Precision Defense: Wirespeed’s Custom Groups & Granular Remediations

Wirespeed hit a significant milestone this quarter: 50 total integrations and over 2.5 million endpoints under monitoring. 

And we’re just getting started. We’ve spent the past few months shipping new integrations and product updates to put more security power in the hands of IT teams and MSPs. You can now:

• Connect 30+ new integrations to Wirespeed

• Get 24/7 information from the “Ask Wirespeed” chatbot

• Apply actions that match the risk with granular remediations

• And more!

Below, we’ll explore how our latest updates and features give you further control to use Wirespeed to your advantage.

New integrations

Wirespeed connects to your existing security tools to provide automated threat detection, investigation, and response. Our integrations are designed to work together by combining detection sources with user directories, endpoint managers, and communication platforms to enable automated detection and response (ADR).

We ship new integrations every week, but we’re highlighting ones that may be most impactful for our users from the past quarter:

Identity & access management

• 1Password & Bitwarden: You can now integrate 1Password and Bitwarden with Wirespeed to ingest security-related events. This includes tracking successful and failed sign-in attempts, administrative actions, and item usage when credentials are accessed. 

Network & perimeter security

• SonicWall and Check Point Firewalls: Wirespeed now ingests logs from these firewalls to provide better visibility across your network perimeter. This integration offers insights into network activity that would otherwise remain hidden.

• Cisco Secure Access: We have added support for Cisco Secure Access to further bolster our network security capabilities.

Vulnerability & patch management

• Horizon3.ai: You can now add NodeZero to verify whether detections correlate to specific pentest activity.

• SafeBreach: For those running attack simulations, our detections can now be correlated to both active and past SafeBreach simulations to help defenders avoid unnecessary alert noise.

Endpoint & IT service management

• Halcyon: This new integration syncs anti-ransomware alerts and endpoint data — including detections, artifact enrichment, and inventory — directly into Wirespeed.

• HaloITSM: You can now streamline your workflow by automatically creating tickets for new Wirespeed cases.

You can step-by-step instructions for connecting the above integrations (and more) here.

Product updates

We are constantly implementing updates and new features to the Wirespeed platform. Recent updates allow users to access information faster, further personalize the platform to fit their business’ needs, and communicate with their teams in real-time. 

Granular remediations

Not all attacks are created equal, which means security teams need more than a one-size-fits-all solution for responding to threats. 

For example, if an employee falls victim to session hijacking, the threat actor will only have access to the victim’s current session. In this case, most businesses would prefer to avoid disabling the user’s account completely to save time and productivity.

Not all attacks are created equal, which means security teams need more than a one-size-fits-all solution for responding to threats. 

Wirespeed now offers full visibility and fine-grained control over every containment action taken on your assets (users, endpoints, and files) so your team can respond proportionally to each threat. How it works:

• Apply actions that match the risk: Instead of a single “contain” button, you can now pick exactly which actions to run when containing an asset.

  • Users: Disable the account, reset their password, or revoke active sessions — individually or in any combination

  • Endpoints: Isolate from the network

  • Files: Quarantine to prevent execution 

• Verify what’s already happened: Review full containment history for any asset to avoid duplicate actions and confirm containment state at a glance.

Ask Wirespeed chatbot

At Wirespeed, we have always been clear that we don’t believe AI can be trusted to make reliable, predictable security decisions. But probabilistic AI can excel elsewhere: summarizing complex data and converting natural language into structured information. 

We’ve released “Ask Wirespeed” in the Wirespeed platform to build on where AI excels. Users can ask questions about recent detections and access event telemetry — and receive a response 24/7. 

Our chatbot was even able to identify an initial access vector when asked to “dig deep” into an existing case, operating similar to an incident responder. 

Custom groups

Every business and digital environment operates differently. 

For example, you may have virtual machines (VMs) operating in an isolated network that run critical business services, but aren’t recognized as servers. To mitigate the risk of avoidable downtime, you would likely want to refrain from auto-containing those VMs. In another instance, you might lead IT at a large enterprise that wants to slowly incorporate Wirespeed across various franchises, one at a time. 

To meet the unique needs of each environment, Wirespeed has launched custom groups.

Each custom group includes:

• Name: A short label displayed throughout the platform

• Description: Optional context for your team

• Color: Visual identifier shown on badges

• Chat Ops: Enable or disable chat ops for the group

• Containment: Enable or disable containment for the group

• Source systems updates: Sync detection changes related to these assets back to your detection platforms

Users now have more control over automation behavior such as ChatOps and containment across asset types. You decide when and how Wirespeed operates across your digital infrastructure. 

Learn more about how to edit groups here.

Updated timeline features

Case and detection timelines have been updated to allow real-time communication throughout an investigation. 

Users can now add, edit, and delete comments, attach images (drag-and-drop or paste), and review system activity alongside discussion. The update allows for more streamlined case management, as users can see what was said about a detection, who said it, and when it was added.

Updates that put the power in your hands

At Wirespeed, we are here to help protect your business and clients with rapid response, consistent verdicts, and complete investigations. But you’re in charge.

New integrations and product features are all created to make your job easier. Add your existing security tools, customize the platform to fit your needs, and control how threats are managed end-to-end.

LIGHTING-FAST SPEED. LASER PRECISION.

Automated Threat Detection & Response 

See how Wirespeed MDR can stop threats in seconds >

This blog post is designed to provide general information on the topic presented and is not intended to construe or render legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites. 

Copyright © 2026. All rights reserved. Coalition, Wirespeed, and the Coalition logo are trademarks of Coalition, Inc. All other products and company names are the intellectual property of their respective brand owners.