage, and less manual work on every investigation.
Case email notifications have been redesigned to give teams the context they need before they log into AIR®.
Instead of a basic "a case was created" message, notifications now include clear details on why the case was triggered and what's behind it. Analysts, IT staff, and stakeholders can quickly determine whether a case needs immediate attention or can wait for normal review.
Key benefits:
BitLyft AIR® v1.26 introduces a native CrowdStrike integration, expanding AIR®'s endpoint visibility and automated response capabilities.
AIR® can now collect CrowdStrike logs, evaluate that activity against new built-in policies, and execute response actions directly through AIR® playbooks — whether automated or analyst-driven.
This release includes:
Malware Persistence on Host — Detects repeated observations of malicious files or processes on a single endpoint, surfacing signs of unauthorized access, incomplete remediation, or attackers maintaining a foothold. (MITRE: Persistence — TA0003)
Malware Spread — Identifies malicious files or processes appearing across multiple hosts within a short timeframe, helping teams catch lateral movement and contain outbreaks before they widen. (MITRE: Lateral Movement — TA0008)
With 29 new response actions, AIR® can now drive CrowdStrike directly from a case.
IT and operations workflows are covered too — user lifecycle management, watchlist cleanup, RTR session management, and stopping in-flight searches, all triggerable from AIR®.
Every case in BitLyft AIR® is now automatically enriched when IP-related observables are present, thanks to new integrations with AbuseIPDB and IpGeolocation.io.
That means analysts no longer have to break their flow to look up an IP address. Reputation scores, abuse reports, and geolocation details appear directly inside the case — ready to inform triage and prioritization.
Key benefits:
With v1.26, BitLyft AIR® continues to expand the value security teams get from a single, automated platform:
BitLyft AIR® v1.26 helps security teams move faster, investigate smarter, and respond with confidence, without leaving the platform.
To see how BitLyft AIR® automates detection, enrichment, and response across endpoints, identity providers, and cloud platforms, book a 15-minute demo.