Contents and detection

  • Add the possibility to disable node_cpe generation per zone.
  • Support JA3/JA3S signatures as part of Packet Rules to support the fingerprint of the TLS negotiation between client and server.
  • CPE calculations can now be turned on/off for individual nodes and assets. When conflicting configurations are set at the node-level and an asset-level for the same device, asset configurations will have the higher priority.
  • CVEs created by Guardian are now assigned an EPSS (Exploit Prediction Scoring System) score.
  • Addressed a case where the is_from_public and is_to_public fields for some nodes were inconsistent due to a node's change of address.
  • Largely improve the memory footprint of the Packet Rule Engine when loading tens of thousands of rules.
  • Vendor names are now normalized by Asset Intelligence (e.g. "Siemens AG, Automations & Drives" becomes "Siemens") to provide a uniform experience. Please remark that queries and assertions relying on an exact match of the vendor and mac_vendor fields are impacted by this change and need to be reviewed.
  • Improved the cooperation between Asset Intelligence and Threat Intelligence: assets enriched by AI are now processed by TI to enable for more accurate CVEs assignments.