Article
by M&NTIS team

July 2026: What’s New in M&NTIS Platform

We’re pleased to announce M&NTIS Platform v26.6, a release centered on tightening the connection between simulated attacks and the detection work that follows. This update brings automated detection signatures and alert collection into the investigation workflow, refreshes several key areas of the interface, and continues to sharpen the experience for SOC and CERT teams training on the platform.

⭐ Key Highlights

🛡️ Signature-Driven Investigation

M&NTIS now closes the loop between attack execution and detection, giving analysts a clear starting point for investigation.

  • Automated signature deployment: the detection signatures associated with a scenario can now be deployed automatically into the lab’s SIEMs (Kibana, Splunk and Graylog), providing a ready-made entry point to begin the investigation.
  • Automatic alert collection: alerts generated by Kibana and Graylog are now retrieved automatically, with the number of detected alerts shown directly in the Security Monitoring block.
  • Alerts in the attack report: alert details are now surfaced within the attack report (AttackGraph), letting analysts connect what happened during the attack with what their detection stack actually caught.
Alerts from SIEM directly displayed in the M&NTIS interface
Correlation between attack steps and triggered alerts

Together, these capabilities turn each lab into a full detect-and-respond exercise: launch the lab, deploy the signatures, run the attack, and investigate the resulting alerts end to end.

🖥️ User Experience & Interface

  • Redesigned dashboard.
  • Redesigned defense integrations page, with a simplified SIEM selection.
  • Redesigned Security Monitoring block within the lab view.
  • Added a visualization of custom unit attacks and Atomic Red Team attacks.
  • Added a table view of the attacks executed on a lab.
  • Scenario difficulty level is now displayed.
  • SIEM access credentials are now shown directly in the lab interface (section Security monitoring).
Redesigned M&NTIS scenario list view

📋 Other Release Changes

Labs & Orchestration

  • The life orchestrator is now suspended when a user opens a session through Guacamole, preventing automated legitimate activity from interfering with hands-on interactions with the virtual machines.

Documentation

  • Added documentation for relay server access.
  • Added documentation for CrowdStrike EDR support.

Trial Edition

  • Inaccessible scenarios are now shown greyed out.
  • Signatures are hidden for the Learner profile.

M&NTIS v26.6 reflects our ongoing focus on making defensive training as complete and realistic as possible. By bringing detection signatures and live alerts into the investigation workflow, this release helps SOC and CERT teams experience the full attack-to-detection cycle within a single lab, with greater clarity and confidence.