Skip to main content

Documentation Updates

← All Updates

2026-03-19 Documentation Update

· 4 min read
ReversingLabs
ReversingLabs
ReversingLabs Technical Writing Team

Below are the latest additions and improvements as of March 19, 2026.

Spectra Analyze

  • Released Spectra Analyze 9.7.1 documentation and changelog.
    • Added Network Threat Intelligence page enhancements with IP address data from Spectra Intelligence, including geolocation, ASN, network range, and WHOIS information.
    • URLs extracted from Auxiliary Analysis now appear in the Network References section with pivot links.
    • Added risk tolerance indicator to the top navigation bar.
    • Fixed YARA import limits, increased to 40 MB file size with rules limit removed.
    • Fixed third-party networking reputation sources display in the UI.
    • Fixed sample names being properly sent to IDA in TCA-0207 API calls.
    • Fixed encrypted file uploads handling passwords with special characters.
    • Fixed YARA sync status to accurately reflect synchronization state.
    • Fixed Network Threat Intelligence page infinite loading state when Spectra Intelligence is misconfigured.

Spectra Detect

  • Released Spectra Detect 5.7.2 documentation and changelog.
    • Added Central SDM support for managing both OVA and Kubernetes deployments from a single interface.
    • Added SDM redundancy support for disabling TLS certificate sharing.
    • Increased the SDM NFS connector share limit.
    • Increased the default maximum upload size for YARA rulesets to 45 MiB.
    • Improved performance for the Analytics dashboard.
    • Adjusted dispatcher API concurrency limits to reduce load on core services.
    • Fixed Deep Cloud Analysis usage tracking for accurate usage metrics.
    • Fixed multiple clustering, SDM redundancy, and S3 egress issues.
  • Released Spectra Detect 5.7.1 documentation and changelog.
    • Added machine learning model configuration options in Central Configuration for fine-tuning model behavior during static analysis.
    • Spectra Core updated to 5.5.0.
  • Released Spectra Detect 5.6.4 documentation (Worker & Hub) and changelog.
    • Fixed upgrade path issues on Spectra Detect Workers and Hubs.
  • Released Spectra Detect 5.6.4 documentation (Manager) and changelog.
    • Added option to disable TLS certificate sharing during clustering for enhanced security.
    • Fixed distributed tables cleanup when clustering is disabled.
    • Fixed cluster creation API premature failures.
    • Improved cluster API timeout values and error handling.

File Inspection Engine

  • Released File Inspection Engine 3.2.1 documentation and changelog.
    • Fixed high security vulnerabilities.
  • Released File Inspection Engine 3.2.0 documentation and changelog.
    • Enhanced file classification to reduce false positives by adding support for classification overrides combining analyst overrides with user overrides.
    • Fixed high vulnerabilities.
  • Released File Inspection Engine 3.1.4 documentation and changelog.
    • Fixed high, medium, and low security vulnerabilities.
  • Released File Inspection Engine 3.1.3 documentation and changelog.
    • Fixed high security vulnerabilities.

Integrations

  • New Spectra Analyze MISP Enrichment Module integration documentation.
    • Enriches MISP indicators of compromise (IOCs) with ReversingLabs threat intelligence data.
    • Supports file hash, domain, IP address, and URL enrichment.
    • Provides automatic relationship mapping between file objects, domains, IPs, and reports.
    • Includes enterprise features such as proxy support, custom SSL certificates, and configurable timeouts.
    • Features declarative JSON-based mapping configuration for customization.
  • New Corelight integration documentation.
    • Combines Corelight's network detection and response (NDR) platform with ReversingLabs file analysis.
    • Corelight Sensors extract files from network traffic and forward them to ReversingLabs for automated malware classification and threat analysis.
    • Analysis results are returned as logs that integrate with SIEM and SOAR environments for analyst response.
  • New ReversingLabs Amplify integration documentation.
    • Embeddable widget that brings ReversingLabs Spectra Intelligence threat intelligence directly into web applications.
    • Allows users to analyze indicators of compromise (file hashes, URLs, domains, IP addresses) without leaving your site.
    • Backend service securely communicates with ReversingLabs APIs and provides pre-fetched data for fast, seamless integration.

Spectra Intelligence

  • Updated TCA-0403 - URL Report with new dynamic analysis fields.
    • Added geolocation field providing geographic location associated with the URL's network activity, reflecting the configured country from which the network traffic was egressed during dynamic analysis.
    • Added locale field reflecting the configured OS language, region, and keyboard layout used during dynamic analysis.
  • Updated TCA-0303 - YARA Ruleset Matches and TCA-0319 - YARA Ruleset Matches Feed with extended parameter support.
    • Added extended parameter that when set to true includes additional enrichment fields in response entries: md5 hash, sha256 hash, and first_seen timestamp.