Contents and detection

  • Improved the performance of vulnerabilities recalculation for many node CPE changes.
  • Minimized the risk of duplicate OS entries for Windows Operating Systems.
  • CPEs that have reached the end of their life (EOL) and are loaded from Threat Intelligence contents, no longer generate or match obsolete CVEs.
  • Guardian now supports the veeam-backup protocol. The rate of false positive packet rules and YARA rules detection related to Veeam backup solutions has been lowered.
  • The LUA SDK now supports specific hooks for variables correlation. For more information, see the "Variables Correlation" section of the N2OS User Manual SDK.
  • Users can now manage Sigma rules from the Threat Intelligence contents page. Sigma rules are actually in use only for installations with Nozomi Arc.
  • CMC now sets the resolution status on vulnerabilities for which an installed hotfix has been found through Smart Polling or Arc.
  • The vulnerabilities counter in the Asset View is now more accurate in case of assets made by multiple nodes.
  • Increased the risk level assigned by Guardian to alert types SIGN:MALICIOUS-DOMAIN, SIGN:MALICIOUS-IP, SIGN:MALICIOUS-URL, and SIGN:PUA-DETECTED.