Release Notes 4.20.0¶
Overview¶
This document outlines the updates, improvements, and fixes introduced between versions 4.19.0 (released on Feb 23, 2026) and 4.20.0 (released on Mar 09, 2026) of the Excalibur v4 software.
New Features¶
Anomaly Detection and Session Triage¶
We’ve introduced Anomaly Detection capabilities to help administrators quickly identify, review, and respond to suspicious session activity. This feature improves security visibility and provides a structured workflow for investigating potential threats.
Session List Enhancements
The Session List page now includes additional indicators and filtering capabilities for sessions where anomalies were detected.
Updates
- New "Status" column with filter support.
- Sessions with unresolved anomalies are highlighted in red for quick identification.
- A new "Anomaly Triage" tab provides a dedicated overview of sessions where anomalies have been detected.
Anomaly Triage Dashboard¶
The Anomaly Triage tab provides a centralized view for reviewing and managing sessions flagged by anomaly detection.
Summary Cards
Sessions are categorized into the following statuses:
- Anomaly Detected – Newly detected anomalies that have not yet been reviewed
- In Review – Sessions currently being investigated
- Dismissed – Sessions determined to be safe or non-threatening
- Confirmed Threat – Sessions confirmed to contain suspicious or malicious activity
Session Table
The triage table lists all sessions with detected anomalies, allowing administrators to:
- Track the current review status
- Open the session detail view for deeper investigation
- Continue the review and decision process
Session Detail Page Updates
Sessions with detected anomalies now include additional context and investigation tools.
Alert Banner
A banner notification appears at the top of the session detail page to inform administrators that an anomaly was detected. From this banner, users can start the evaluation process.
Assistant Panel Enhancements
The Anomaly Detected tab in the assistant panel has been redesigned to support triage actions:
- Dismiss – Mark the anomaly as non-threatening
- Confirm Threat – Mark the session as a confirmed security threat
Session Detail Structure
The session detail view is now organized into the following sections:
- General
-
Contains the original session information and details.
-
Audit Log
- Displays anomaly detection–related audit logs for the session, allowing administrators to review the full investigation history and actions taken.
Key Benefits
- Faster identification of suspicious activity
- Centralized anomaly triage workflow
- Clear investigation status tracking
- Improved auditing and security visibility
- Better operational response to potential threats
Figure 1. Anomaly Triage
Figure 2. Confirmed Threat
Expanded Language Support¶
The application now supports four additional languages:
- German (DE)
- Ukrainian (UA)
- Russian (RU)
- Spanish (ES)
alongside the existing English (EN) and Slovak (SK) support. This update enhances accessibility for a broader user base.
- All user-facing text, error messages, validation messages, export formats (CSV/PDF headers and content), and optionally email templates are localized.
Language Selection
- Users can select their preferred language in User Preferences/Settings.
- The selected language persists across sessions and is stored per user account.
- Default language is English (EN).
- Added additional language support to On-Screen Keyboard.
- On mobile clients, the app uses the device system language with fallback to English.
Localization Features
- Date and time formats per locale
- Currency formats per locale
- Language names displayed in native language
Figure 3. Language Selection
Customizable Landing Page¶
Users can now choose which page they want to see immediately after signing in. This new Landing Page Preference makes it easier to start your work where you need it most.
Available Landing Pages
You can select your preferred landing page from the following options:
- Dashboard
- PAM Targets
- Sessions
- Users
- Actions
- Audit Logs
- Peer Verification
- JIT Access
- Authenticators
How It Works
- Navigate to User Settings → Preferences.
- Use the Landing Page selector to choose the page you want to open after login.
- Use Reset to Default to return to the default setting.
By default, the landing page is set to Dashboard (your profile/detail page).
Quick Pin from Any Page
You can also set your landing page directly while browsing the product:
- Open any supported page.
- Click the Pin button in the page header.
- The selected page will automatically become your new landing page.
This feature helps you quickly access the area you use most and personalize your login experience.
Figure 4. Default Landing Page
Figure 5. Landing Page Pin
Live Session Shadowing¶
Authorized administrators can now view, join, monitor, and terminate active sessions in real time. This provides better operational visibility, enables faster incident response, and allows immediate risk mitigation when necessary.
How It Works
Administrators can select an active session from the session dashboard and take one of the following actions:
- View / Monitor the session in real time
- Join the session in read-only mode to observe user activity without interrupting the user
- Terminate the session if suspicious activity, policy violations, or security risks are detected
When an administrator joins a session, it is streamed live to their browser while the user continues working normally, ensuring the session remains uninterrupted unless explicitly terminated by an administrator.
Supported Protocols
Live session monitoring and shadowing are supported for the following connection types:
- RDP
- SSH
- VNC
Key Benefits
- Real-time visibility into active sessions
- Read-only shadowing to prevent interference with user activity
- Immediate session termination for rapid risk mitigation
- Faster support and incident response
- Improved security, compliance, and auditing
Figure 6. Session List Action Buttons
Usability Improvements¶
User Detail Location History and Anomalies Tabs¶
We’ve added two new tabs to the User Detail page to provide deeper insights into user activity and anomalies.
Location History
- Displays a list of all user locations captured as actions.
- When zoomed out, Pins are shown instead of Geofences for better clarity.
- Hovering over a location shows a label with location details.
- Users can view detailed information about each action at a specific location.
- Option to center the map on a selected location.
- Multiple actions at the same location are clustered on the map, but can be expanded in a scrollable panel below the map to review each recorded action individually.
- Clustering improves UX by grouping locations with similar coordinates while still allowing full visibility of all actions.
Anomalies
- Lists all anomalies recorded for the specific user.
- Works similar to the Anomaly Triage page but scoped to an individual user.
- Provides a clear overview for reviewing, dismissing, or confirming threats related to that user’s activity.
Figure 7. Location History Tab
Figure 8. Location History Detail
Figure 9. User Anomaly Tab
Table-Level Data Refresh Action¶
A new Refresh action button has been added to the header of all data tables across the application. This allows users to update table content without reloading the entire page, providing faster and more efficient workflows.
How It Works
- Click the Refresh button in any table header to reload only that table’s data.
- The page content outside the table remains unchanged.
- Works seamlessly in fullscreen mode as well.
Key Benefits
- Faster data updates without full page reload
- Improved user experience when working with large datasets
- Consistent behavior across all tables and viewing modes
Figure 10. Refresh Button