> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/release-notes/respond-ux-rux-1/april-2026-release-notes-rux.md).

# April 2026 Release Notes (RUX)

## 🛡️ Coverage

#### Rapid Release Improvements

The following improvements have been made to algorithms since the last software release cycle. Customers that are connected to Vectra’s update service with Remote Support enabled have received these improvements. All other customers will be receiving the following improvements as part of this release:

* **SASE Smash-and-Grab Exfiltration Detection:** New coverage extends Smash-and-Grab exfiltration detection to SASE (Zscaler and Netskope) traffic.
* **XWorm C2 Detection:** New coverage identifies encrypted check-in traffic patterns over TCP, improving detection of modern XWorm variants communicating with attacker infrastructure.
* **Beaconless C2 (Unknown + TLS):** Behavioral models now detect long-lived, non-beaconing C2 sessions across both unknown and TLS protocols, including HTTPS and TLS-wrapped channels. This improves visibility into encrypted and interactive hands-on-keyboard activity while maintaining low detection noise.
* **Sliver & PoshC2 Enhancements:** Updated coverage improves detection of evolving Sliver HTTP encoder variants and introduces new visibility into PoshC2 activity over HTTP and HTTPS, strengthening detection of PowerShell-based C2 frameworks.

## ⚙️ Architecture/Administration

### Traffic Visibility Drop Alerting

Vectra AI is introducing new health notifications to alert significant drops in observed IPs, traffic bandwidth, and packet volume that may impact detection coverage. Using machine learning, these alerts adapt to each customer’s unique network patterns and identify meaningful deviations without relying on static thresholds. Alert notifications can be delivered via email, webhook integrations, API, or Syslog on QUX.

This enhancement provides earlier awareness of visibility gaps, helping security teams quickly identify and address potential blind spots. Availability begins in April, with rollout planned in phases to ensure optimal signal quality and customer experience.

<a href="https://docs.vectra.ai/deployment/traffic-engineering-and-validation/traffic-visibility-drop-alerting" class="button primary">Read the documentation</a>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.vectra.ai/release-notes/respond-ux-rux-1/april-2026-release-notes-rux.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.