Updates in upcoming releases
Consolidation of data concerning MITRE ATT&CK®
N2OS exposes MITRE ATT&CK® related information in the alert properties mitre_attack_for_ics and mitre_attack_enterprise. The same information is also included in the legacy alert fields mitre_attack_techniques and mitre_attack_tactics, and in the legacy alert property mitre_attack/techniques. These legacy fields and properties are now deprecated and will be removed in a future version of N2OS.
Deprecation of STIX version 1
Nozomi Networks has supported STIX indicators versions 1 and 2 since N2OS 20.0.7. Version 1 uses XML representation and is now considered legacy, while version 2 uses JSON. Most threat intelligence information providers today deliver STIX content based on version 2. Nozomi Networks will in a future release remove the support for version 1 from N2OS. Those customers leveraging custom STIX rules based on version 1 are encouraged to transition to version 2. This transition will be necessary to maintain the level of protection currently supported by those custom STIX indicators, and can be performed using official and third-party tools.