Contents and detection

  • Guardian now allows to replay the traces with a specified throughput.
  • The Guardian's packet rules engine will check only the inner payload for encapsulated traffic (e.g. transmissions using the CAPWAP protocol).
  • The alert table now includes new columns to host source and destination custom fields with populated values as defined on a node basis.
  • A new Asset type "Communication adapter" has been added. Also, the friendly name for "I/O" is now "IO" to help with searches.
  • Added options for allowing local management of Threat Intelligence contents from downstream sensors.
  • Improved the layout of the Alert detail view driving consistency in UI/UX.
  • The default value for the settings max_attackers and max_victims reported in the alert data for the applicable alert types is now 10.
  • SIGN:CLEARTEXT-PASSWORD alerts are now raised only once per link.
  • SIGN:NETWORK-SCAN alerts for ICMP are now raised at most once per day per source node.