Serie v3.1.x

v3.1.0 (2025-08-04)

• Dependency upgrades for performance and security: Updated core libraries to their latest stable versions to improve runtime efficiency, maintain compatibility with modern systems, and include recent security patches.
• Global performance improvements: Optimized queries, indexing, dashboard loading, and data retrieval to improve responsiveness across large plants and multi-site environments.

Sensor

• OT protocol coverage extended with Modbus support: Added native Modbus awareness in the sensor to improve visibility into industrial PLC communications.
• Improved passive device discovery and registration stability: Fixed sensor restart edge cases, ensured correct interface prefix injection, and made status reporting more reliable when multiple monitored networks are involved.
• Lower noise in event forwarding: Removed local caching logic that previously hid repeated packets; deduplication is now handled centrally, reducing the chance of missing important activity.
• More reliable command delivery at scale: Switched to a more robust delivery mechanism for sending instructions from the platform to sensors, improving command reliability in production OT environments.

On-Prem Console

• Vulnerability intelligence with CISA KEV and Siemens advisories: The vulnerability views now highlight if a CVE is known to be actively exploited (CISA KEV) and include vendor advisory details (including Siemens) for faster assessment of critical issues.
• End-to-end vulnerability analysis with prioritization: Introduced a new vulnerability analysis experience powered by cached data, including per-CVE details, affected resources, top 5 riskiest devices, CVSS vector breakdown, and a Safetybits risk score to focus attention on what matters most.
• Multi-CPE inventory enrichment per device: Devices can now hold several CPE identities (including vendor firmware, OS/kernel, etc.), improving accuracy when matching vulnerabilities for OT assets, gateways, and industrial Linux-based equipment.
• Per-resource network activity views: Each device now has a dedicated detail page showing recent traffic in table form, last-seen timestamps for each connection, GeoIP location and IP risk for external peers, and a 24-hour traffic timeline to understand behavior changes.
• Alert Grouping and noise reduction workflow: Alerts are now automatically grouped into Alert Groups with deduplication, timeline charts, pagination, and investigation/response guidance — making it easier to review incidents without being flooded by repeated alerts.
• Interactive tuning from alerts: From an alert, operators can now push a source or destination IP straight into an allowlist parameter in the relevant rule, with validation and immediate visual feedback.
• Improved global and per-plant dashboards: The Overview and Global Overview dashboards now load incrementally, prioritize alerts and network traffic first, and make heavy trends easier to interpret with AreaCharts, sqrt scaling for peaks, and better card hierarchy.
• Topology and flow visibility refinements: Faster redraw of the network map, clearer arrow sizing based on traffic volume, inline past-alerts rendered as packet-like rows (not accordions), and better highlighting of who’s talking to whom in the last 24 hours.
• Integrated threat intel and geolocation context for external connections: The platform now enriches external communications with GeoIP attribution, IP reputation (AbuseIPDB), and country-level context, using persistent caching and rate limiting to stay responsive without blocking ingestion.
• UI/UX consistency improvements: Introduced consistent page titles and breadcrumbs, neutral backgrounds to emphasize key content, rounded graph styling, spacing and margin fixes, and removal of obsolete developer/debug-only views.
• Scalability improvements in Alerts and Trends: Added new indexes, split heavy queries into parallel calls, paginated Alert Groups and alerts-by-group, and limited historical alert fetches to keep investigations responsive in high-volume environments.
• Improved data retention and hygiene: Old alerts are now aged out automatically every 30 days, keeping the interface focused on current and relevant security events.