Skip to content

FlowIntel 3.1.0 – Privileged Cases, Custom Taxonomies & Advanced Roles

Choose a tag to compare

View all tags
@DavidCruciani DavidCruciani released this 26 Mar 15:00
· 324 commits to main since this release
3.1.0
This tag was signed with the committer’s verified signature.
DavidCruciani David Cruciani
GPG key ID: 8690CDE1E3994B9B
Verified
Learn about vigilant mode.
a26cfb4
This commit was signed with the committer’s verified signature.
DavidCruciani David Cruciani
GPG key ID: 8690CDE1E3994B9B
Verified
Learn about vigilant mode.

FlowIntel 3.1.0 (2026-03-26)

We are pleased to announce FlowIntel 3.1.0, introducing new features like Case Reporting, Entra ID support, and a Central Repository for templates. We’ve also given the UI a significant facelift and tightened up our role-based access control to keep your workflows smooth and secure.

🚀 New Features

  • FlowRefs: You can now use variables within notes that automatically replace on rendering. Dynamic documentation just got a lot easier.
  • Case Reporting: Generate comprehensive reports in Markdown or PDF. Choose exactly what to include: tasks, notes, files, tags, objects, taxonomies, audit logs, or timelines.
  • Digital Signatures: Added support for GPG signing of case reports to ensure integrity and authenticity.
  • Central Template Repository: Shifted from GitHub API to a local filesystem-based repository for templates, making it faster and more reliable to manage your organization's standard operating procedures.
  • Entra ID (SSO) Support: Seamlessly integrate with Microsoft Entra ID for Single Sign-On, including automatic user provisioning and role mapping.
2026-03-26_15-32

FlowRefs

Case report Config View
case_report config
Template repository
template_repo

🛠 Improvements & Changes

UI & User Experience

  • Unified UI: The Home page now shares the same sleek design as the Case Index.
  • Better Data Visibility: The Case Index now displays the number of files, objects, and linked cases at a glance.
  • Analyser Overhaul: Improved the MISP module analyser with a 3-phase workflow indicator, "click-to-copy" tables, and better results collapsing.
  • Editor Upgrades: Replaced standard textareas with CodeMirror for case note templates, providing a much better editing experience.

MISP Integration

  • Enhanced Export: Export file attachments, subtasks, and external references directly to MISP.
  • Connectivity Checks: Added a dedicated tool to test your MISP connections before you start syncing data.
  • Visual Cues: A new MISP icon now appears on the Case Index only when a case is actively synced, reducing clutter.

Administration & Permissions

  • UI Configuration: Admins can now edit many config.py values directly through the web interface (with an automatic audit trail and backups).
  • Granular Roles: New Importer, Template Editor, and MISP Editor roles allow for more precise permission management.
  • Session Security: Active sessions and notifications are now automatically purged when a user is deleted.

🐞 Bug Fixes

  • Tag Integrity: Resolved conflicts in the tag system and fixed "double galaxy" rendering in the case view.
  • Modal Rendering: Fixed issues where dropdowns would break inside modals by switching to more intuitive inline forms.
  • Audit Logging: Fixed gaps where case/task creation via API wasn't being properly logged.
  • General Stability: Addressed multiple findings from the February SonarQube static code scan.

📖 Documentation

  • Updated the Installation Manual with new diagrams for Entra ID and MISP configurations.
  • Refreshed the Backup and Restore guide and the Encryption Guide.

Contributors

  • David Cruciani
  • Koen Van Impe

Thanks to @cudeso for contributions.

Full Changelog: 3.0.0...3.1.0

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

EU logo

Contributors

cudeso
Assets 2
Loading