Release Notes

3 February 2025

A new function, floor will return the greatest integer lower or equal than a selected numeric field.

20 January 2025

It is now possible for administrators to define the number of hours in which Vantage has not received an update from a sensor and consider it stale.

This setting can be configured in Administration - Features.

14 January 2025

The color scheme can be changed between Auto, Light Theme, and Dark Theme. All users will be migrated to Auto by default. Color schemes can be modified by users.

Change the Color Scheme in the User Profile Settings:

Open the User Profile Settings at the top right Select Theme Select the preferred Color Theme

10 January 2025

Configure Vantage as an IdP by enabling SSO for each User Group in Vantage.

Users can configure SSO groups or view existing groups by visiting the Group Propagation page.

SAML Configuration Backups allow customers to automatically backup and restore SAML configurations.

27 November 2024

Users can now add more content to dashboards using the Markdown widget.

27 November 2024

There are now no spaces in JSON query titles, allowing users to query specific data inside JSON tables.

Example:

sensors | where !is_empty(learning) | select learning/ids_links_learning_status/learned | sort learning.ids_links_learning_status.learned

27 November 2024

When a user deletes an asset within Vantage, it will also be deleted from the associated sensor(s).

27 November 2024

Vantage now utilizes AI models to improve asset CPE identification within the environment.

With this enhancement, more CVEs within the environment will be identified using the NIST NVD mappings.

25 November 2024

Updates have been made to the SSO page in Settings - System.

There is a new tab that provides better visibility into the Identity Provider functions.

Users can configure SSO groups or view existing groups by visiting the Group Propagations page.

SAML Configuration Backups allows customers to automatically backup and restore SAML configurations.

20 November 2024

The user can now schedule a one-time sensor upgrade, a recurring sensor upgrade, or a delayed sensor upgrade.

Users can schedule upgrades based on change ticket windows.

11 November 2024

Within Vantage, you can now access Reporting built within Vantage.

Navigate to Vantage reports by using the main dropdown -> Reports -> Vantage Reports. Vantage users can create new reports or export custom dashboards and import them as reports.

There will be additional capabilities released in the future.

22 October 2024

By using the fit:width option, tables can be built for dashboards and autosized to eliminate extra space, or resized using the fit:content option, which makes use of the full table width by resizing columns.

Examples:

• nodes | select name -fit:width
• nodes | select name -fit:content

15 October 2024

With the new Asset Activity widget, you can quickly see how your assets are being utilized. Based on network traffic, users can identify trends and monitor high and low asset utilization.

1 October 2024

A new Asset Overview page appears when users navigate to the Asset table, which displays asset groupings and statistics. Each field has a clickable link to allow quick navigation and filtering.

27 September 2024

It is now possible to create a Tiered Zone and add multiple subzones to it. Querying and grouping can be made easier by adding smaller zones for a production line into a larger Tiered Zone.

23 September 2024

Administrators can now access the Zone Configurations page without needing to enable the functionality via the "Enable Zone Configurations Management" flag in the Features page. The zones table may show zones that are present but not applied, depending on the execution policy configured on sensors. No automatic action is performed on sensors by Vantage.

14 September 2024

Within Vantage – Settings – Upload Traces, users can now upload a PCAP trace. As soon as the PCAP file is uploaded, a new sensor is created to associate it with the asset.

6 September 2024

The Sensor status could be classified as Active, Provisioning, or Stale.

30 August 2024

With the TI Expansion Pack, Mandiant's extensive OT and IoT research and expertise will enrich Nozomi Threat Intelligence with millions of new IoCs, malware families, and hacker data. As a result, organizations gain a deeper understanding of IT threats and are able to respond more quickly.

The Nozomi TI Expansion Pack includes:

• Large dataset of new STIX and hash indicators
• Improved CVSS mapping
• Detailed summaries
• Lists of vulnerable products
• Exploitation details
• MITRE ATT&CK details
• Workarounds and vendor fixes

Administrators can enable a 30-day trial from the Vantage License page.

30 August 2024

A new function, to_epoch, converts a timestamp field into the numeric version suitable for use in queries.

30 August 2024

Threat Cards provide security teams with critical threat data to identify, understand, and prioritize cyber threats, including:

• Threat descriptions
• First and last seen dates
• Exploitation status and vectors
• Targeted industries and countries
• MITRE ATT&CK details
• Mitigation suggestions

Use the search option or filters for an overview of potential threats in your current threat landscape.

30 August 2024

The new Asset Risk feature is available, using multiple categories for risk calculation: Vulnerabilities, Alerts, Communication, Device Risk, Asset Criticality, and AI Analysis. Each Risk category can be customized to your organization. You can specify rules for individual assets or entire sites or sensors.

Risk associated with assets is further divided into Zone, Site, Sensor, and Organization risks. Users can view trends and benchmarks in the main Asset Risk dashboard.

28 August 2024

Configure Vantage as an IdP by enabling SSO for each User Group. Administrators can select the rights of groups for a Sensor. Note that configuring SSO within Vantage will overwrite previous SSO settings in the CMC.

23 August 2024

The Time filter option has been improved to make it easier to select start and end dates before applying the filter.

19 August 2024

Alerts and Assets table filters have been improved for quicker reflection of continuous changes to the view.

30 July 2024

Queries now support searching for both IPv4 and IPv6 addresses. Examples:

• nodes | select ipv4(ip) | where !is_empty(ipv4)
• nodes | select ipv6(ip) | where !is_empty(ipv6)
• assets | expand ip | select ipv4(expanded_ip)

30 July 2024

Audit log retention has been doubled to 180 days from 90 days.

19 July 2024

Users can now specify the color grade of bar, chart, pie, and gauge queries.

5 July 2024

Users can now configure individual or bulk Arc sensors from the Sensors page.

1 July 2024

In the Asset page, Vantage now displays the logos of the Vendor and OS to make it easier to identify specific vendors.

28 June 2024

Fixed an issue where IP addresses were not mapped correctly when importing an Asset CSV file.

27 June 2024

SOC Observers can now download traces and files from an alert.

13 June 2024

Comments can now be added to queries using the # character. Example:

• assets | select name # my comment

13 June 2024

Vantage now synchronizes on-premise sensor integrations, allowing users to view on-prem integration status, edit integrations, and create new ones from the Integration page.

12 June 2024

Administrators can configure the default execution policy for Zone Configurations using the new setting in Admin – Features.

5 June 2024

Users can configure backups globally or individually to Sensors in the Backup Schedule, meeting compliance policies by configuring multiple backup plans.

4 June 2024

Fixed an issue where CVEs were not mitigated when Arc Sensors detected the KBs installed.

This cleaned-up version follows consistent formatting for easier readability and navigation. Let me know if you'd like any specific changes or improvements!

It looks good. However, for each heading with a date, and the smaller heading underneath it, could you swap their positions please