>
    Strata Copilot
    New Features in February 2026
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Release Notes
    4. New Features in 2026
    5. New Features in February 2026
    Download PDF
    Device Security

    New Features in February 2026

    Table of Contents

    New Features in February 2026

    Review the new features introduced in Device Security in February 2026.
    Where Can I Use This?What Do I Need?
    • Device Security (Managed by Strata Cloud Manager)
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
    • Device Security X subscription
    The following new features and enhancements were introduced for Device Security in February 2026.
    New Features
    Vulnerability signatures
    The Device Security Research team added detections for 722 vulnerabilities this month. Of the 722 vulnerabilities, 69 of them had a critical CVSS score. You can see a complete list of the CVEs for which detections have been added at Vulnerability Signatures in 2026.
    Dictionary file update
    There were four dictionary file updates in February 2026. The following summarizes what was added in each update:
    • February 05 update – 18 new profiles, 22 new vendors, 13 new OSes, 2 new OS families, and 55 new models
    • February 11 update – 3 new profiles and 5 new vendors
    • February 19 update – 28 new profiles, 11 new vendors, 12 new OSes, and 84 new models
    • February 26 update – 26 new profiles, 22 new vendors, 5 new OSes, and 85 new models.

    Device Security Integration with Cortex XDR XQL

    Relying on the standard API connections for Cortex XDR® often limits the depth of endpoint data you can retrieve, creating visibility gaps that complicate asset management and vulnerability prioritization.
    Palo Alto Networks® Device Security now addresses this limitation by using XQL queries to ingest comprehensive endpoint telemetry from your Cortex XDR® environment. This integration enhances standard public API capabilities by collecting detailed software inventories (SBOM), operating system patch data, and vulnerability (CVE) information. This provides a more complete view of your network endpoints and helps you prioritize vulnerabilities more effectively.
    By enriching your asset profiles with extensive OS details and additional vulnerability and patch data, you gain a more accurate understanding of your network endpoints. This enhanced visibility helps you track software vulnerabilities and streamline your remediation efforts using detailed, correlated data.

    Device Security Enhancement for Cisco Meraki SSID Filtering Scope

    When configuring a Cisco Meraki integration instance with Device Security, you can specify Service Set Identifiers (SSID) to include or exclude from the scope of the data ingestion. If an SSID appears in both the include and exclude lists, causing a conflict, then the exclusion takes priority. Configure SSID filtering to prioritize which SSIDs you want to actively monitor through the Cisco Meraki integration.

    Device Security Device Search API Enhancements

    The response of the Device Security Device Search API now returns more parseable results. With this enhancement, the API returns a site name, instead of a site ID, for a device search. Additionally, the API also returns the results sorted by the Last Activity attribute, in descending order.

    © 2026 Palo Alto Networks, Inc. All rights reserved.