Date | Version | New Features / Notes |
---|
June 21, 2025 | 1.5.21 | Version 1.5.21 This release delivers powerful new capabilities to support fraud investigation workflows, enhance integration flexibility, and improve profiling and SDK performance.
🚨 Incident Management (General Availability) The new Incident Management module empowers fraud teams to triage, investigate, and resolve suspicious activity with greater efficiency. Available to all customers, this feature introduces: Queue Management: Define incident queues (e.g., "Payment Fraud", "Account Takeovers") and assign them to specific teams. Supports like the ability to rank based on transaction amount or risk. Incident Grouping: Automatically group related events by shared identifiers or rule-based logic to reduce noise and boost context. Custom Close Actions: Define tailored resolution actions such as applying labels, modifying event attributes, or notifying external systems (e.g., Jira). Time Tracking: Built-in time tracking and overflow logic help manage workload and optimize analyst performance. Flexible Configuration: Admins can manage teams, queues, grouping logic, and close actions via an intuitive UI. Integration into the investigations portal The ability to search for events contained in one or more incidents. Also includes the ability to search for incident related events Customized visualizations and column display based on the type of incident
Read more about Incident Management
🛡️ Darwinium Outpost Darwinium Outpost allows you to host a Darwinium API endpoint within your own AWS infrastructure. This setup: Encrypts and processes PII within your own Amazon Infrastructure. Avoids exposing PII to Darwinium’s hosted environment. Is deployed as an AWS Lambda fronted by AWS API Gateway.
This functionality is available to all customers but typically suited to organizations with specific compliance or residency requirements
🧠 Engine Enhancements Quantile UI Calculation Improvements - Improvements to feature quantile calculations within the portal make percentile distribution visualization faster and more accurate, particularly with uneven datasets.
📦 Python SDK v2.0 with Event Query Support Our Python SDK now supports querying event data via the same filters available in the Darwinium portal: Run queries offline in your own notebooks via mTLS-secured APIs. Optional integration with your S3 bucket to directly access raw event data. All PII is returned as hashes (decryption is not supported).
SDK integration requires granting read access to the S3 bucket where Darwinium writes event data.
🧬 Profiling Model Improvements Updated VPN and proxy detection using new IP-based attributes. New Signals: Malware detection (is_malware ) Trusted client indicator (is_trusted ) Click position capture for bot and AI agent detection
Android Root Detection Enhancements: Expanded root kit detection (Magisk, Frida, etc.) New forensic signals (frida_port , boot_state , scanned packages) Support for React Native applications
Agentic Browser Detection
These updates are non-breaking and expand the profiling model schema.
🔌 Integration Enhancements New attribute auth_token_tie enables reliable journey tracking in contexts where cookies can’t be used (e.g., mobile apps, JWT auth). Cloudflare: Support for Account-level API tokens. Glob matching for URLs: Extended wildcard support for both single (* ) and multi-path (** ) patterns. Improved Cloudflare log support during deployment.
Note: auth_token_tie requires explicit journey configuration by the customer. Please reach out to Darwinium support if you require help setting this up
🖥️ Darwinium Portal UI Improvements Investigations The timeseries widgets are now zoomable - enabling investigators to easily refine date ranges based on graph observations Ability to instantly add timeseries visualizations for attributes from the table column context menu
Dashboards statistics-of dashboard - Allows users to configure and view flexible graph summarization of numerical attributes over time Allow min, max, mean and quantiles (including median, quartile, decile, percentile, etc) to be calculated over a custom time slice. Allows statistics to be collated over one or more attributes. Step, region, platform, browser, affiliate/brand, application version, etc.
model boxplot dashboard - enables quick visualization of model distribution and mean/lower quartile/upper quartile performance
Sidebar Remembers width across sessions now Displays when a label was removed for an identifier Proxy actions are now included in signals/scores Allows search on individual signals from sidebar. Inline signal documentation in sidebar.
Event Comparison Device Signature Visualization: When comparing 2 events, it is often useful to understand the probability that they are from the same physical device and the attributes that contributed to that probability. It acts a s a great starting point when looking at a bad device identifier (or one associated with fraud) to understand the attributes (for example the IP prefix) where a fraud investigator might want to start looking for other events.
Tables Search Improvements to the editor syntax and more context-aware autocomplete with awareness of attributes, functions, signals, labels etc. Use tab to quickly adjust contexts:
🐛 Bug Fixes Fixed crash in journey editor when setting call_url timeout Resolved SDK GUID instability Identifiers view now displays events and sidebar context more clearly
|
March 3, 2025 | 1.5.20 | Version 1.5.20 ProfilingEngine Journeys Portal Aggregate stats dashboard for investigations Key identifier dashboard widget The Key Identifier widget is designed for forensics queries, and enables selecting an event where a specific identifier (such as an IP address) is the mode (i.e. most-common value) for the search results. This widget can be customized to show any attributes or details from the sample event
Syntax highlighting Multi-event compare/list capability Multiple events can be selected from the grid in investigations. New functionality provides a quick comparison of differences in event identifier values, as well as a map showing captured geolocations. Furthermore the portal now supports labeling of multiple events at once.
Improvements to cookies UI in journey editor When implementing web-based journey tracking, cookies are a critical piece needed to join multiple events under the same Journey ID. Our journey editor UI now includes imrpovements to how this functionality is displayed and communicated with journey authors
TOTP enforcement for non-sso users Condition support in topx dashboard Journey sankeys in investigations The journey sankeys view enables an operator to see, in aggregate, the flow of traffic between mapped steps for a given set of search results. Through visual inspection, a user is potentially able to identify anomalies and potentially business logic abuse
Features UI Visibility The features display in the sidebar has also been extensively updated to sort feature values - with unusual items (whose quantiles sit at the upper-and-lower extremes) shown first, and with color coding to suggest that they may be unusual. Users may also now hide features in the system whose values remain at their defaults
|
August 19, 2024 | 1.5.19 | Version 1.5.19IP address is now treated as PII - Darwinium takes end-user privacy seriously. IP Address is now considered and treated as PII (Personally Identifiable Information) Reverse Geocoding latitude and longitude calculated for shipping address nearest city, state and country calculated from device GPS (SDK only)
API Certificate CA - The CA has been updated so that new API certificates issued have their expiry extended to 36 months Labels - Identifier attribute limitation has been removed from queries in Labels view Un-deploy button - A new "Un-deploy" button has been added. In the unlikely event that Darwinium is suspected of impacting traffic, Darwinium Edge deployments can be removed with a single button click Audit Logging - logging of all key user actions is now available in new Audit Logging interface Encryption Key Rotation - Encryption keys used to secure PII data can now be rotated on demand as required for compliance and security best practice Feature Quantiles - The quantile can now be calculated for any feature New Tag Profiling interface - An additional tryCollect() interface has been added to tag profiling to provide immediate collection of partial Device Fingerprint attributes
Bug fixes & Improvements: Admin Menu - has been moved to user drop down menu and Deployments and Node Settings have been added in place to improve user experience and workflow Query language fixes - errors when searching for UUID or (some) signature values has been fixed Secure ID - A race condition affecting Secure ID collection rates has been fixed CloudFront - misc. bug fixes and enhancements CloudFlare - misc. bug fixes and enhancements
|
May 9, 2024 | 1.5.18 | Version 1.5.18Attribute Validation - invalid/malformed attributes provided via API or extracted via edge are now recorded in a new "invalid attributes" attributes. Visual queues have been added in both the Event Grid and Event Side Bar to aid investigation of integration issues. Features - "Same as current event" added as new selection for all feature types. Query Language - checkLabel function has been added to search for labels inside Investigations view. Behavioural Identity Graph Support has been added for composite attributes (Address, Telephone etc) Timeline View has been added
Device Profiling Device Signature model has been enhanced Mobile device identification models have been enhanced Secure ID has has enhancements to make it more robust and effective for session replay detection Bugfix: 'unsafe-inline' now supported in CSP edge processing
Dashboards
|
April 17, 2024 | 1.5.17 | Version 1.5.17Bug fixes & Improvements: Identifier View - misc. fixed and improvements Device Signature - model updated to improve mobile device recognition Event Sidebar - misc. fixes and improvements API - Telephone Number support added for Dial Code + National Number in addition to E164
|
March 14, 2024 | 1.5.16 | Version 1.5.16Akamai(Linode) CDN Support - Official release supporting Linode CDN integration iOS/Android SDK - Official release for both Android & iOS devices. Learn more at Mobile SDK Deployment and API Reference Dashboards - 12 New dashboards - New ATO Tab containing Suspect Devices, Potential Victims and Attack Velocity in addition to new Device and BOT dashboards Identifier View - Event Grid added to Identifier View to display events when clicking on a graph node
|
February 29, 2024 | 1.5.15 | Version 1.5.15iOS/Android SDK (beta) - Perform native profiling (with behavioral biometrics) on Android & iOS devices. Learn more at Mobile SDK Deployment and API Reference Distance function - search events based on the distance between 2 points Touch biometrics signature - we are now creating a biometrics signature for touch devices. This complements our existing functionality delivered in 1.5.13
|
February 16, 2024 | 1.5.14 | Version 1.5.14Header Enrichment - edge journey authors now have the ability to extract attributes from the request body, run decisions, and inject decision outcomes as headers prior to the request going to the origin
Ability to Create a query from identifier view - users are now able to select 1 or more nodes / clusters in the identifier view, and perform a search in the investigations query view using these values. An icon exists for this on the top-right of the identifier view
Bug fixes & Improvements: Granular IP info - Where IP intelligence for a given tcp connection is collected from multiple sources concurrent (eg cloudflare AND ipdb), this information is now properly presented as "IP insights" for that vendor
Device ID - numerous improvements to device re-recognition and signature Bugfix: profiling.set_cookie now returns correct results for both edge and tags implementations Bugfix: timestamps in sidebar are now filterable (using the context menu on a value) Identifier view: - The identifier view now omits DNS IP from the view. This was previously polluting the identifier view as there was over-connection with iterations (due to many users having the same DNS)
|
February 2, 2024 | 1.5.13 | Version 1.5.13Biometrics Signatures (mouse)
Reduces mouse/touch interactions from a step into a single attribute each. Can be compared across events to show similarity, where differences in input that lead to more important changes in outcome cause a larger decrease in similarity than less important differences. Allow interactions with similar behaviors to be grouped together in the UI. Allows outcomes from past events to be extrapolated in real-time to affect decisions about future events with similar biometric behaviors. Allows Darwinium users to efficiently find correlations and discrepancies in biometric behavior for the same account.
Identity Graph Updates
Provide the ability to adjust the similarity match parameters on multiple identifiers simultaneously Note: the behavior of this screen has changed slightly - you need to hit "search" in the top right to update changes
Journey Authoring Feedback
Query view - The query view has been redesigned with better usability in mind. In particular there have been changes to the time range selector and the query text input may be height-adjusted (similar to Microsoft Excel)
Bug fixes & Improvements: Device signatures - fixed multiple issues where device signatures were being mis-classified and merged identifiers were not coalescing correctly CVV - fixed an issue with input where numbers were being interpreted as a CVV and the data was being dropped
|
November 12, 2023 | 1.5.12 | Version 1.5.12Journey authoring Feedback - Provides inbuilt diagnostics for self-service journey authoring (streamlines setup process) Expression feature - enables aggregate statistics around any user-entered expression that produces a number Improved device ID re-recognition Numerous Performance tweaks to edge implementations
|
October 3, 2023 | 1.5.11 | Version 1.5.11Edge Deployment
Deployment monitoring - Deployment monitoring enables Darwinium to monitor the status of deployed workers on your CDN infrastructure to ensure their correct operation, and provides user indication if there is a misconfiguration that has occurred after a deployment (such as a change-to or clearing of a route) It has been designed to work with both Darwinium's inbuilt deployment manager and with externally managed deployments using Terraform. To use deployment monitoring you will need to enter a new set of credentials with read-only access to your AWS Cloudfront Distribution or Cloudflare workers in node settings. Support for multiple edge targets - Previously our deployment manager supported a single configuration for Cloudflare and Cloudfront deployment. Release 1.5.11 provides support for sophisticated deployment topologies where multiple edge targets are required. Darwinium routes traffic to specific configurations through the use of a targets valid_host_list parameter, defined in your nodes' journeys.yaml file Support for host aliases - Users now have the ability to define one or more aliases for a given hostname defined in the valid_host_list of journeys.yaml. For example, if your valid_host_list contains example.com - you can provide aliases such as www.example.com, staging.example.com, foo.bar.com. At deploy time, Darwinium reviews this list and re-aligns its routes accordingly. If no aliases are provided, the system will fall back on the original hostname. Ability to use a single git repository for multiple environments - Darwinium provides the concept of nodes. Nodes provide segmentation of event data, access permissions, deployment configuration, and decisions to particular environments (e.g. prod, staging) or brands. In the previous status quo a node has a 1:1 relationship with a git repository that stores node-specific journey definitions. With new functionality, a single deployment artifact is able to operate across environments, without having to copy configuration files from one node repo (e.g. staging) to another node repo (e.g. production). This functionality has been designed to operate with our new host aliases and support for multiple edge targets functionality. Ability to work with existing Cloudflare service bindings - This new functionality enables Darwinium's deployment manager to deploy to routes where an existing cloudflare worker is present. We use Cloudflare's Service Bindings to enable both Darwinium workers and your existing workers to co-exist.
Ability to directly execute PMML models in workflows - This feature enables users to generate Predictive Model Markup Language (PMML) files using their own tooling, which can then be uploaded to your node's git repo and executed in journey workflows in the same way that rules or feature files are executed. Users are able to select an output defined in the PMML model, which provides the model score. Under the hood, Darwinium converts this model into WebAssembly, which is then executed directly at the edge. Customer S3 bucket transformer - Provides the ability to extract event data written to a customer-hosted S3 bucket using our python library. This can be achieved without needing to call Darwinium's services, and only S3 read credentials to the customer bucket are needed. Profiling Support for Shadow DOM elements in edge-side and tags-only deployment. New configuration parameters enable the use of a deep query selector that is able to locate DOM elements that are nested within a shadow root. Touch Dwell Time Biometrics context - Darwinium now provides profiling.javascript.touch_biometrics.swipe['DWELL_TIME'].* attributes. DWELL_TIME is the time interval between a touch start and a touch release, and is useful in models such as bot detection
Signal - Profiliing signals disabled/permission denied on device - profiling.device.signals now provides a number of additional signals to denote when features such as geolocation or accelerometer have been disabled on a profiled device:
Darwinium Portal Identifiers view Added a setting for max iterations - this defines the number of associated leaves to iterate through when displaying the graph. A lower number of iterations means fewer connections. Display of labels associated with an identifier node - provides the ability to instantly identify good and bad behavior on a given identifier node Ability to maintain focus on a selected node across settings changes Graph layout an performance improvements
|
August 18, 2023 | 1.5.10 | Version 1.5.10DNS Profiling - Darwinium now supports the ability to profile end-user DNS IP addresses used to resolve hostnames. This feature will automatically begin working when you update your profiling plugin (use marketplace > Darwinium profiling > Install) Fuzzy Digital ID Support (Beta) - Our engine has added the ability to resolve multiple similar device identifiers into a single value automatically. Previously used identifiers are visible in the merged_identifiers attribute Identifiers View (Beta) - The identifiers view enables exploration of entities and their links. Devices are grouped into clusters of similarity Protobuf Support in Engine - The Journey Assistant and Journey editor now support extraction and mapping of request headers, bodies and query parameters encoded in protobuf format. This is a binary transmission format that has become popular through technologies such as gRPC. Journey Metadata - support for signals created in assemblyscript files (.ts) to be visible in the event detail sidebar
|
July 26, 2023 | 1.5.9 | Version 1.5.9Enhanced signals and scores - We now use metadata collected when you publish a journey to populate signals & scores view of the event details sidebar. This means more granular insights into where a signal produced is coming from in your rules, as well as the ability to filter on the condition constituting a rule (if applicable) PII field redaction in query URL - when creating a step where the step url may contain elements of Personally Identifiable Information (PII), Darwinium now redacts this information from the step_url attribute
Daily synchronization of IP database - We now synchronize our IP intelligence database feed on a daily basis (previously this was updated with every release)
|
June 29, 2023 | 1.5.8 | Version 1.5.8Biometrics Visualization in detail sidebar - Release 1.5.8 includes a significant update around the visualization of biometrics data from keyboard, mouse and sensors. Previously this was shown as raw values in the event detail sidebar. With the new enhancement we provide tabulated statistics for each form field as well as additional timing statistics illustrating how an end user navigated form fields on a page. HTTPS profiling - HTTPs profiling provides comprehensive details on device using information extracted from the TLS handshake process. This includes details such as JA3 fingerprints. This can be seen in the event detail sidebar (where supported) under "network insights" Feature visualization in event detail sidebar - Feature values now provide detailed insights around the definition that they were created from. To view this, simply hover your mouse over a feature definition in the event details sidebar.
|
June 15, 2023 | 1.5.7 | Version 1.5.7Edge-side event encryption - Darwinium edge workers now encrypt all sensitive event data on the edge worker prior to this being sent to Darwinium (or your own S3 infrastructure). Customer S3 storage - Customers are now able to store their event data on their own S3 infrastructure. More information can be found at Data Storage On Darwinium
Journey Debugger (Alpha) - We have developed a new tool in our workflow editor that enables Debugging Journeys in a single-user mode prior to deployment using our Journey Assistant proxy. Please view documentation for more information
Tags-only profiling - For customers who do not have a compatible CDN, Darwinium now provides traditional tags based profiling capability. More documentation can be seen at: Tags Deployment
Support for step-level snippets - Marketplace Extension authors can now create snippets and templates that operate at a step level. Previously we provided integrations that operated in the data mapping and workflows scope. This new functionality has been used by Darwinium to create our Tags-only profiling capability.
Terraform support - Customers who have a sophisticated deployment review process or who do not wish to enter their CDN credentials now have the ability to manage deployment using an external Infrastructure As Code (IaC) platform such as Terraform or Pulumi. More details on the use of this can be found at: Controlling Darwinium's deployment using Terraform
|
May 29, 2023 | 1.5.6 | Version 1.5.6 |
March 8, 2023 | 1.5.5 | Version 1.5.5Migration of event data to use HPKE - Darwinium has migrated encrypted event data from AES-256GCM to Hybrid Public Key Encryption. This provides the advantage of being able to encrypt data with a public key, with the reduced size of assymetric encryption. We plan on using this new functionality to encrypt events at the edge in a later release this year
|
Feb 27, 2023 | 1.5.4 | Version 1.5.4Deployment manager - Previously Darwinium was configured to automatically deploy changes to a Journey when they were pushed to a customer's node git repository. Deployment Manager now provides the ability to manage builds, select a build for deployment and roll-back configuration to previous values.
|
|
|
|