Stellar Cyber is rolling out
version 6.0.0 of its open XDR platform, and the focus is clear: give analysts fewer buttons to press, fewer tickets to chase, and better intelligence to act on. This release doesn’t just update the user interface or add features, it pushes closer to an environment where humans set direction, and AI does the rest.
Human-Augmented, Not Human-Free
Subo Guha, senior vice president of product management at Stellar Cyber told MSSP Alert that the term “autonomous SOC” can be misleading if it implies removing humans entirely. “In many industries, ‘autonomous’ suggests the removal of humans from the loop – think self-driving cars or fully automated factories. But cybersecurity is different,” he says. “We define the autonomous SOC not as human-less, but as human-augmented.”
With 6.0.0, the platform automates much of the tier-1 and tier-2 work that used to drain security teams -like correlating data across sources, mapping to MITRE ATT&CK, and surfacing root causes. “It’s a leap toward AI-driven, intelligent co-piloting for analysts,” Guha adds. “The system surfaces justifiable evidence, recommends next steps, and enables oversight – so analysts can focus on strategic decisions, not alert triage.”
AI That Understands Intent, Not Just Inputs
One of the headline features is the new AI Investigator. Instead of crafting queries, analysts can now ask questions like “Show me login anomalies for this user,” and get real results in context. “Our AI Investigator automatically follows investigation threads that a seasoned analyst would, including entity pivots, enrichment, and risk scoring, but does it in seconds,” Guha explains. Phishing triage is also automated now, with machine learning classifying emails and reducing noise.
Still, he stresses that human oversight hasn’t gone anywhere. “Humans remain essential. The system automates the 80% that’s repetitive, so humans can focus on the 20% that truly demands judgment,” he says. “The role shifts from reactive firefighting to strategic oversight.”
More Inputs, Smarter Outcomes
The update brings expanded integrations across endpoint, cloud, identity, and threat intel feeds. But rather than overwhelm analysts, the platform filters and correlates data into actionable incidents. “Instead of drowning customers in data, we normalize and enrich it in a unified Open XDR layer,” Guha says.
That approach also extends to flexibility. Users can apply custom detection rules, assign risk scores, or whitelist expected behaviors. “We offer power where it’s needed, and simplicity where it matters,” Guha says.
For MSSPs and large enterprises managing multiple tenants, tenant-aware intelligence and customizable dashboards mean less duplication of effort. Saved views, branding support, and light/dark UI modes are quality-of-life improvements, but they also help reduce investigation fatigue over time. The platform’s open architecture and integration flexibility ensure that teams can build on top of what they already use. Whether it’s an MSSP managing dozens of tenants or an in-house SOC looking to scale fast, version 6.0.0 is built to adapt.
