GreyMatter Ticket Sync
GreyMatter now supports native bidirectional ticket sync with your Google SecOps SOAR and ServiceNow instances. Incidents created or updated in GreyMatter Investigate automatically sync to your ticketing system in near real time, and updates made on either side are reflected in the other. You configure your own integrations, field mappings, and status mappings directly in GreyMatter — eliminating the manual ticket management, custom API work, and platform context-switching.
GreyMatter Notification Groups
GreyMatter Notifications can now be sent to groups rather than just individual users. You can build notification groups from GreyMatter users and external email addresses (distribution lists), so a single notification reaches an entire team or set of stakeholders at once — extending security visibility to people beyond the platform's direct users. Individual users can see which groups they belong to and opt out at any time, while group management remains restricted to admin-level users.
Detection Validation — Enhancements
Detection Validation has been enhanced to give you broader, higher-fidelity proof that your detections and security controls work as intended. You can now validate 185+ rules using higher-fidelity, ReliaQuest-authored simulations, and run validation across single, multiple, or all eligible deployed rules in a single run — with Security Control Validation (prevention) and Rule Validation (detection) now in one unified workflow, replacing the previous one-at-a-time process. New configurable criteria, including log source selection and strict vs. normal mode, give you greater control over how each rule is validated, while AI-generated run summaries and downloadable PDF reports make your results easy to understand and share with stakeholders.
GreyMatter Chat in Mobile
GreyMatter Chat is now available in the GreyMatter Mobile App. You can ask questions about incidents and your security posture using the same natural-language interface available on web, with conversations syncing between web and mobile in real time. Mobile Chat is scoped to the areas of the platform already supported in mobile — actions tied to web-only areas (such as tuning or deploying detection rules) remain available on web, with the conversation continuing seamlessly via sync.
GreyMatter Intel in Mobile — Reports and Subscription Notifications
You can now generate and view Intel Researcher Teammate reports on the go — through natural language in GreyMatter Chat or the Reports tab in Intel — with chat and report history syncing seamlessly between web and mobile. You can also enable push notifications for your Intel Update Subscriptions (in mobile or web settings) and tap straight through to the relevant Intel Update.
GreyMatter Discover – Customer Authored Exposures
GreyMatter Discover now supports Customer Authored Exposures, giving your security team direct control over the rules that surface risk across your asset, identity, software, and SaaS data. Where Discover previously offered only fixed exposures, you can now tune built-in rules or create your own — including with AI-assisted authoring that turns a plain-English description into a ready-to-review rule — so you can reduce noise and close the coverage gaps unique to your environment.
New Direct Sources
Source | Description | Supported GreyMatter Capabilities |
|---|---|---|
OpenAI Compliance | Gives security and compliance teams visibility into OpenAI platform usage. The connector streams audit events and policy violations into GreyMatter, where they are evaluated against detection rules for Detect At-Source alerting, investigated through log queries, and actioned with Respond playbooks. | Detection at Source, Investigate / Hunt, Respond |
Rapid7 InsightVM | Delivers unified vulnerability management visibility by ingesting InsightVM's full asset inventory — hosts, devices, and vulnerability assessments — so you can maintain comprehensive asset visibility and enrich alerts with vulnerability context on managed assets. | Discover, Asset Inventory, Respond |
Sublime Security | A programmable, AI-powered cloud email security platform for Microsoft 365 and Google Workspace. Enables ingestion of email-based detections, centralized investigation using MQL (Message Query Language), automated response for malicious messages, and detection-as-code workflows through programmatic rule management. | Investigate / Hunt, GreyMatter Detect (Vendor & ReliaQuest Authored), Detection Push, Intel Push, Respond |
Jamf Pro | Combines the enterprise Apple device management capabilities of Jamf Pro with GreyMatter orchestration for comprehensive asset visibility and response actions across your managed Apple fleet. | Discover, Respond |
PingOne | Provides visibility into your identity and access management environment, enabling discovery of identity assets and automated response actions such as enrichment, disabling compromised user accounts, and terminating active sessions. | Discover, Respond |
Enhanced Direct Sources
Source | Updated GreyMatter Capabilities |
|---|---|
Exabeam New-Scale SIEM | Added Detection Push, Alert Ingestion — ReliaQuest Authored, and Detection Note/State Syncing. (New permissions required: Correlation Rules, Threat Center.) |
Microsoft Entra ID | Respond — New Playbook: Delete Device, which removes a rogue device registered to a compromised user account to help contain device code phishing and token abuse. (Requires the Device.ReadWrite.All application permission with admin consent.) |
