Skip to content
Request a Demo
All posts

BitLyft AIR® v1.27: Custom Policies and New Features

bitlyftair-v1.27
Picture of BitLyft Team By  BitLyft Team  ·  2 minute read

Security teams need two things that are hard to deliver at the same time: flexibility to detect what matters to their environment, and speed to investigate what matters in the moment. Out-of-the-box detections cover the common ground, but every organization has activity that is unique to their users, tenants, tools, and business processes. And every investigation has that point where an analyst asks, "what is actually going on here?" and needs an answer faster than a manual query can provide it.

BitLyft AIR® v1.27 delivers on both fronts with two major additions: Custom Policies, which let teams define their own detection logic inside AIR®, and Ask Noah, BitLyft AIR®'s new AI-powered assistant for search and case investigation.

Custom Policies: Detection on Your Terms

BitLyft AIR® already ships with a deep library of out-of-the-box policies covering Microsoft 365, identity providers, cloud platforms, endpoint tools, and more. With v1.27, security teams can now go further and build their own policies tailored to their environment, their users, and the activity they care about most.

The new Custom Policy builder gives users full control over how cases get created. Teams can:

  • Define a custom name, description, category, severity, and status
  • Select the relevant log source and event type
  • Build detection logic against normalized log fields
  • Choose when to create a case, either on every matching event or after multiple matching events within a defined time window
  • Add custom metadata fields for additional context
  • Expose metadata fields to automations and notifications
  • Control which fields appear in notifications

A built-in validation panel confirms each policy is ready before saving by checking required fields, name uniqueness, detection logic syntax, threshold values, and custom metadata configuration. No more guessing whether a rule will fire correctly the first time it runs.

The result: AIR® can now detect security-relevant behavior that is specific to your business, not just the common patterns shared across every customer.

Ask Noah: Plain-English Investigations, Built In

The other half of v1.27 introduces Ask Noah, BitLyft AIR®'s first AI-powered assistant. Ask Noah is designed to help analysts, IT staff, and security operators move faster by turning plain-English questions into useful searches, summaries, and investigative next steps.

This first release of Ask Noah is available in two places inside AIR®.

Ask Noah in Log Search

From Log Search, users can now ask Noah questions in plain English instead of building query logic by hand. Questions like:

  • "What has this user been up to in the last 24 hours?"
  • "Show me recent failed logins for this user."
  • "Find activity from this IP address."
  • "Look for suspicious authentication activity."

Noah generates the search, runs it, and summarizes what the results show. Analysts get to relevant activity faster, and team members who do not know the exact query syntax can still pull meaningful answers out of AIR®.

Ask Noah in Case View

Ask Noah is also available from within any case. From the Case View, users can ask Noah to:

  • Summarize the case
  • Identify important activity related to the case
  • Find similar cases
  • Suggest useful pivot searches
  • Help decide where to investigate next

This first release is focused on helping users understand case context quickly and identify logical next steps during an investigation, cutting down the time it takes to get from "a case was created" to "here is what we should do about it."

More Flexibility. Faster Answers.

Together, Custom Policies and Ask Noah give security teams more of what they have been asking for:

  • Detection tailored to their environment, not just shared patterns
  • Investigation accelerated by AI, with plain-English access to search and case context
  • Confidence that policies are configured correctly before they go live
  • Less manual work for every analyst, on every case

BitLyft AIR® v1.27 makes the platform more yours and more responsive than ever.

Availability

Custom Policies are available as part of the v1.27 release for users with the appropriate permissions.

Ask Noah is rolling out to select tenants at launch and will expand to additional tenants over time.

Learn More

To see Custom Policies and Ask Noah in your environment, book a 15-minute walkthrough.

Book a Demo