Release: 2026-02-09

[jeff-matthews]

This pull request (PR) publishes docs for the February 2026 release across the following versions:

• BloodHound v8.6.0
• SharpHound v2.9.1
• AzureHound v2.9.0

This includes individual PRs that have been reviewed and approved separately.

• BP-2378: Update API reference for v8.6.0 #179
• BP-2377: Release notes (February 2026) #176
• Docs: Update with new API permission requirement supporting BED-7248: Entra ID User Last Logon Timestamp AZUser Node Property  #170

Staging

https://specterops-release-v8-6-0.mintlify.app/resources/release-notes/summary#2026-02-11

Summary by CodeRabbit

• New Features

  • Custom User-Agent flag support for AzureHound data collection
  • Run button for Cypher-based rule testing with preview
  • Zone name display in object information

• Enhancements

  • Expanded saved Cypher query editing permissions to User and Power User roles
  • Standardized certification terminology (Reject replaces Revoke)
  • AzureHound now collects last successful sign-in data from Azure
  • Updated UI labels and documentation clarity

• Bug Fixes

  • Resolved 12 issues across components

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

 ____________________________________________________________
< If you don't finish then you're just busy, not productive. >
 ------------------------------------------------------------
  \
   \   \
        \ /\
        ( )
      .( o ).

_{✏️ Tip: You can disable in-progress messages and the fortune message in your review settings.}

Tip

CodeRabbit can use Trivy to scan for security misconfigurations and secrets in Infrastructure as Code files.

Add a .trivyignore file to your project to customize which findings Trivy reports.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/v8.6.0

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docs/install-data-collector/install-azurehound/azure-configuration.mdx (1)

404-414: ⚠️ Potential issue | 🟡 Minor

Add optional AuditLog.Read.All permission to the PowerShell script for parity with manual steps.

The manual steps include an optional AuditLog.Read.All permission (step 8) to enable collection of AZUser.LastSuccessfulSignInDateTime, but the PowerShell script omits this permission. Since the script is described as achieving "the same" as the manual process, users following the PowerShell approach cannot access this optional capability.

Consider adding a commented-out section showing how to include AuditLog.Read.All in the Update-MgApplication call, or note that it must be manually added after running the script.

docs/analyze-data/privilege-zones/certification.mdx (1)

44-65: ⚠️ Potential issue | 🟡 Minor

Align action terminology with “Certify/Reject”.

The updated UI uses Certify/Reject, but this section still says “approve.” This can confuse readers.

🔧 Proposed wording fix

-The **Certifications** tab on the **Zone Builder** page allows administrators and power users to review, approve, or reject certifications for objects in zones where manual certification has been configured.
+The **Certifications** tab on the **Zone Builder** page allows administrators and power users to review, certify, or reject certifications for objects in zones where manual certification has been configured.
@@
-        <Note>Actions are only available for certifications that require manual approval. You cannot approve or reject **Automatic Certifications**.</Note>
+        <Note>Actions are only available for certifications that require manual approval. You cannot certify or reject **Automatic Certifications**.</Note>

🤖 Fix all issues with AI agents

In `@docs/resources/release-notes/2026-02-09.mdx`:
- Around line 30-33: The release note uses the wrong Microsoft Graph property
casing; update the text that references LastSuccessfulSignInDateTime to use the
correct lower-camel-case property name lastSuccessfulSignInDateTime wherever it
appears (specifically the sentence describing AzureHound support for collecting
the property) so the documentation matches the actual Microsoft Graph property
name.

🧹 Nitpick comments (2)

docs/collect-data/ce-collection/azurehound-flags.mdx (1)

90-98: Documentation for the new --user-agent flag looks good.

The description clearly explains the purpose (evasion, debugging, identification) and the example demonstrates usage. One minor inconsistency: this example places list before the authentication flags, while earlier examples (e.g., line 52) place list after them. Both work, but consider aligning the order for consistency.

📝 Optional: Align command order with other examples

-./azurehound list --tenant "contoso.onmicrosoft.com" -u "MattNelson@contoso.onmicrosoft.com" -p "MyVerySecurePassword123" --user-agent "MyCustomAgent/1.0"
+./azurehound -u "MattNelson@contoso.onmicrosoft.com" -p "MyVerySecurePassword123" --tenant "contoso.onmicrosoft.com" --user-agent "MyCustomAgent/1.0" list

docs/openapi.json (1)

7245-7259: Consider encoding the default for only_traversable.
If false is the intended default per the description, adding a schema default helps client generation stay accurate.

✏️ Add a schema default

             "schema": {
-              "type": "boolean"
+              "type": "boolean",
+              "default": false
             }