FlowIntel 3.2.0 - Chatbot, timelines, audit logs page, keycloack, alerting...

Flowintel 3.2.0 (2026-05-11)

We are pleased to announce FlowIntel 3.2.0, introducing new features like AI assistance, advanced Timeline visualizations, and a robust Alerting engine. Under the hood, we’ve overhauled our dependency management and hardened our security posture to ensure the platform remains fast, stable, and secure.

---

🚀 New Features

• Integrated Chatbot: Introducing an AI-powered assistant built with DSPy and Ollama. It supports chat history, uses Flowintel-MCP for context, and can be toggled on or off via system settings.

• Visual Timelines: New integration with TimelineJS and Pivotick. You can now generate interactive timelines based on MISP objects within a case or add custom entries manually.

• Alerting System: A brand new engine supporting Webhooks (with HMAC-SHA256 signatures) and IMAP for archiving notifications. Includes a dedicated dashboard with unread badges.

• Rulezet Module: A new module for specialized rule management and synchronization.

• Audit Log Dashboard: A dedicated interface for Admins and Audit Viewers to track system-wide activity. It features a visual "peaks" graph to spot activity spikes, advanced include/exclude filters, and full export capabilities to CSV and JSON.

• Keycloak SSO: Expanding our identity providers, Flowintel now supports Keycloak for Enterprise Single Sign-On, including automatic user provisioning.

---

🛠 Improvements & Changes

UI & Performance

• Turbocharged Dependencies: Migrated to uv (Python) and bun (JavaScript) for significantly faster installation and reproducible builds.
• Audit Logging Dashboard: A dedicated view for Admins and Auditors to track system activity with visual peak graphs, advanced filters, and CSV/JSON export options.
• UI Refresh: Implemented Rubik fonts, and standardized form layouts (Cancel/Submit alignment) for a more professional feel.
• Smart Tabs: The Case View now dynamically adds tabs based on the active connectors (MISP, etc.) associated with that specific case.

MISP & Data Management

• Advanced Case Creation: Drastically improved the "Create Case from MISP" workflow—preview event details, select specific objects/attributes, and convert them into notes or tasks before creation.
• Bulk Actions: Added bulk enable/disable for taxonomies and galaxies.
• Exporter Tool: A new tool under the "Tools" menu allows for multi-case exports in JSON, CSV, or XML formats.

Security & API

• Session Hardening: Improved CSRF protection and session handling; sessions are now cleared properly on both login and logout.
• Granular Permission Checks: Tightened access control for private cases, ensuring history, audit logs, and correlations are strictly restricted to authorized members.
• API Documentation: Expanded Swagger/OpenAPI documentation for connectors and instances.

---

🐞 Bug Fixes

• Python 3.12 Compatibility: Fixed syntax warnings and issues related to the latest Python versions.
• Case Integrity: Fixed bugs preventing cases from being edited if the title already existed and resolved issues with orphaned task templates.
• Task Management: Fixed the "revive" logic where changing the status of a Finished task didn't correctly move it back to the active list.
• Email Validation: Switched internal test data to use the .test TLD to avoid DNS validation failures during setup.

---

📖 Documentation

• Released an Extensive User Manual featuring troubleshooting sections, FAQs, and a demo walkthrough.
• Added technical guides for setting up Keycloak SSO and the new Alerting Webhooks.

Contributors

• @cudeso
• @ecrou-exact
• @zengdard

Full Changelog: 3.1.0...3.2.0

---

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.