What's New in Monad: February 2026

Darwin Salazar

Head of Growth

If you've ever burned an afternoon writing a custom parser because one source sends epoch milliseconds and another sends ISO 8601, February's for you. We shipped in-pipeline timestamp conversion, expanded Cloudflare coverage to 13 sources, and added 17 new integrations across identity, cloud, and infrastructure.

That puts us at roughly 270 integrations. Everything still normalized, enriched, and filtered before it hits your SIEM or data lake. We also opened up custom HTTP authentication for sources with non-standard auth flows. Less waiting on us, more just connecting it.

Here's what we landed in February.

17 New Integrations

Cloudflare (4 new sources, all in beta)

We now support 13 Cloudflare sources. If you've been maintaining custom collectors for different Cloudflare data types, you can retire them. Full coverage for Cloudflare environments: network security, access control, DDoS analytics, and HTTP layer visibility.

Access Login Events – User login activity through Cloudflare Access, so you can track who's authenticating through your Zero Trust perimeter
DDoS Attack Analytics – DDoS threat and mitigation data for real-time visibility into attack patterns hitting your infrastructure
Firewall Events – Firewall rule match events for detection writing and policy validation
HTTP Requests – HTTP access logs for traffic analysis, anomaly detection, and incident investigation

Bitwarden (2 new sources)

Bitwarden Users – Sync your user roster for identity correlation and access reviews
Bitwarden Events – Activity and access event logs to track vault access, login attempts, and credential sharing

Google Cloud (2 new sources)

Google Pub/Sub – Ingest messages directly from Google Cloud Pub/Sub topics. If you're already routing security events through Pub/Sub, you can now pull them into Monad without building a custom subscriber
Google Workspace Takeout – Import data from Google Workspace data exports for compliance workflows and historical analysis

And a bunch more:

JumpCloud Events – Device and user activity events from JumpCloud, useful for endpoint and identity monitoring in JumpCloud-heavy environments
OwnBackup Account Activity (beta) – Monitor account activity logs from OwnBackup for audit and compliance
Bugsnag Organization Events – Error monitoring and deployment events, so your AppSec team can correlate application errors with security events
Aiven Service Logs – Logs from Aiven managed cloud database and streaming services for infrastructure monitoring
Kolide Audit Logs – Device security audit events from Kolide for endpoint compliance tracking
Cloudsmith Audit Logs – Package registry audit logs for supply chain security visibility
Brinqa Audit Logs – Audit logs from the Brinqa cyber risk management platform
AWS IAM Alias – Retrieve your AWS account IAM alias for enriched asset identification. Small but useful: makes multi-account AWS environments easier to distinguish in your detections
Opal Security – Access management events from Opal for just-in-time access monitoring and privilege escalation detection

Platform Updates

Timestamp Conversion – Convert between timestamp formats and timezones in your pipeline. If you've ever written a custom parser because one source uses epoch milliseconds and another uses ISO 8601, this saves you the trouble
Custom HTTP Authentication – More flexibility when connecting to sources that use non-standard auth methods. Less "can you support this auth flow?" and more "just connect it"