Contents and detection

A list of the improvements for the Contents and Detection that have been introduced in this release.

  • To improve data consistency, operating system names are now standardized for Asset Intelligence customers.
  • Guardian now implements a new experimental feature to group identical alerts to prevent redundant alerts. The feature is disabled by default and can be enabled through the Features section in the administration page.
  • By default, Common Vulnerabilities and Exposures (CVE) calculation should be skipped for Windows Common Platform Enumeration (CPE)s that are missing hotfix information. To turn off this behavior, you can specify the skip_windows_if_hotfixes_missing option in va cve options. For more details, see Configure vulnerability assessments.
  • CPEs generated by Asset Intelligence are rematched when new Threat Intelligence contents are reloaded.
  • Introduced support for the ingestion of manual contents for the TI for Mandiant AddOn.
  • Improved the consistency of the resolution of CVEs via hotfixes for Arc and Smart Polling.