We’re pleased to announce M&NTIS Platform v26.6, a release centered on tightening the connection between simulated attacks and the detection work that follows. This update brings automated detection signatures and alert collection into the investigation workflow, refreshes several key areas of the interface, and continues to sharpen the experience for SOC and CERT teams training on the platform.
⭐ Key Highlights
🛡️ Signature-Driven Investigation
M&NTIS now closes the loop between attack execution and detection, giving analysts a clear starting point for investigation.
- Automated signature deployment: the detection signatures associated with a scenario can now be deployed automatically into the lab’s SIEMs (Kibana, Splunk and Graylog), providing a ready-made entry point to begin the investigation.
- Automatic alert collection: alerts generated by Kibana and Graylog are now retrieved automatically, with the number of detected alerts shown directly in the Security Monitoring block.
- Alerts in the attack report: alert details are now surfaced within the attack report (AttackGraph), letting analysts connect what happened during the attack with what their detection stack actually caught.
Together, these capabilities turn each lab into a full detect-and-respond exercise: launch the lab, deploy the signatures, run the attack, and investigate the resulting alerts end to end.
🖥️ User Experience & Interface
- Redesigned dashboard.
- Redesigned defense integrations page, with a simplified SIEM selection.
- Redesigned Security Monitoring block within the lab view.
- Added a visualization of custom unit attacks and Atomic Red Team attacks.
- Added a table view of the attacks executed on a lab.
- Scenario difficulty level is now displayed.
- SIEM access credentials are now shown directly in the lab interface (section Security monitoring).
📋 Other Release Changes
Labs & Orchestration
- The life orchestrator is now suspended when a user opens a session through Guacamole, preventing automated legitimate activity from interfering with hands-on interactions with the virtual machines.
Documentation
- Added documentation for relay server access.
- Added documentation for CrowdStrike EDR support.
Trial Edition
- Inaccessible scenarios are now shown greyed out.
- Signatures are hidden for the Learner profile.
M&NTIS v26.6 reflects our ongoing focus on making defensive training as complete and realistic as possible. By bringing detection signatures and live alerts into the investigation workflow, this release helps SOC and CERT teams experience the full attack-to-detection cycle within a single lab, with greater clarity and confidence.