Skip to content
Get a Demo
    curve design on left cloud image

    What’s New In The Cado Platform Q4 24/25

    Over the past quarter, the Cado team has been hard at work bringing new features and enhancements to the Cado platform. Here's an overview of what we’ve been up to: 

    As we continue to enhance and expand the capabilities of the Cado platform, Q4 brought a host of updates designed to improve the efficiency and effectiveness of your cloud investigations. This quarter’s updates focus on better monitoring, detection, and acquisition workflows to streamline your security operations.

    Import UX Improvements

    Import Multi-Select 

    Multi-select even supports resources from across multiple projects.

    The Cado Platform now allows you to select multiple resources to import at once, saving time and streamline investigation kick off. 

    Cloudgrep Integration for S3

    By embedding Cloudgrep (A Cado Open-Source Project) into the Cado platform, we enable security teams to search cloud storage logs efficiently and import only the relevant data for analysis. This approach provides several benefits:

    Search Before Ingesting

    Instead of importing entire log repositories, analysts can now perform targeted searches across AWS, Azure, and GCP storage. This helps teams quickly find relevant log files while reducing unnecessary ingestion.

     

     

    Faster Investigation Workflows

    The new 'Search content' action type allows users to identify and extract only the logs that contain relevant indicators of compromise (IoCs), accelerating the time to insight.

    Improved Filtering and Precision

    With new filtering options, users can refine searches by Name and Type, ensuring they retrieve only the most pertinent log files.

    Types of Events in an example log file

    Seamless Review and Import

    Security teams can now:

    • Review selections before ingesting data
    • Execute search queries with detailed summaries
    • Import files containing search hits for deeper forensic analysis

    Certificate Based Authentication for Azure

    Users can now use certificate based authentication when working in and with Azure environments 

    Browse Disk Improvements

    Users now have the ability to do the following, which massively streamlines workflows:

    • Find files
    • Jump straight to files, based on a path
    • Filter all files by malicious/suspicious

    Vulnerability Scanning For Linux Resources

    The Cado Platform now has vulnerability scanning into its investigation pipeline.

    This new capability enables automated full-disk vulnerability scanning, providing security teams with comprehensive visibility into risks hidden within forensic evidence.

    The vulnerability discovery feature can be run as part of an acquisition, or via a faster ‘Scan only’ mode.

    A fast vulnerability scan being performed on the acquired evidence

    Once the acquisition has completed, the user will have access to a ‘Vulnerabilities’ table within their investigation, where they are able to view and filter open vulnerabilities (by Severity, CVE ID, Resource, and other properties), as well as pivot to the full Event Timeline. In the Event Timeline, the user will be able to identify whether there is any malicious, suspicious or other interesting activity surrounding the vulnerable package, given the unified timeline presents a complete chronological dataset of all evidence and context collected.

    Vulnerabilities discovered on the acquired evidence

    Role Based Access Control Improvements

    There are now 5 roles available in the platform:

    User Role

    Description

    Administrator

    Ability to access all functionality in the Cado platform

    Platform Administrator

    A more restricted set of permissions than Administrator, with a focus on operational aspects of the platform including upgrades, account management, and troubleshooting.

    Lead Analyst

    A restricted set of permissions with a focus on managing investigations including user access and taking response actions

    Analyst

    A more restricted permission set than the Lead Analyst role, with a focus on conducting investigations including acquiring and analysing evidence

    Read only Analyst

    Most restricted role with read only access

    This update gives administrators more granular control over account permissions in the platform, allowing for better control over what can access what data. More information about the roles can be found here

    It is also now possible in the platform to allow an API key to be assigned to a role as well allowing better control over what data can be accessed via a given API key.

    This is just a brief look into the recent achievements and progress the Cado team has made over the past quarter. We’re extremely excited about the positive impacts these new features are having on our customers. While these features and improvements are another step forward in revolutionizing forensics and incident response, there’s much more to come!

    If you want to see how Cado can revolutionize your investigative workflow, schedule a demo with our team.

    More from the blog

    View All Posts