Release notes
Summary of new features, improvements, and fixes.
Asset identification includes country of manufacturer
28 August 2025
As a result of Asset Intelligence, assets can now be enriched with the country of the
vendor. It is now possible for users to identify the vendor in specific countries
quickly. The data will be displayed in the Asset Details section under
Additional Details. Additionally, users can query the data
using queries such as: assets | group_by vendor_country
Google Threat Intelligence YARA rules
5 August 2025
Customers with Nozomi Networks' TI Expansion Pack, now will benefit from over 1,000 additional YARA rules curated by Google Mandiant.
Sensor overview page
5 August 2025
We've introduced a sensor Overview page that consolidates key health metrics for all connected sensors including status, firmware version, and resource usage.
This enhancement enables users to quickly evaluate sensor health at a glance, accelerating issue detection and supporting proactive maintenance across large-scale environments.
Lock sensor learning section when managed by Vantage
5 August 2025
To ensure consistent policy enforcement, the learning section in the Security Control Panel is now locked when the sensor is managed by Vantage. This aligns its behavior with that of the Security Profile.
This change enforces centralized configuration control, ensuring consistent behavior across environments and reducing the risk of misconfiguration at the sensor level.
PDF export from reports and dashboards
16 June 2025
You can now easily create portable document format (PDF) versions of dashboards and reports for meetings, audits, and sharing. The report can be viewed in a new Print mode view.
It is best to limit the columns on tables when creating a report from a dashboard to prevent scrolling and missing data in the PDF. Use the browser's Print as PDF feature after preparing the report.
Change CMC context directly from Vantage
4 June 2025
You can now change the context of a Central Management Console (CMC) directly from Vantage. You can switch between Multicontext (MC) and All-In-One (AIO) modes for both primary and child CMCs.
This ensures resources are correctly aligned with the new topology and improves accuracy in asset management. It is possible to configure specific zones in Multicontext mode to be excluded from asset merging algorithms.
A user can select a CMC and then select Change CMC Context from the Actions menu.
Improved actionable CVE calculations on Windows devices
22 May 2025
Windows Common Vulnerabilities and Exposures (CVE)s are not created for assets whose hotfixes are not yet known, which avoids creating CVEs that may have already been mitigated.
On the Administration Features page, enable Create Windows CVEs only if hotfixes are known. As a result of enabling this feature, CVEs are expected to decrease.
Corrected edge_id updates during network domain changes
22 May 2025
We've enhanced the network domain migration process to ensure all associated edge identifier (ID)s are properly updated, eliminating inconsistencies and avoiding duplication. This improvement ensures cleaner data integrity and accurate topology representation when sensors are migrated across network domains.
Interactive sensor placement with new geographical maps
20 May 2025
With our new interactive geographical maps, you have greater control and clarity over sensor placement.
For teams managing large or distributed environments, this update makes organizing your sensor landscape easier and more precise.
Enhanced sensor deletion between CMC and Vantage
6 May 2025
Vantage will be notified if a sensor is deleted on the CMC, and it will be removed from Vantage as well.
Custom permissions for API keys
24 April 2025
application programming interface (API) keys are no longer required to inherit permissions exclusively from their user profiles.
When creating API keys, users can now assign specific permissions. This change empowers users to follow the principle of least privilege more effectively, enhancing security and flexibility across integrations.
BPF filter management now in Vantage
17 April 2025
You can now create and manage Berkeley Packet Filter (BPF) rules directly in Vantage for each sensor, giving you tighter control over traffic capture across your sensor infrastructure.
To configure the BPF rules, go to . This feature empowers administrators with more granular control and visibility, reducing noise and focusing on traffic that truly matters.
Modify custom fields within the Assets and Nodes tables
16 April 2025
You can now modify and update custom fields live within the Assets and Nodes tables.
To modify the field, select the edit icon to the right. The next time the sensor is synced, it will update on the local sensor side.
New Vulnerability Overview page
27 February 2025
Users can access a new Vulnerability Overview page by navigating to the Vulnerability table, which displays asset vulnerability groupings and statistics. By changing the likelihood, High likelihood risks will be displayed. To allow quick navigation and filtering, each field has a clickable link.
New Remediation dashboard
11 February 2025
The Asset Risk page has been updated with a new Remediation tab. An organization's remediation actions can be viewed holistically, separated into:
- Software Remediations
- Communication Remediations, and
- Hardware Remediations
New query function floor is now available
3 February 2025
A new function, floor will return the greatest integer lower or
equal than a selected numeric field.
Define when a sensor is considered stale
20 January 2025
It is now possible for administrators to define the number of hours in which Vantage has not received an update from a sensor and consider it stale.
This setting can be configured in .
There is now a Dark Theme option in Vantage
14 January 2025
The color scheme can be changed between Auto, Light Theme, and Dark Theme. All users will be migrated to Auto by default. Color schemes can be modified by users.
Change the Color Scheme in the User Profile Settings:
- Open the User Profile Settings at the top right
- Select Theme
- Select the preferred Color Theme
The Identity Provider feature is now generally available
10 January 2025
Configure Vantage as an identity provider (IdP) by enabling single sign-on (SSO) for each User Group in Vantage.
Users can configure SSO groups or view existing groups by visiting the Group Propagation page.
SAML Configuration Backups allow customers to automatically backup and restore security assertion markup language (SAML) configurations.
New Markdown widget
27 November 2024Users can now add more content to dashboards using the Markdown widget.
The use of JSON queries has been improved
27 November 2024There are now no spaces in JavaScript Object Notation (JSON) query titles, allowing users to query specific data inside JSON tables.
Example:
sensors | where !is_empty(learning) | select learning/ids_links_learning_status/learned | sort learning.ids_links_learning_status.learnedImprovements to the deletion process
27 November 2024When a user deletes an asset within Vantage, it will also be deleted from the associated sensor(s).
Improvements made to Asset CPE calculations
27 November 2024Vantage now utilizes AI models to improve asset Common Platform Enumeration (CPE) identification within the environment.
With this enhancement, more CVEs within the environment will be identified using the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) mappings.
Improvements to Vantage's Identity Provider capabilities
25 November 2024
Updates have been made to the SSO page in .
There is a new tab that provides better visibility into the IdP functions.
Users can configure SSO groups or view existing groups by visiting the Group Propagations page.
SAML Configuration Backups allows customers to automatically backup and restore SAML configurations.
Vantage users can now schedule Sensor upgrades
20 November 2024
The user can now schedule a one-time sensor upgrade, a recurring sensor upgrade, or a delayed sensor upgrade.
Users can schedule upgrades based on change ticket windows.
Reports are now available in Vantage
11 November 2024
Within Vantage, you can now access Reporting built within Vantage.
Navigate to Vantage reports by using the main dropdown -> Reports -> Vantage Reports. Vantage users can create new reports or export custom dashboards and import them as reports.
There will be additional capabilities released in the future.
Table enhancements for custom dashboards
22 October 2024
By using the fit:width option, tables can be built for dashboards
and autosized to eliminate extra space, or resized using the
fit:content option, which makes use of the full table width by
resizing columns.
Examples:
nodes | select name -fit:widthnodes | select name -fit:content
New asset activity widget
15 October 2024
With the new Asset Activity widget, you can quickly see how your assets are being utilized. Based on network traffic, users can identify trends and monitor high and low asset utilization.
New Assets Overview page
1 October 2024
A new Assets Overview page appears when users navigate to the Asset table, which displays asset groupings and statistics. Each field has a clickable link to allow quick navigation and filtering.
Tiers for grouping zones
27 September 2024
It is now possible to create a Tiered Zone and add multiple subzones to it. Querying and grouping can be made easier by adding smaller zones for a production line into a larger Tiered Zone.
Zone configurations management enabled by default
23 September 2024
Administrators can now access the Zone Configurations page without needing to enable the functionality via the "Enable Zone Configurations Management" flag in the Features page. The zones table may show zones that are present but not applied, depending on the execution policy configured on sensors. No automatic action is performed on sensors by Vantage.
Upload PCAPs for processing
14 September 2024
Within Vantage, , users can now upload a packet capture (pcap) trace. As soon as the pcap file is uploaded, a new sensor is created to associate it with the asset.
Update to sensors status activity
6 September 2024
The sensor status could be classified as:
- Active
- Provisioning, or
- Stale
Nozomi TI Expansion Pack Powered by Mandiant
30 August 2024
With the TI Expansion Pack, Mandiant's extensive operational technology (OT) and Internet of Things (IoT) research and expertise will enrich Nozomi Threat Intelligence with millions of new IoCs, malware families, and hacker data. As a result, organizations gain a deeper understanding of information technology (IT) threats and are able to respond more quickly.
The Nozomi TI Expansion Pack includes:
- Large dataset of new Structured Threat Information Expression (STIX) and hash indicators
- Improved Common Vulnerability Scoring System (CVSS) mapping
- Detailed summaries
- Lists of vulnerable products
- Exploitation details
- MITRE ATT&CK details
- Workarounds and vendor fixes
Administrators can enable a 30-day trial from the Vantage Licenses page.
New to_epoch function for timestamps
30 August 2024
A new function, to_epoch, converts a timestamp field into the
numeric version suitable for use in queries.
Threat Cards for understanding threats
30 August 2024
Threat Cards provide security teams with critical threat data to identify, understand, and prioritize cyber threats, including:
- Threat descriptions
- First and last seen dates
- Exploitation status and vectors
- Targeted industries and countries
- MITRE ATT&CK details
- Mitigation suggestions
Use the search option or filters for an overview of potential threats in your current threat landscape.
New Asset Risk feature in Asset Intelligence
30 August 2024
The new Asset Risk feature is available, using multiple categories for risk calculation:
- Vulnerabilities
- Alerts
- Communication
- Device Risk
- Asset Criticality
- AI Analysis
Each Risk category can be customized to your organization. You can specify rules for individual assets or entire sites or sensors.
Risk associated with assets is further divided into Zone, Site, Sensor, and Organization risks. Users can view trends and benchmarks in the main Asset Risk dashboard.
Vantage as an Identity Provider (IdP)
28 August 2024
Configure Vantage as an IdP by enabling SSO for each User Group. Administrators can select the rights of groups for a Sensor. Note that configuring SSO within Vantage will overwrite previous SSO settings in the CMC.
Improved time filter option in tables
23 August 2024
The Time filter option has been improved to make it easier to select start and end dates before applying the filter.
Table filter performance improvements
19 August 2024
Alerts and Assets table filters have been improved for quicker reflection of continuous changes to the view.
Support for ipv4 and ipv6 functions in
Queries
30 July 2024
Queries now support searching for both IPv4 and IPv6 addresses. Examples:
nodes | select ipv4(ip) | where !is_empty(ipv4)nodes | select ipv6(ip) | where !is_empty(ipv6)assets | expand ip | select ipv4(expanded_ip)
Increased audit log retention
30 July 2024
Audit log retention has been doubled to 180 days from 90 days.
Query output color grade customization
19 July 2024
Users can now specify the color grade of bar, chart, pie, and gauge queries.
Configure Arc sensors from Vantage
5 July 2024
Users can now configure individual or bulk Arc sensors from the Sensors page.
Vendor logos in Assets table
1 July 2024
In the Assets page, Vantage now displays the logos of the Vendor and operating system (OS) to make it easier to identify specific vendors.
IP address mapping issue resolved for asset CSV import
28 June 2024
Fixed an issue where internet protocol (IP) addresses were not mapped correctly when importing an asset comma-separated value (CSV) file.
SOC Observers role update
27 June 2024
SOC observers can now download traces and files from an alert.
Query comments available
13 June 2024
Comments can now be added to queries using the # character. Example:
assets | select name # my comment
On-premise sensor integration management
13 June 2024
Vantage now synchronizes on-premise sensor integrations, allowing users to view on-prem integration status, edit integrations, and create new ones from the Integrations page.
Manage sensor zone execution policy
12 June 2024
Administrators can configure the default execution policy for Zone Configurations
using the new setting in 
> Features.
Manage sensor backups centrally in Vantage
5 June 2024
Users can configure backups globally or individually to sensors in the Backup Schedule, meeting compliance policies by configuring multiple backup plans.
CVE mitigation calculation fixed for Arc sensors data
4 June 2024
Fixed an issue where CVEs were not mitigated when Arc Sensors detected the KBs installed.