Changelog
All notable changes to the OpenALBA specification are documented here.
This changelog follows Keep a Changelog format, and the project adheres to Semantic Versioning.
Roadmap
v2.1In Development
Target: Q2 2026
- •Graph-based entity relationship modeling for lateral movement detection
- •Enhanced autoencoder specifications with reconstruction error thresholds
- •Streaming baseline updates for real-time adaptation
- •Additional detection patterns for cloud-native environments
v2.2Planning
Target: Q4 2026
- •Federated baseline sharing protocol (cross-organization threat intelligence)
- •Privacy-preserving anomaly detection methods
- •Integration patterns for service mesh observability
v3.0Discussion
Target: 2027
- •Causal inference for root cause analysis
- •Multi-signal correlation framework
- •Specification modularity improvements
Release History
[2.0.0]
-2026-01-31stableContributors: J. Carlyon, N. Bobrick, N. Schmitz
Added
- +Dual-score architecture: Separation of anomaly detection (objective) from risk assessment (contextual)
- +Consumer-specific risk profiles: Configurable weights for Security, SRE, and Engineering teams
- +Cold-start handling: Confidence-weighted baselines, peer group transfer, progressive thresholds
- +Time decay functions: Configurable decay rates for persistent anomalies
- +ML baseline methods: Isolation Forest, autoencoder specifications
- +15 detection patterns: Including account takeover, API abuse, IDOR detection
Changed
- ~Anomaly score calculation now uses four-component model (deviation, rarity, velocity, persistence) replacing single-method approach
- ~Baseline methodology expanded from statistical-only to include ML
- ~Signal definitions updated for OpenTelemetry 1.24 compatibility