Highlights

Alert deduplication

The presence of a large numbers of nearly identical alerts causes stress to the system resources and impairs the usability of the alert system. Version 23.2.0 introduces a new feature that significantly improves the alert management by deduplicating these records. Alerts that represent the same event (or a repetition thereof) are grouped into a single record, keeping track of the amount of such events and their timestamp in new fields. The user is presented with a more effective summary of the anomalies and the resources of the system are preserved more efficiently.

The feature is disabled by default on all installations of 23.2.0, and can be enabled as explained in the user manual. An upcoming version of N2OS will enable this feature by default on all installations.

Because configured data integrations including Nozomi alerts transmission will also be affected by the deduplication, Nozomi Networks recommends to check on the integrated endpoints configuration and logics accordingly.

Detection of devices

As with every version of N2OS, 23.2.0 improves its ability to monitor the environment with the goal of providing an exhaustive asset inventory and an accurate assessment of the vulnerabilities.

N2OS can now detect Phoenix Contact WP 6000 devces through Smart Polling, BlueMark DroneScout through passive inspection, Type exacqVision Web Service, and Axis devices along with the installed add-on applications in both modes. Moreover, the asset inventory through passive detection of DICOM communication has been enhanced, as well as the identification of ABB 800xA controllers through the MMS protocol. Guardian can now also extract asset information from the inspection of server banners sent via FTP and HTTP protocols.

The asset information extracted from these sources is used to identify the vulnerabilities through Threat Intelligence.