Contents and detection

  • Sandbox can now process larger files than previously; the limit is now the size of the /var/sandbox tmpfs partition. For details on configuring the size of this folder, see the N2OS User Manual.
  • The old Asset Intelligence engine has been dismissed in favour of the new, more flexible and powerful one.
  • N2OS now utilizes multiple Sandbox processes to handle high volumes of traffic.
  • The Health page now includes a metric displaying the size of the decompressed archives in Sandbox.
  • N2OS now recognizes Windows Server 1903.
  • The partition size for Sandbox tmpfs is now configurable. For more information, see the N2OS user manual.
  • Asset Intelligence can now enrich also the Vendor field. This enables for a more harmonized set of Vendors values across different detections. For example, having initially two original detection mechanisms yielding values "ABB Global Services Limited", and "ABB", they will both be updated to the "ABB" polished value. Check your existing queries to update them accordingly if needed.
  • When the sandbox queue is about to become overloaded, N2OS now pauses the unzipping of files and archives in order to avoid the overload.
  • Fixed an issue in the Threat Intelligence page that prevented users from disabling STIX indicators.
  • By default, Vulnerabilities computation is disabled on new Guardians connected to Vantage or CMC. This behavior can be customized using the 'va cve enable' configuration option described in the user manual.
  • Improved the memory efficiency of the jobs Update Service task.
  • Fixed an issue in the Vulnerabilities page that caused a delay in the presentation of the data.
  • VA no longer loads CVE files when CVE matching is disabled.