Security teams need two things that are hard to deliver at the same time: flexibility to detect what matters to their environment, and speed to investigate what matters in the moment. Out-of-the-box detections cover the common ground, but every organization has activity that is unique to their users, tenants, tools, and business processes. And every investigation has that point where an analyst asks, "what is actually going on here?" and needs an answer faster than a manual query can provide it.
BitLyft AIR® v1.27 delivers on both fronts with two major additions: Custom Policies, which let teams define their own detection logic inside AIR®, and Ask Noah, BitLyft AIR®'s new AI-powered assistant for search and case investigation.
BitLyft AIR® already ships with a deep library of out-of-the-box policies covering Microsoft 365, identity providers, cloud platforms, endpoint tools, and more. With v1.27, security teams can now go further and build their own policies tailored to their environment, their users, and the activity they care about most.
The new Custom Policy builder gives users full control over how cases get created. Teams can:
A built-in validation panel confirms each policy is ready before saving by checking required fields, name uniqueness, detection logic syntax, threshold values, and custom metadata configuration. No more guessing whether a rule will fire correctly the first time it runs.
The result: AIR® can now detect security-relevant behavior that is specific to your business, not just the common patterns shared across every customer.
The other half of v1.27 introduces Ask Noah, BitLyft AIR®'s first AI-powered assistant. Ask Noah is designed to help analysts, IT staff, and security operators move faster by turning plain-English questions into useful searches, summaries, and investigative next steps.
This first release of Ask Noah is available in two places inside AIR®.
From Log Search, users can now ask Noah questions in plain English instead of building query logic by hand. Questions like:
Noah generates the search, runs it, and summarizes what the results show. Analysts get to relevant activity faster, and team members who do not know the exact query syntax can still pull meaningful answers out of AIR®.
Ask Noah is also available from within any case. From the Case View, users can ask Noah to:
This first release is focused on helping users understand case context quickly and identify logical next steps during an investigation, cutting down the time it takes to get from "a case was created" to "here is what we should do about it."
Together, Custom Policies and Ask Noah give security teams more of what they have been asking for:
BitLyft AIR® v1.27 makes the platform more yours and more responsive than ever.
Custom Policies are available as part of the v1.27 release for users with the appropriate permissions.
Ask Noah is rolling out to select tenants at launch and will expand to additional tenants over time.
To see Custom Policies and Ask Noah in your environment, book a 15-minute walkthrough.