AntiMalwareJuly 18, 2026🇷🇺Translated from Russian

Solar SIEM 2026.2 Adds Full Solar JSOC Detection Library, TI Feeds Support, Enhanced AI Agent and Multi-Tenancy

GC Solar has released Solar SIEM 2026.2, introducing several major enhancements designed to reduce the manual effort traditionally required when deploying a security information and event management platform.

The most significant addition is the complete library of detection rules developed by Solar JSOC. This knowledge base was accumulated over 14 years of continuous monitoring and incident investigation across the infrastructures of approximately 300 customers. Organizations no longer need to spend months creating their own rule sets tailored to specific environments; instead, they receive battle-tested detection scenarios that enable identification of complex attacks at the earliest stages of deployment.

According to Solar JSOC statistics for 2025, the center processed 1.16 million security events after filtering out false positives. Customers confirmed more than 33,000 incidents. The most common threat types were malicious software, responsible for 36 percent of cases, and attempts at unauthorized access, which accounted for 23 percent.

The update also introduces support for TI Feeds. Solar SIEM can now automatically load indicators of compromise from the Solar 4RAYS database as well as from customer-provided external sources and correlate them in real time against events collected from the monitored infrastructure.

Capabilities of the built-in AI agent have been substantially expanded. Previously limited to analyzing data contained within an incident card, the agent can now independently access and examine raw source data, conduct deeper investigation, and propose subsequent response actions. This functionality is intended to accelerate initial triage and reduce routine workload for security analysts.

Another important new feature is multi-tenancy. Multiple organizations can now be connected to a single Solar SIEM installation while their event streams remain fully isolated. This architecture primarily targets holdings, MSSP providers, and large enterprises with numerous separate divisions.

More than 40 companies of varying sizes participated in the pilot testing of the new version. Overall, Solar SIEM 2026.2 shifts the emphasis from lengthy manual configuration toward immediate use of a ready-made knowledge base, enabling effective security monitoring even without maintaining a large internal SOC team.