v2.5.0 - v2.17.7
v2.17.7 Published: 21.08.2024
Server
Bug Fixes
Fixed Linux Remediation Sych.
Fixed GRC: Evidences: Risk score is updated for all records when set risk for one record.
Fixed Hardening Updates Delete The Risk Score For Failed and High Risk Items.
Improvements
Improved Last 3 sent MFA codes should be valid.
Improved Artifact Overview Different in Dashboard and Reports.
New Features
Added Setting Risk Score Value for Evidences.
Agent
New Features
Added Windows Agent Proxy Settings From UI.
v2.17.6 Published: 18.08.2024
Server
Bug Fixes
Fixed Report Text colour on Outlook for MAC.
Fixed Notification Templates Content Displaying.
Fixed Adding Artifact to CLAPI Whitelists.
Fixed Report Creation Causing High CPU.
Fixed Assigning Notification Template from Wizard.
Fixed Notable Event Forwarding Exception.
Improvements
Improved GRC / ToDo.
Improved Sysmon Grid.
Removed Link with existing DNS Security account when creating organization.
New Features
Added Auto Refresh When a New Notification Setting is added.
Added validation message during Assigning Notification Templates.
v2.17.5 Published: 11.08.2024
Server
Bug Fixes
Fixed osquery Shell Uniqueness.
Fixed Elastic Counts Problem in AI Demo.
Improvements
Improved Mapping AI answered to all classification ranges.
Improved Hardening risk score behaviour.
Improved osquery grids.
New Features
Added AI Settings.
Added AI Enrichment to few grids.
Added AI analysis for Linux command history.
Added MacOS Vulnerability Analysis.
v2.17.4 Published: 04.08.2024
Server
Bug Fixes
Fixed Zero-Day dashboard: Linux/macOS Applications table.
Fixed Zero-Day dashboard: Linux RPM Packages: Details button gives an error.
Fixed DLP Analysis: Errors during tap View details and View Alerts.
Fixed DLP Analysis: Error during adding to global white list.
Fixed Scheduled reports in Demo mode.
Fixed 404 error on intel.
Fixed asset_os_family and asset_os_versions data creating after creating new organization.
Improvements
Improved YAML to SIGMA Converter.
Improved Object Access Tracking.
Improved GUI Macos.
Improved Assessment Activity setting values.
Improved Alphabetical Sorting for OSQuery Artifacts.
New Features
Added Macos enrichment for vulnerabilities.
Added ToDo List Renaming.
Added Grid Bulk Actions for OSQuery grids.
Added Class Rule ‘is one of’ function.
Agent
Improvements
Improved Mac agent.
New Features
Added Object Access Default Exclusions Extension.
v2.17.3 Published: 04.08.2024
Server
Bug Fixes
Fixed Sysmon AI Question.
Fixed Enriching for Classification Rule Matches.
Fixed risk scores rule setting and re-setting by enrichment.
Fixed Driver Classification Rule Risk Score Setting.
Fixed Sysmon Rules with lower Item takes Priority.
Fixed Editing Sysmon Rules Bug with new CKEditor.
Fixed Getting Device Policies API Error When There is No Policy Assigned on Organization.
Fixed SIGMA Rules Parent File Path Adding With Add to List With Parameters.
Fixed Whitelisting for the Destination IP field.
Fixed SignUp Page.
Fixed Errors in Agent logs.
Improvements
Improved Classification Rule Selection.
Improved Risk Overview Grid (display Unacknowledged records only).
Removed the Trusted Condition count button from all grids.
Improved Classification Rule Values for Rule Priority.
Improved Command Line White List Bulk Addition.
New Features
Added “Remove or disable invalid list values” button to List based classification.
Added field "protocol" to Windows Symon Threat Monitor.
v2.17.2 Published: 28.07.2024
Server
Bug Fixes
Fixed CK Editor text saving.
Upgraded CK Editor.
Fixed CK Editor Dark Mode Problem.
Fixed Menu(...) visibility for the last user in organization users list.
Fixed Reports generating when we have added text.
Fixed Grid Date Time Filter Text colour in Dark Mode.
Fixed Setting Risk Score For Object Access Rules.
Fixed OS Based Grouping.
Fixed Incident Choosing Asset.
Improvements
Improved Report Selection.
Rename 'Report by category' button to 'Filter by category'.
Improved Bulk List Addition Restriction.
Improved Grid Load Performance.
Improved GUI Black Font Update.
Improved colours in Dark theme on Create account screen.
Improved White List Synchronisation.
Improved ‘Is one of’ condition in classification rules.
Increased Font Size.
Improved Incident Management.
Improved Assessment Activity Grid.
Improved sorting list items in Sysmon rule.
Improved Actions menu position in Hunting settings.
New Features
Added AI Audit Logs.
Added AI Settings.
Added new AI Question.
Added AI Question Grouping.
Added Importance synchronization between tables.
Agent
New Features
Added IIS Remedition.
Added Agent External Connections.
v2.17.1 Published: 18.07.2024
Server
Bug Fixes
Fixed an error in Auth microservices log.
Fixed Problem Writing CLAPI Classification Rules When There is No Data.
Fixed Windows Threat Monitor Bug with Logging.
Fixed error during filtering in Windows Sysmon rules.
Fixed Reporting Bugs.
Fixed Error in Report log - Unhandled Promise Rejection.
Improvements
Improved Sysmon Question GUI.
Improved Report Items Moving Up.
Improved Creating Remediation Jobs.
Improved Filtering out already included in some list from AI responses.
New Features
Added Protocol Field.
Added Sysmon Grid a Selectable Field.
Agent
New Features
Added Trusting Explorer Exe.
Added Tracking Unknown Processes.
v2.17.0 Published: 11.07.2024
Server
Bug Fixes
Fixed a few errors in intelextintegration logs.
Fixed bugs after the update in Assessment Activity.
Fixed filtering in Sysmon.
Fixed Extending DNS Enrichment.
Fixed Group - Some selected policies does not appear in the grid.
Improvements
Improved Reporting UI and unloading.
Improved EDR/DLP.
Improved Default Initialisation.
Improved Assessment Activity.
Improved To Do.
Improved Incident management.
Improved AI Questions Sysmon.
Improved Osquery crontab counts.
Improved GRC.
Improved matching of CVSS Records.
New Features
Added new reports: Trend Overview, High Risk Assessment Activities, Security Controls Windows OS CIS/DOD Coverage, Security Controls CIS Coverage, GRC Assessment Results and several others.
Added Password Change for a User.
Added check/uncheck actions to headers on AI Questions.
Added Recommended Remediation Level on main organization.
Added Sysmon “and/or” conditions.
Added questions for whitelisting via lists.
Added ToDo for GRC.
Added a markdown renderer to AI bot responses.
Added AI Questions button to the header.
Agent
Bug Fixes
Fixed that File Activity Monitoring Not Sending All Log Data.
Fixed New Transforms Creating.
Improvements
Improved EDR/DLP.
Improved Remediation Logging.
New Features
Added Tracking Unknown Process Object Access option.
v2.16.5 Published: 04.07.2024
Server
Bug Fixes
Fixed hash representation for osquery data.
Fixed KEV & 0-day vulnerability vendor product did not match with case-sensitive SQLs in enrichment.
Fixed Remediation summary: Termination Events Job Description and Type is empty.
Fixed errors in log on auth, console, policy, report, phishing, osslsigncode, puppeteer, Intelextintegration microservices.
Improvements
Improved DNS Request Tracking.
Improved Host Based Trend Analysis.
Improved Remediation Query.
Added OS info column on group management.
Improved Artifact collection parameters: Win_sysmon_rules: Need to add Edit option for records.
Added some data to 0-day/KEV vulnerability details.
Improved desktop shortcut picture displaying.
Improved Sysmon Processing.
New Features
Added Demo Mode.
Added Event ID 10 Add Hash from SourceImage.
Added Loggin Termination Events.
Broker
Bug Fixes
Fixed Broker availability.
Fixed Broker login.
Agent
Improvements
Improve Updating Agent Side PM Health Check Functionality Same as PM.
New Features
Added PM Installer silent Uninstall Support.
v2.16.4 Published: 04.06.2024
Server
Bug Fixes
Fixed 400 error during search in the grids.
Fixed date filtering bug.
Fixed Linux Remediation Disable/Enable buttons.
Fixed Pagination during removing default data filter in grid.
Fixed Browser History Enrichment Result Displaying and Missing Search Menu.
Fixed Host Based View.
Fixed Intel Vulnerabilities synchronization.
Fixed DLP Analysis: Data does not come and 400 error occur for new organization.
Fixed Crontab Enrichment.
Fixed Asset Scores Calculation.
Improvements
Improved Vulnerability Matching.
Improved display quality of drop-down lists.
Improved Windows remediation naming and function.
Improved Vulnerability Dashboard.
Improved Linux Collection.
Improved Parametric Notification Blocking Interval.
New Features
Added Trusted Condition button to All grids.
Added User Login Activity Tracking.
v2.16.3 Published: 24.05.2024
Server
Bug Fixes
Fixed categorize some artifact values.
Fixed filter compilation in grids.
Fixed New organization creation issue.
AI sets valid enrichment risk score to null in some cases.
Fixed Incorrect escaping of curl params on shell calls.
Fixed Browser History Bug.
Fixed EDR Analysis Bug.
Fixed bug with downloading and updating an Agent.
Fixed Object Map - some values are not visible in Light theme.
Fixed asset os definitions & update ui.
Fixed bug on intelextintegration logging.
Fixed Windows Processes AI Enrichment Bug.
Fixed Heatlh & Threat Summary Cannot Navigated to Artifact.
Fixed Artifact Summary Scores.
Fixed Triggering Asset Health & Threat Summary Calculations.
Improvements
Improved Sysmon Grid.
Improved GRC and Other Grids.
Remove COALESCE & NULLIF func from charts.
Adding Right-Click Search Actions.
Updated list default policies.
Improved Classification Rule Name Index.
Improved that Malicious DNS Request Terminating for amos-malware.ru.
Improved Classification Rule Name Field Hash Index.
Improved Windows Hardware Analysis.
Masking Username When Asking to Threat Intel.
New Features
Added Modes to EDR Analysis.
Added Object Access Map for Windows Object and Honeypot Access Events.
Added Linux Remediation to CLAPI.
Added SIGMA Analysis Grid.
Added Request Enrichment for Displayed button for bulk actions.
Added Disable Threat Detection Rule Execution on Specified Time Range.
v2.16.2 Published: 10.05.2024
Server
Bug Fixes
Fixed error on Agent microservice.
Fixed Sysmon Failing.
Improvements
Improved Internal Compliance Load.
Improved CPU Usage.
v2.16.1 Published: 06.05.2024
Server
Bug Fixes
Fixed User defined remediation function removed after sync Global remediation.
Fixed Threat Monitor Classification Rules Risk Score Set to NULL.
Fixed Remediation functions: Disable/Enable buttons.
Fixed categories without risk scores set on clapi
Fixed Notable Event Summary (High Risk Events) report
Improvements
Several GUI improvements
Update default Reports and Policy lists
v2.16.0 Published: 04.05.2024
Server
Bug Fixes
Fixed a bug in Enrichment Malware Flag.
Fixed Column ordering breaks/duplicates action menu.
General summary: fixed Information visibility in charts.
Threat Overview Dashboard Slowdown and other Bugs.
Windows Autoruns Analysis: unstable page behaviour after reloading.
Fixed Forwarding Error.
Fixed proxy respect rejectUnauthorized setting.
Fixed hunting rule column visibility.
Fixed AlienVault sync bug.
Fixed Reported E-Mails: unknown elements.
Windows applications grid is empty by default.
Fixed Notable events not created for some notify rules.
Fixed CLAPI Grid Foresics Enrichment Filter Not Working for Greater Than.
Fixed Reported Emails: 400 error during filtration.
Fixed Assessment Activity Filtering Problem.
Exceptions log uncaught error in UI.
Fixed Sysmon Policy Versions Updating.
Fixed Sysmon rules tag level filtering.
Fixed Adding Values to Lists from Grids.
Fixed Reporting system.
Improvements
Improved Code Security.
Update Grid Column Ordering.
Improved DB performance.
Improved UI load/render performance.
Improved SIGMA Analysis Classification Rule.
Improved Dashboard & Grid Standardization.
Improved Dark Mode Column Selector.
Support Version matching operation for rule matching.
Improved Threat Intel Dashboard.
New common columns on SIGMA Detection Results.
New common columns on Notable Events.
GUI Grid Improvement.
Chart Colouring Updates.
Update Notable Event Default Columns.
Improved SIGMA Grid.
Colour and Dashboard Improvements.
Extend Autoruns and Processes.
Zero-Day Vulnerability Dashboard: Sorting order and records limit.
Remediation Logging Improvement.
Risk Overview Dashboard Improvement.
Improved Common Exclusion Structure.
Improved Process Uniqueness Crontab.
Need to add Browser History Domain Access to Risk Overview Dashboard.
Reporting Improvement.
Sysmon Logs Analysis Parent Improvement.
Improved CLAPI Single Click Add.
New Features
Added Browser Cache Analysis.
Zero-Day and Used Exploit Analysis.
Remediation & Response from GUI Approval.
Add new action menus for new vulnerability feeds.
Common Whitelisting for Sysmon and Threat Monitoring.
Create Zero-Day Vulnerability Dashboard.
Linux Remediation.
UI for new vulnerability feeds.
Adding GRC Standards Filter.
Generic view vulnerabilities action page for osquery artifacts.
AI Integration.
AI Risk Buttons.
Browser History Design.
Windows Last Update Tracking.
Windows Hardware Analysis.
New Host Details Page.
Importing ISO 27001 Controls.
List Support for SIGMA Rules.
Display Version Classification Rules Comparison Analysis.
CVSS Visibility.
C$ and Object Access Tracking.
Using Global Whitelisting In All Collections.
AI Interface.
Classification rules for Windows Browser Domain Analysis.
Agent
Bug Fixes
Fixed to suppress sysmon error messages when sync is disabled.
Improvements
Agent Improvements.
Extending Notable Events & Threat Monitoring Results.
Application Inventory Version Collection Improvement.
Agent Improvement for Data Collection.
Package Upgrade Improvement.
Linux agent filling disk.
New Features
Linux Agent Development.
Collect data for Windows Browser Domain Analysis.
Collect data for Windows Hardware Summary.
Collect data for Windows Asset Activity Tracking.
Collect data for Windows Update Analysis.
v2.15.2 Published: 27.02.2024
Server
Bug Fixes
Cannot Edit Remediation Functions in SUPEORG
CLAPI Synch Stopped
Thret Intel Settings Menu Gone
EDR Policy Should Be Under Hardening Module
DLP Policy Cannot be Assigned
Basic user given msg to license on a licensed deployment
New Organization Creation Problem
Notable Events -> Create on light theme
openVAS Wrong Parsing
Improvements
Clearing Download Microservice Cache
License Management
Web UI: Part of link in the app: Default starting page is opened if tap on the middle mouse button or scroll
Threat Intel MSSP Improvements
Agent
Bug Fixes
DLP: external_request.exe is deleted by Windows Defender
v2.15.0 Published: 20.02.2024
Server
Bug Fixes
Help doesn't redirect to documents subsite
Organization Selector Cannot be Scrolled
Improvements
Code Signing From Azure App
New Features
Security Assessment Dashboard
Agent
Bug Fixes
PM Downloaded Not Signed
Improvements
Windows Security Control Improvements
Windows Threat Monitoring Improvement
New Features
Add Linux deb packages to CVSS detection
Add Linux deb packages classification rule type
EDR Analysis
Windows DLP analysis
v2.14.3 Published: 15.02.2024
Server
Bug Fixes
Aggregation on data that is itself an aggregated function does not work
Notify On Match Time Selectin Missing In Editing Rules in Org Level
No last_update_date found error
Non Existent Artifact Type
SIGMA Grid Bug
Threat Intel Dashboard: Incorrect data appears by tap on Top level hits
Threat hunting: Analysis and investigation: Sigma Analysis: Error during updating filtered records
Dark theme: GRC: Evidences: Documents: The paperclip symbol is almost invisible in dark mode
sql-table filter Initial not applied
Improvements
Add view as summary to rule edit all
Threat overview: Threat intelligence: Remove other from all charts and rename file to Hash on the chart too
GRC Improvements
Related Artifacts list Improvments
Wizard Improvements
Notable Events Improvement
Adding New Tags to File Activity Tracking
Object And Honeypot Access Reports Trusted Signers
Wrong Threat Intel Result for Agent Based Enrichments
New Features
GRC Evidence Add Document Linking
Threat Intel Chart Improvements
New external file upload test API for DLP
Agent
Bug Fixes
Thor Execution Bug
Threat Monitor Cannot Recover If Cache Is Deleted
Windows Threat Monitoring Improvement
Improvements
Agent installer link is stuck when osslsigncode is not available, no errs displayed
v2.14.1 Published: 31.01.2024
Server
Bug Fixes
Fixed a bug preventing editing clapi sysmon rules.
Fixed a bug that deletes “notify on match” rules.
Fixed a bug preventing loading sysmon policy with correct tags.
Fixed a bug preventing creating a remediation job.
Fixed a bug preventing creating a powershell session.
Fixed a bug preventing modal disappearing after appending to rule action.
Fixed a light theme bugs.
Fixed a bug preventing “notify on match” rules create alert and notable event.
Improvements
Improved threat and honeypot rules.
Improved incident management for better visibility.
Improved sysmon tag selections for better analysis.
Improved notable events alert for better visibility.
Improved GRC modules for better visibility.
Improved Sigma results list exclusions for better analysis.
Improved external IP check.
Improved threat monitoring for better visibility.
Improved artifact categorization in dashboards for better visibility.
Improved application vulnerability analysis for better analysis.
Improved Windows Security Software Settings grid for better analysis.
Improved threat score analysis for better visibility.
Improve Notable Event Related Artifacts Mapping
Improved Grouping Threat Hunting Settings
Remediation Improvement.
Hardening Improvements.
Threat Monitor Improvements.
Notable Events Artifact Property Improvement.
Wizard Improvement.
Notable Events Improvement.
Aggregation PopUp Improvement.
New Features
Added Virus Total results for unknown artifacts.
Added interactive PowerShell session for command execution.
Added IIS hardening module.
Added group-based filtering support.
Added New Security Controls for Classification.
Added MFA Support.
Added Windows Threat Monitor Process Reporting.
Added Additional CIS Templates.
Added Windows Command Shell UI.
Added Security Control Intel Interfaces.
Added Interactive Session Settings.
Added Docker File Parsing.
Broker
Improvements
Improved Broker Elastic settings to support SSL as in the central
Improved OpenVAS and Nessus from Broker
Agent
Bug Fixes
Fixed an incorrect normalization on threat analysis.
Fixed a PowerShell Session Bug.
Improvements
Agent Enhanced Security.
Windows Comman Execution Grids and Templates Need Synch from Intel.
Fill in asset family/category infos in asset_main_devices.
Interactive Session Improvements.
New Features
Client Command Execution on Powershell Session with Agent.
v2.13.0 Published: 25.12.2023
Server
Bug Fixes
Fixed a bug preventing adding value to sysmon exclusion from aggregated table.
Fixed a bug preventing adding value to sysmon rules.
Fixed a bug preventing overlapping organization score chart.
Fixed a bug preventing Windows Host Summary grid’s risk Score redirection working
Fixed a bug preventing sysmon builtin rule not working properly.
Fixed a bug preventing notable events hostname not aligned properly.
Fixed a bug preventing create correct sysmon config file for event ID 29.
Fixed a bug preventing initializing sysmon.
Fixing a bug preventing exception handling on communicator.
Fixing a bug preventing adding custom asset to categories.
Fixing a bug preventing clearing the unused jobs.
Fixed a bug preventing sysmon policy rules not coming.
Fixed a bug preventing asset health summary calculation.
Fixed a bug preventing selecting parameters on UI.
Fixed a bug preventing display grid properly on repository management page.
Fixed a bug preventing active directory integration.
Fixed a bug causing sql injection bugs.
Fixed a bug preventing exclusion filtering on simga rules.
Fixed a bug preventing updating security control results.
Fixed a bug preventing execution of the hardening value lists.
Fixed a bug preventing sending thor analysis results to portal.
Fixed a bug preventing updating classification rules on intel.
Improvements
Improved data aggregation on grids for better visibility.
Improved host analysis grid for better visibility.
Improved filtering for better visiblity.
Improved all dashboards on the portal for better visibility.
Improved asset grids for better usability.
Improved threat score analysis for better visibility.
Improved preventing removing builtin sysmon rules.
Improved checking comunicator health.
Improved classification rule for adding classification rule name in a rule.
Improved elastic whitelisting from global rules.
Improved security controls by name grid for better visibility.
Improved status icon for better troubleshooting.
Improved Windows asset grid actions for better visibility.
Improved redirections on portal for better usage.
Improved vulnerability grid for better visibility.
Improved define multiple entries for Windows application packages process name.
Improved software management for better usage.
Improved notable events for better visibility.
Improved In-Depth analysis on portal side.
Improved dashboard layout update.
Improved sysmon for better visibility.
Improved sysmon grid actions for listing.
Improved vulnerability grid for better visibility.
Improved listing actions for easier usage.
Improved threath score calculation.
Improved host summary structure.
Improved asset health & threat summary grid for better visibility.
Improved dashboards for vulnerability management data.
Improved template assignments.
Improved list management UI/UX experience.
Improved mailing schema for multi e-mails.
Improved list management actions to security assignment pages.
Improved calculating vulnerability scores for better visibility.
Improved sysmon grid with adding destination IP and source IP.
New Features
Added new sysmon builtin policy.
Added new sysmon version policy.
Added trial organization for customers (experimental).
Added license management.
Added new report item “Risk Overview”
Added “Asset Category” in device management grid.
Added editing of classification rule conditions with text editor on portal.
Added filterable functionality to policy configuration parameters.
Added organization threat score dashboard.
Added configuration wizard for easy configuration.
Added groups in classification rules and lists.
Added Sentinel One process monitoring.
v2.12.0 Published: 30.10.2023
Server
Bug Fixes
Fixed a bug that caused graphics to go out of bounds.
Fixed a bug preventing navigation to asset grid.
Fixed a bug preventing aggregate the IP’s.
Fixed a bug preventing sending organization invitations.
Advanced Installer removed from portal.
Fixed a bug preventing filtering entries on grids.
Fixed a bug preventing sysmon parsing.
Fixed a bug preventing showing list management.
Fixed a bug preventing showing EventID in parameters list.
Fixed a bug about session cookie setting to not working.
Fixed a bug preventing handle preexisting data.
Fixed a bug preventing threat detection rules queries do not update properly.
Fixed a bug preventing creation of remediation jobs.
Fixed a bug preventing taking action on SIGMA analysis grid.
Fixed a bug preventing viewing groups.
Fixed a bug preventing same variables not replaced in notifications.
Fixed a bug preventing displaying list based calssification.
Fixed a bug preventing list values correctly joined.
Fixed a bug preventing filtering on query based classification page.
Fixed a bug preventing filtering on the Windows sysmon analysis page.
Fixed a bug preventing notifications does not create a job.
Fixed a bug preventing adding entry to a list with parameters.
Fixed a bug preventing single highlighting on the menu.
Fixed a bug preventing running classification rules.
Fixed a bug preventing creating list items from related artifacts.
Fixed a bug preventing Windows thor artifact classification rules working.
Fixed a bug preventing setting grouping values without saving.
Fixed a bug preventing unique logs in event logs.
Fixed a bug preventing classifications working properly.
Fixed a bug preventing exporting new rules.
Fixed a bug preventing hovering on prop prints.
Fixed a bug preventing elasticsearch sync.
Fixed a bug preventing migrations and editing system settings.
Fixed a bug preventing displaying classification rules.
Fixed a bug preventing running immediate lists.
Fixed a bug preventing sigma rules working.
Fixed a bug preventing safe senders page displays data.
Fixed a bug preventing getting the sysmon data.
Fixed a bug preventing displaying the UI.
Fixed a bug preventing displaying the artifact visualizer.
Fixed a bug preventing sysmon rule insertion.
Fixed a bug preventing working diag section properly.
Improvements
Improved dashboards and aggregation for better visibility.
Improved remediation executed rules with alerts.
Improved notification fields for easier usage.
Improved notification options.
Improved giving messages on GUI.
Improved rule texts on rule management.
Improved collection interval settings page.
İmproved grid view for better visibility.
Improved remediation grid for taking more actions.
Improved hardening grid for better visibility.
Improved in-depth analysis for better visibility.
Improved list value adding for easier usage.
Improved classification rules selecting values in command line for better visibility.
Improved full label filtering for artifact types on rules.
Improved classification rules names and policy types.
Improved column filters in rule management for better visibility.
Improved redirections for documentation.
Improved intel enrichment files trusted action for better usage.
Improved refresh button to hunting settings page.
Improved aggregated grids for better visibility.
Improved adding action menu on notify on match assignment rules to remove existing notifications.
Improved exclusion of sysmon whitelisted artifacts in sigma analysis.
New Features
Added Windows in-depth analysis visualization for better analysis.
Added IIS Handler & ISAPI Filter Analysis.
Added Application / Package Installation Management System.
Added OpenVAS integration.
Added Tenable Nessus integration.
Added copy-paste functionalty to rules.
Added delete options on rules.
Broker
Bug Fixes
Fixed a bug preventing sync with connection string.
Improvements
Broker server name change to ‘Sensor’ for better understanding the working concept.
New Features
Added OpenVAS integration.
Added Tenable Nessus integration.
Agent
Bug Fixes
Fixed a bug preventing added path correction to autoruns.
Fixed a bug preventing disabling remediation job after execution.
Fixed a bug preventing log creation after the job execution.
Fixed a bug preventing collecting the processes.
Fixed a bug preventing download agent from portal.
Fixed a bug preventing communicator working properly.
Improvements
Improved agent health state tracking for better troubleshooting.
Improved agent operational states for better performance.
Improved Thor analysis for better visibility.
Improved killing a process and deleting a file under the specific paths.
New Features
Added advanced pm uninstallation.
v2.11.0 Published: 21.07.2023
Server
Bug Fixes
Fixed a bug preventing the download of the correct sysmon service.
Fixed a bug preventing the aggregation on the grids.
Fixed a bug preventing the deletion of the organisation.
Fixed a bug preventing text filters not working properly.
Fixed a bug preventing list matching for new entries.
Fixed a bug that phishtank sync caused memory errors.
Fixed a bug preventing Alienvault not up-to-date.
Fixed a bug printed error logs on browser.
Fixed a bug causing vulnerability on Sysmon rules code editor.
Fixed a bug escaping from threat detection.
Fixed a bug about Windows additional artifact data correctness.
Fixed a bug on Incident List UI that cause not working properly.
Fixed a bug preventing date filters don’t work.
Fixed a bug preventing Windows YARA rules sync problem.
Fixed a bug causing Portal session expired.
Fixed a bug preventing table non-existing.
Fixed a bug preventing new synchs not active unless timing is changed.
Fixed a bug preventing context menu staying locked.
Fixed a bug preventing Users & Groups page working properly.
Fixed a bug preventing responsive UI filter alignment.
Fixed a bug preventing index creation.
Fixed a bug preventing threat detection rules not saving.
Fixed a bug preventing sysmon policy tags not displayed correctly.
Fixed a bug preventing host analysis not working properly.
Fixed a bug preventing copy button on the Component Management not working.
Fixed a bug cause SQL injection at query routes.
Improvements
Improved sysmon mapping for better analysis.
Improved risk overview dashboard for better visibility.
Improved artifact overview dashboard for better visibility.
Improved white UI for better visibility.
Improved sysmon editor CPU usage on the client UI.
Improved sysmon with updating the version v15.
Improved database cpu utilization.
Improved notify on match rule execution.
Improved classification rule add/or creation UI for better visibility.
Improved reordering sysmon artifact poperty columns.
Improved adding trust rules easier.
Improved that the Powershell and Cmd setting are not known to the Intel system.
Improved threat detection rules.
New Features
Added Device summary view to the dashboards.
Added new sysmon events for better analysis.
Added manual clean button for scheduled jobs.
Broker
Bug Fixes
Fixed a bug preventing re-enumeraiton is not working properly.
Fixed a bug causing duplications with IP discovery.
Fixed bug that prevented Sysmon from running.
Agent
Bug Fixes
Fixed a bug that agent API request return not found.
Fixed a bug preventing Thor analysis not using soft and low priority flags.
Fixed a bug preventing uninstall job is not executed on older versions.
Improvements
Improved agent remediation process.
Improved sysmon installation/uninstallation process.
Improved deployment management UI for agent.
Improved Thor analysis.
v2.10.0 Published: 07.05.2023
Server
Fixed a bug in alert and threat hunting grids preventing the correct view of data.
Fixed a bug where remediation actions were not accessible from the security controls grid.
Fixed a bug where unclassified artifacts were not classified automatically.
Fixed a bug in synchronizing central rules from central server.
Fixed a bug resulting in too many connections to update servers.
Fixed a bug in notify on match classification rules, preventing the creation of rules without notification actions.
Fixed a bug in visualizer queries resulting in wrong mapping of risk scores.
Improved portal sign-up page.
Improved the e-mails for domain confirmation and registration for preventing to be classified as phishing e-mail.
Added feature for list management. The list collections are used to set properties for artifacts. From any grid, an item can be added to lists. The lists are used by classification engine to set the common properties for artifacts(risk score, malware state etc.)
Added feature for using tags in sysmon rules. Tags enable easier grouping for sysmon rules.
Added feature to execute multiple remediation actions from grids.
Broker
Improved enumeration of Windows devices by using WIN-RM, WMI and SMB Share access methods.
Agent
Improved the memory utilization of the agent.
v2.9.1 Published: 13.04.2023
Server
Fixed a bug in export function in grids.
Fixed a bug in matching vulnerability scores to applications is fixed.
Performance improved in Sysmon log collections.
v2.9.0 Published: 29.03.2023
Server
Fixed a bug in alert and threat hunting grids preventing the correct view of data.
Fixed a bug where remediation actions were not accessible from the security controls grid.
Fixed a bug where unclassified artifacts were not classified automatically.
Fixed a bug where the time filters in grids were not working correctly.
Fixed a bug where aggregation was not working properly in grids.
Added support for GUI based localization.
Added support for executing remediation actions from security control grid.
Added support for SSL bypass in agent.
Added support or executing Thor.
Added host based view from analysis grids by right-clicking and selecting “Host Analysis”.
Added threat Hunting grids and dashboards.
Added new report templates.
Added a new component to provide better view of suspicious file content.
Added feature SIGMA rule-based threat hunting scenario for sysmon activity.
Added feature to use nested statements in classification rules. The rule enables to use sysmon properties to classify threat hunting results.
Added feature to use remediation functions from any grid. From Remediation Scenarios new remediation features can be added.
Added feature to use security benchmarks to provide automated hardening.
Added feature to identify vulnerabilities on applications installed on Windows endpoints.
Agent
Performance improvements.
v2.6.4 Published: 19.12.2022
Agent
Fixed a bug in agent content search.
Broker
Added support for multiple uses of the communicator engine.
New feature added for performing Virus Total analysis from the communicator.
Server
Fixed a bug resulting in the wrong collection of Linux artifacts.
Added support for right-click actions in Active Directory Analysis.
Added support for the classification of Active Directory group members.
Added support for the GUI to work offline.
Added a new classification state “Enrichment Requested from Rule” to the classification engine.
Improved the grids for better user-experience.
v2.6.3 Published: 14.12.2022
Agent
Fixed a bug for the late registration of the agent.
Added support for Security Software Analysis to Symantec, Defender, ESET, and Kaspersky.
New feature added for Windows security software analysis.
Broker
Added support for the broker to attempt sysmon installation multiple times.
Security Software Analysis for Symantec, Defender, ESET, and Kaspersky are added.
Server
Fixed a bug preventing the update of malicious property in the artifacts correctly.
Fixed a bug resulting in empty hash information in Sysmon and Autoruns.
v2.6.2 Published: 10.12.2022
Broker
Fixed a bug preventing synchronization between broker and server.
Fixed a bug resulting in broker high disk usage.
Server
Fixed a bug in classification rules preventing some entries matching the classification rules.
Fixed a bug preventing aggregation rules to be seen correctly.
Fixed a bug resulting in wrong import of classification rules.
Fixed a bug preventing the addition of new classification rules.
Fixed a bug resulting in failed enrichment of some of the artifacts.
Fixed a bug preventing clean-up jobs executed in the agent and broker.
Fixed bugs to improve the usability experience in the grids.
Added support for classifying MarketScape artifacts.
Added support for extending Virus Total results to Sysmon.
Added support for new security software analysis.
Added support for classifying Active Directory objects.
Added support for sending notifications from classification rules.
Improved the text editor used in reporting.
v2.6.1
Agent
Fixed a bug for the late registration of the agent.
New feature added for Windows security software analysis.
Security Software Analysis for Symantec, Defender, ESET, and Kaspersky are added.
Broker
Added support for the broker to attempt sysmon installation multiple times.
Security Software Analysis for Symantec, Defender, ESET, and Kaspersky are added.
Server
Reporting is improved by adding text messages and a built-in report template.
Linux information collection support is added.
Grids are improved for enrichment actions.
The KPI chart is improved for a better experience.
Grid filter buttons are updated for automated filtering action when clicked.
When computers are polled from Active Directory, automated asset creation is added.
v2.6.0
Agent
New feature added for Windows security software analysis.
Broker
Fixed a bug in the wrong update of the Is Alien flag.
Server
Fixed a bug to the redirection to the grid from the dashboard.
Fixed a bug resulting in missing sysmon data due to a synchronization problem between Elastic and the server.
Fixed a bug in preventing the creation a report when a text is added to the report.
Fixed a bug preventing the correct view of enrichment results for the collected artifacts.
Improved grid performance.
New feature, Active Directory artifact analysis is added.
New feature, KPI Dashboard is added.
New feature, to write classification rules to trigger on existence or non-existence of an artifact.
New feature, to create classification rules for all artifacts based on common properties is added.
Intelligence Engine
Fixed a bug resulting in wrong enrichment of cached items.
v2.5.0
Agent
Fixed a bug in getting mac list/mac address information.
Changed all temp paths to the ProgramData folder.
Changed Sysmon detection queries for service state tracking.
Changed ProgramData path from "ICSFAgentService" to "ICSFAgent".
New feature added for in-depth search for the endpoints.
Broker
Fixed a bug in GUID calculation for assets.
Fixed a bug preventing the execution of job management.
Change process uniqueness calculation.
Server
Fixed a bug preventing setting the Is Malicious flag for enrichment.
Fixed a bug for adding a new value to the classification rule in the GUI.
Fixed a bug preventing the import of classification rules.
Fixed a bug in setting classification rules for setting the Security Center AV conditions.
Fixed a bug in IP discovery prventing the discovery of all IP addresses in the subnet.
Fixed a bug in viewing the enrichment values inside the grid.
Added event.ingested to Elastic. Without this value the transform was missing logs. All logs are written with this value. The transform executes based on this date.
Added the creation of automatic transforms for elastic.
Improved the grid performance.
Improved reporting by adding new reports, landscape alignment
Intelligence Engine
Improved enrichment to provide more accurate results.
Last updated