Stay up to date with the latest features, improvements, and fixes in LiteSOC.
v2.2.0April 30, 2026Latest
Executive Security PDF Report — Full Overhaul
A complete rebuild of the Executive Security Report PDF. The report is now a professional, 8-page audit-grade document featuring infrastructure data from Sentinel, LiteSOC AI insights, a date-range trend chart, forensic intelligence, an anomaly log with reference IDs, and a digital signature block. All data is now mathematically consistent with the selected report period and enforces plan-based retention windows.
8-page PDF structure: Cover, Security Summary, Attack Trend Chart, Managed Infrastructure (Sentinel), Threat Intelligence (Forensics), Detailed Anomaly Log, and LiteSOC AI Insights.
Infrastructure layer (Sentinel): Infrastructure page shows total assets, online/offline counts, Sentinel uptime %, and a full server status table with hostname, IP, OS, last heartbeat, and a Healthy/At Risk/Pending security status pill.
Attack Surface breakdown on the Summary page: Application Alerts vs Infrastructure Alerts KPI cards, plus Protected Assets and Sentinel Uptime when servers are registered.
LiteSOC AI Insights page: up to 5 auto-generated, data-driven security recommendations based on alert patterns, dominant attacker types, and unresolved threat rate.
Attack trend chart: bar chart of daily alert counts across the full report period, with a peak-day callout and period-over-period comparison.
Reference IDs in Detailed Anomaly Log: each row now shows the first 8 characters of the alert UUID so auditors can cross-reference the PDF against the LiteSOC dashboard.
Plan-aware log row limits: Enterprise reports show up to 200 rows; Pro reports show up to 100. Previously hard-capped at 50 regardless of plan.
Retention warning banner on the Cover page: when the selected date range exceeds the organisation's retention window, an amber notice shows the earliest available date and explains the data gap.
Executive Approval block on the final page: 'Prepared by: LiteSOC AI Analyst' and a printable 'Acknowledged by' signature line for internal sign-off.
Data Residency note on the Cover page: states compliance with LiteSOC Data Residency Policy [Region: Singapore/Malaysia].
LiteSOC logo embedded on the Cover page (top and footer row) using the white PNG variant for the dark background.
All sub-queries (alerts, previous period, countries, IPs, daily counts) now use a unified effectiveStart date that respects the organisation's retention_days. No more silent empty months in long-range reports.
Query limits raised: rawAlerts from 500 → 2,000; eventCountries from 2,000 → 5,000; previous-period alerts from 500 → 2,000.
Daily trend chart cursor now starts from effectiveStart (not the raw requested start_date), eliminating dead zero-bars before the retention cutoff.
Top Attacking Countries now fetches from the same effectiveStart/endDate window used for all other queries, ensuring mathematical consistency across all pages.
Source column in the Anomaly Log uses colour-coded pills: Indigo for 'Web App', Amber for 'Server: {hostname}'.
Network intelligence pills in Forensics: Tor Exit Node (red), VPN (orange), Proxy (yellow), Datacenter (indigo), Residential (green) — derived from boolean flags rather than raw strings.
UK English standardised throughout: 'Behavioural AI', 'organisation', 'artefact', 'programme'.
Date range preset buttons (7d / 30d / 90d) added to the Anomalies dashboard filter card for quick report scoping.
PDF export enforces plan gate server-side: Free tier receives 403 Forbidden. retentionWarning is computed server-side and cannot be spoofed by the client.
v2.1.0April 11, 2026
LiteSOC Agent — Infrastructure Monitoring & Server Health
Introducing the LiteSOC Agent: a lightweight, open-source Go binary that runs on your servers and streams real-time health metrics to your dashboard. Includes automated offline detection, security alerts, and multi-channel notifications when a server goes down.
New litesoc-agent: a single-binary Go agent installed via one-line curl script. Sends heartbeats every 60 seconds with hostname, OS, CPU, and RAM metrics.
Heartbeat Ingestion API (Edge Runtime): new POST /api/v1/agent/heartbeat endpoint validates agent payloads with Zod, upserts server records, and returns within milliseconds.
Infrastructure Dashboard: real-time server grid showing online/offline status, OS, CPU/RAM gauges, and last-seen timestamps. Powered by Supabase Realtime for instant updates.
Server Offline Detection: automated cron worker runs every 5 minutes, marks servers as offline after a missed heartbeat window, and creates security alerts for each newly-offline server.
Server Down Notifications: offline alerts trigger Email notifications for all tiers, plus Slack, Discord, and Webhook delivery for Pro and Enterprise plans.
One-click install dialog: the Infrastructure Dashboard includes a copy-paste install command with automatic API key and project ID injection.
Agent heartbeat API enforces tenant isolation, validates API key server-side, and throttles audit log writes to one per server per hour via Redis TTL.
New infrastructure_servers table with RLS policies.
v2.0.0April 2, 2026
LLM-Friendly Public API — AI Context Layer
Introduced a complete LLM compatibility layer for the LiteSOC public site. Every public-facing page now has a corresponding raw Markdown route, a central /llms.txt index, a full-context /llms-full.txt document, and an AI Editor banner on the onboarding and API docs pages.
New /llms.txt route: central index following the llmstxt.org proposal, linking all public Markdown routes and official SDK repositories (Node.js, Python, PHP).
Markdown routes for all public pages: /pricing.md, /features.md, /security.md, /about.md, /docs.md, /how-it-works.md, /changelog.md, /help.md, /docs/api.md, /docs/integrations.md — each returns a text/markdown response kept in sync with the UI via shared data modules.
New /llms-full.txt dynamic route: concatenates all static product pages, the full API reference, every help center article (with full body content), and all published blog posts fetched live from the database into a single Markdown document for AI agents.
'AI Editor' banner added to the Dashboard Integration Guide and the public API Docs page, shows a one-click copyable @https://litesoc.io/llms.txt string with instructions for Cursor and Claude.
'LLM Friendly' link added to the site footer, pointing to /llms.txt.
Fixes a race condition in the worker pipeline that prevented new brute force alerts from being created, adds the View Event button for Free-tier users, and fixes dismissed alerts reappearing on realtime updates.
Worker pipeline ordering: events are now inserted into the database before alerts are created, preventing a foreign key constraint failure on trigger_event_id that silently blocked new brute force (and all other) alert creation across all tiers.
Dismissed alerts no longer reappear when new alerts arrive via realtime. The filter now checks the server-synced status field ('dismissed', 'resolved') in addition to local component state.
Free-tier users can now see the 'View Event' button on brute force alerts, providing basic forensic visibility into the triggering event without requiring a Pro upgrade.
A complete quality-of-life pass for Free-tier users: a lightweight Dismiss workflow replaces the forced upgrade wall for alert management, the Incident Storyline now shows contextually accurate labels per alert type with correlated event counts, and the retention notice is redesigned as a thin, dismissible info bar.
Dismiss Alert for Free users: Free-tier users can now dismiss open alerts directly from the Behavioral Anomalies card and Forensic Sheet via a new ghost-style 'Dismiss' button.
Automatic housekeeping for Free accounts: the daily retention cron now auto-dismisses any 'open' or 'acknowledged' alert older than 7 days for Free-plan organizations.
Dynamic Incident Storyline labels: the Discovery step now shows a contextually accurate sublabel per alert type.
Retention Info Bar: the large blurred overlay block below the Activity Feed table is replaced with a compact, single-line dismissible bar.
Optimistic UI for alert dismissal: dismissed alerts are removed from the Behavioral Anomalies card immediately on click without waiting for the server response.
dismissAlertAction enforces server-side tenant isolation, requires org membership, is idempotent for already-dismissed alerts. Audited as 'alert.dismissed' in the SOC 2 audit log.
v1.9.7March 12, 2026
LiteSOC Merch Store
Launched an official merchandise store at /merch with plan-aware pricing, Stripe Checkout for physical goods with shipping address collection, a confetti success page, and a new merch_orders table.
New /merch page: high-end product gallery (Tee, Hoodie, Cap, Mug, Stickers) with dark-mode Zinc-950 styling.
Plan-aware pricing: Enterprise users see a 'Claim for Free' button for the Official LiteSOC Tee; Pro users receive a 20% member discount.
createMerchCheckoutSession Server Action: Stripe Checkout in payment mode with shipping address collection.
New merch_orders table with RLS: stores user_id, org_id, item_name, size, shipping_status, and stripe_session_id.
Added merch.order_placed and merch.free_claim_redeemed audit log actions for SOC 2 compliance tracking.
v1.9.6March 11, 2026
Advanced Custom Threat Model Engine (Enterprise Tier)
Custom Threat Models now support multi-condition AND/OR/NOT logic, deep metadata field filtering, result grouping, and chained-event detection.
Advanced condition schema: conditions now support { logical_operator: 'AND' | 'OR' | 'NOT', filters: [...], group_by? }.
Deep metadata filtering: filter fields now resolve dot-notation paths up to two levels deep.
Chained event ('FOLLOWED BY') detection: new chained_event_type and chain_time_window_minutes columns.
Redis pipeline batching: primary event counter increments are now pipelined (single round-trip).
v1.9.5March 11, 2026
Network Intelligence Hardening & Security Fixes
A focused quality-of-life and security pass fixing incorrect network type detection, a free-tier data-leak in the Management API, and inconsistent Server IP display.
network_type now correctly stored as 'datacenter' (or 'vpn'/'proxy'/'tor') when detected via ASN/GeoIP enrichment.
Network Type badge in the Event Detail panel now derives the correct value from the already-resolved flags.
Metadata redaction for free tier now also covers is_datacenter, network_type, and network_provider keys.
Server IP (Origin) row in Event Detail is now suppressed when the value is meaningless.
GET /api/v1/events/:id _redacted_fields response field now accurately lists all nullified columns.
v1.9.4March 10, 2026
Automated Monthly Security Digest
LiteSOC now emails a dashboard-style security summary at the start of each month.
Monthly Security Digest email with dashboard-in-email layout.
Top 3 Attacking IPs table and Top Attacking Country indicator.
'View Full Forensic History' button in digest email.
Opt-in by design: only sent when 'monthly_reports_enabled' is true.
Endpoint secured with constant-time CRON_SECRET check and audited service client.
Redis-based deduplication ensures only one digest email per org per month.
v1.9.3March 9, 2026
Instant Security Alert Notifications
Pro and Enterprise users now see a pop-up notification the moment a new security alert is detected.
Real-time alert pop-ups: notifications appear instantly when new security alerts are detected.
Severity-based styling: Critical (red), High (amber), Medium/Low (neutral).
Smart grouping during attack bursts: multiple alerts within 3 seconds are grouped.
'View Details' button opens the full forensic investigation panel.
Alert notifications available on Pro and Enterprise plans only.