Contents and detection
- Improved the performance of vulnerabilities recalculation for many node CPE changes.
- Minimized the risk of duplicate OS entries for Windows Operating Systems.
- CPEs that have reached the end of their life (EOL) and are loaded from Threat Intelligence contents, no longer generate or match obsolete CVEs.
- Guardian now supports the veeam-backup protocol. The rate of false positive packet rules and YARA rules detection related to Veeam backup solutions has been lowered.
- The LUA SDK now supports specific hooks for variables correlation. For more information, see the "Variables Correlation" section of the N2OS User Manual SDK.
- Users can now manage Sigma rules from the Threat Intelligence contents page. Sigma rules are actually in use only for installations with Nozomi Arc.
- CMC now sets the resolution status on vulnerabilities for which an installed hotfix has been found through Smart Polling or Arc.
- The vulnerabilities counter in the Asset View is now more accurate in case of assets made by multiple nodes.
- Increased the risk level assigned by Guardian to alert types SIGN:MALICIOUS-DOMAIN, SIGN:MALICIOUS-IP, SIGN:MALICIOUS-URL, and SIGN:PUA-DETECTED.