Protocols, Smart Polling and Arc

  • Improved expressiveness of the denylist syntax to allow the specification of port ranges. Also, the Windows' Carriage return characters \r\n are now interpreted correctly. The chapter 5 of the user guide contains more detailed explanations.
  • Improved data source priority management for assets with Arc installed.
  • Operating system (OS) node fields containing multiple different OS versions from old versions of N2OS are now cleaned up.
  • Smart Polling is now able to poll SEL devices without performing authentication and therefore without requiring the device's password.
  • The installation of Arc is now simplified through the management of dependencies. During manual deployments, the dependencies can be obtained from Guardian. During automatic deployments, the procedure installs the missing dependencies and details the result in the activity log. A dedicated `install_dependencies` command has been introduced to perform manual installation of dependencies. Note: Nozomi can only distribute the latest version of Sysmon. For Windows versions lower than 8.1, Sysmon needs to be manually replaced with a compatible version.
  • When requesting a trace on elements extracted from tunnelled communication, the user is now prompted a message informing that the BPF filter is automatically built taking into account the tunnelled communication.
  • Alerts on tunneled communications now correctly report the encapsulated source and destination IP addresses.
  • The formatting style of Arc native alerts is now consistent with the rest of the system.
  • Arc is now distributed also for 32-bits Windows systems, including support for automatic deployment from Guardian.
  • The capture_device value has been made more expressive to disambiguate different natted Arc sensors.
  • N2OS now supports the Honeywell Mercury protocol, including asset identification and variables extraction.
  • Guardian can now extract iec104 variables from PSI-Ketel sessions.
  • Improved handling of DHCP protocol to correctly assign node labels and confirm MAC addresses.
  • Guardian can now detect the GE Healthcare Common Service Desktop web application through passive detection and Smart Polling.
  • Guardian can now detect Bosch Rexroth WR21 HMI devices passively.
  • The Smart Polling Tyan BMC HTTP(S) and Lanner BMC HTTP(S) strategies are now separated.
  • Multiple Time Machines snapshots can now be loaded simultaneously in different browser tabs.
  • Guardian now prevents to open more than 2 Time Machine snapshots to save on system performance, prompting the user to close the open snapshots when loading a new one.