Notable releases, improvements, and security-relevant changes. We ship continuously — this page lists the changes worth knowing about.
Released
Performance regression alerts (Core Web Vitals)
Once a week per site we run a synthetic mobile audit through Google PageSpeed Insights and store overall score, LCP, CLS and INP. We don't draw charts or pretend to be Datadog — we tell you when something measurably regressed (score dropped 15+ points, or LCP grew 50% past the 2.5s threshold) and we surface what else changed at the same time on the same site, so you can tell a deploy from a problem. Enable from the Performance card on any site's Monitoring tab; a 'Check now' button covers post-deploy checks. No JavaScript added to your site — measurement runs in Google's lab.
Released
Content / defacement monitoring with visual diff
Hashes your homepage (and up to 5 paths) every 6 hours. Unexpected content drift fires a HIGH alert through your normal channels. The dashboard renders the agreed-good baseline next to the current capture in a sandboxed side-by-side iframe, so you can SEE what changed — not just that something did. False-positive control: scripts, styles, CSRF tokens, nonces, cache-busters and timestamps are stripped before hashing, and a one-click 'Re-capture baseline' accepts legitimate edits without losing site state.
Released
TLS deep audit
On every site scan we now go beyond cert-expiry: probe TLS 1.0/1.1 (deprecated → HIGH if accepted), inspect the leaf cert for self-signed status, weak RSA keys, deprecated SHA-1/MD5 signatures, and audit HSTS posture (max-age, includeSubDomains). Cloudflare-fronted sites are detected via CF-Ray header so we measure CF's edge accurately; Let's Encrypt 90-day certs aren't false-flagged for short remaining validity. Findings appear under the new TLS category.
Released
Site detail tabs + collapsible cards
Every site detail page now uses a tabbed layout (Overview / Findings / Monitoring / WordPress / Forensic / Settings) — the agentless monitoring cards (uptime, content, supply-chain, edge protection) sit together so the agentless customer's primary use case is one tab. Cards are collapsed by default; click to expand and your choice is remembered per site.
Three Vault improvements landed today. The dashboard now correctly shows 'Backup running' for the full duration of a real restic operation (not just the queue window). The integrity-check / restore-verify scheduler skips targets that have an in-flight backup, so you stop seeing scary 'repository is already locked' attestation failures from concurrent runs. Agent v0.2.60 self-recovers stale restic locks (orphaned by a previous crashed run) by checking PID liveness and lock-vs-boot-time before running unlock — backups self-heal without operator intervention.
Improved
Scheduled vs manual scan labels
When a scheduled scan fires (the nightly automated run), the scan progress banner now reads 'Scheduled scan' instead of 'Scanning' — so you can tell at a glance whether something you triggered is running, or it's the routine scan doing its thing.
Released
Astrari brand and visual refresh
We're now Astrari (formerly IncusWatch). New wordmark, refined palette, hero video with narration, and a calmer interface throughout. Same product, same dashboard, same data — just dressed properly.
Released
Forensic diagnostic — boot history, OOM kills, and the right logs
Click 'Run diagnostic' on any server or site. In one to two seconds the agent collects a forensic snapshot — boot history, out-of-memory kills, failed services, disks at ≥85%, and the most recent error and warning lines from nginx, Apache, PHP-FPM, MySQL and the system journal. Site-scoped diagnostics parse vhost configs to surface that domain's logs first. Works on Plesk, cPanel/WHM, and bare servers.
Released
PDF reports — summary and per-asset
Generate branded PDF reports covering any time period. Choose a multi-asset summary across your portfolio or a deep-dive on a single server or site. Includes findings opened, resolved, and currently open, with severity breakdowns and asset scores. Available on every plan.
Released
Alert routing with per-asset severity thresholds
Connect Slack, Microsoft Teams, PagerDuty, or a custom webhook (HMAC-signed). For each server and site, pick the contacts and channels that should be notified, plus a severity threshold so you only hear about what matters. Each finding alerts each recipient at most once. PagerDuty re-fires share a stable dedup key.
Released
Multi-tenant client sub-accounts (Agency)
Agency-plan customers can now group servers and sites under named clients, give each client their own login, and issue per-client API keys. Client logins see only their own assets; agency staff see everything across clients.
Improved
Server score history with sparklines
Every server now carries a 0–100 score sparkline showing the trend over the last 30 scans. Useful for client reporting — and for spotting when a server's posture is drifting before it becomes a problem.
Security
Signed agent updates (Ed25519)
Agent self-updates are now verified against an Ed25519 signing key. The agent will refuse to apply an update that doesn't validate against our public key — a stolen mirror or compromised CDN can't push code to your servers.
When a WordPress site is linked to a server, the agent scans the WordPress database for injected iframes, obfuscated payloads, and hidden links — then reports findings back into the dashboard alongside the external scan results.
Improved
Faster Wordfence Intelligence sync
Vulnerability data refresh dropped from a daily full sync to incremental delta updates. New CVEs typically appear in the dashboard within five minutes of publication.
Released
File integrity monitoring (FIM)
On first run after install, the agent establishes a hash baseline of critical system files. Every subsequent scan diffs against the baseline and reports unexpected changes — which is often the earliest signal of compromise on an otherwise quiet server.
Released
SSH hardening checks with one-click auto-fix
The agent reads sshd_config and flags root login, password authentication, empty passwords, and legacy protocol settings. Apply the recommended change from the dashboard — the agent edits the config and reloads sshd. Safe rollback is one click away.
Released
OS package update tracking and selective patching
See every available OS package update across your servers, with CVE counts where applicable. Patch selectively (just the security updates, just one package) or apply all at once. The agent handles execution and reports the result back.
Released
Linux server agent — Trivy, ClamAV, rkhunter, MalDet
Initial release of the Astrari Linux agent. Statically compiled Go binary, runs on a systemd timer, posts findings back over outbound HTTPS only. All scan tools execute under nice -n 19 ionice -c 3 — invisible to live workloads.
Want to suggest something or report a bug? Email us.