Secret Enricher - From Generic to Actionable
Release Date: December 17, 2025
We're transforming how you interact with generic incidents. Secret Enricher replaces vague detector names with precise, ML-enriched secret identities, making every incident immediately actionable.
What's changed?
Instead of seeing generic detector names like "Generic Database Assignment" or "Generic High Entropy Secret," you now see the actual enriched secret type directly in the incident list:
-
❌ Before: "Generic Database Assignment"
-
✅ Now: "Redis Identifiers", "PostgreSQL Connection String", "MongoDB Credentials"
-
❌ Before: "Generic High Entropy Secret"
-
✅ Now: "Stripe API Key", "AWS Access Key", "Twilio Auth Token"
Why does this matter?
This shift from detector-centric to enrichment-driven incidents fundamentally changes how you understand and prioritize your security posture:
- Instant Context: Know exactly what type of secret leaked at a glance—no need to open each incident
- Faster Triage: Immediately identify critical infrastructure secrets (databases, cloud providers, payment systems)
- Confident Prioritization: Clear secret categories help you focus on high-impact incidents first
- Accelerated Remediation: Understanding what leaked speeds up the remediation workflow
How it works
Powered by our Secret Enricher v2 machine learning model, the platform analyzes the full context around generic secrets to identify:
- Provider: The specific service (Redis, Stripe, AWS, etc.)
- Category: The type of service (Database, Payment System, Cloud Provider, etc.)
- Family: Broader grouping for filtering and analysis
When our ML model successfully enriches a generic incident, the enriched name automatically becomes the primary display name throughout the platform—in incident lists, dashboards, filters, and reports.
What's next?
This enhancement brings us closer to our ultimate goal: zero generic secrets in your workspace. By making ML-driven categorization tangible and actionable, we're ensuring every secret detection provides maximum clarity and definition.
The enriched names work seamlessly with all existing Secret Enricher features:
Learn more about Secret Enricher
Enhancements
- Incident API: Enhanced incident retrieval endpoints to include enriched secret names in API responses for programmatic access.
- Export Reports: CSV and JSON exports now include both the original detector name and enriched secret name for comprehensive reporting.
Fixes
- Docker Hub Integration: Fixed an error where users encountered "Input should be 'image' or 'manifest'" when configuring the Docker Hub source connector.
