Arc 1.6.0

A list of all the issues that have been resolved in this release.

• Arc-413: The Local Configuration UI is now protected by an authentication mechanism with an OTP generated at startup.
• Arc-414: Fixed a vulnerability that might be exploited on Linux or macOS to execute arbitrary code.
• Arc-415: Permissions on arc.json are now more restricted preventing access for standard Windows users.
• Arc-416: Arc is now resilient to zip-slip vulnerabilities.
• Arc-425: Improved the robustness of the parser for evtx logs.
• Arc-452: Fixed an issue that prevented the matching of Sigma rules containing null information in a field.
• Arc-481: Fixed a sporadic crash in the Windows executable.
• Arc-493: Fixed a missing library problem for Windows 7.
• Arc-496: Fixed sporadic false positive matches in the Sigma engine.
• Arc-519: Fixed a problem related to Sigma rules synchronization.
• Arc-520: Fixed a problem in the traffic monitoring feature that caused packets greater than 1500 bytes to be truncated.

A list of new features that have been introduced in this release.

• Arc-334: A FIPS-enabled Arc executable is now available for Windows, supporting Windows version 10 or above. For the steps required to enable a full FIPS Nozomi installation, see the Administrator Guide.
• Arc-398: A Microsoft Software Installer (MSI) file is now available from the Sensors page for installing Arc under Windows. The existing .zip archives for Windows are still available, allowing for Offline executions.
• Arc-437: Arc now reads the local ARP table in order to discover neighboring nodes and confirm their MAC addresses. There is a dedicated checkbox in the local UI to enable this data extraction.
• Arc-440: The buffering data capability is now supported by better UI messages telling the user whether buffering is happening, in order to actively troubleshoot the lack of connectivity.