Serie v4.0.x

v4.0.1 (2025-09-02)

Sensor

• Improved model initialization reliability: When a baseline is missing for a given model, the Sensor now initializes all “ever seen” maps (protocols, external destinations, peers) automatically, preventing incomplete learning states and ensuring consistent anomaly detection from the start.

v4.0.0 (2025-09-02)

• Dependency upgrades for performance and security: Updated core libraries and underlying frameworks to improve runtime efficiency, long-term compatibility, and security posture.

Sensor

• Adaptive ML-based threat detection for abnormal behavior: Added new adaptive rules that learn what “normal” looks like per device (ports used, protocols spoken, peer communication patterns, traffic spikes) and alert when behavior deviates, reducing reliance on static signatures.
• New detection rules for OT network hygiene: Added a rule to detect new or unusual external connections, plus rules to detect abnormal broadcast / multicast bursts and cross-zone traffic between different networks, helping identify lateral movement and mis-segmentation early.
• Lower overhead, less allocation pressure: Reduced per-packet allocations (for example, by simplifying MAC handling and using lighter data structures), improving performance on constrained hardware in OT networks.

On-Prem Console

• Asset annotations and tagging: Operators can now attach notes and tags to any device directly in the console, filter by tags, and export these annotations. This turns inventory into a living asset register, not just a passive list.
• CSV export of inventory: One-click export of the full inventory (including MAC addresses and annotations) to CSV for offline review, audits, or sharing with external teams.
• Richer per-device view: The Resource view now highlights KPIs and barcharts for key activity, shows full network context in one place (flows, last-seen times, PLC badge, Siemens industrial details, etc.), and hides empty sections automatically to reduce noise.
• Faster, clearer vulnerability intelligence: Vulnerability views now include CISA KEV flags, Siemens advisories, and per-device exposure context; the UI shows only the key CVSS score by default and surfaces whether a Siemens product is cancelled/EoL, helping teams prioritize what is actually urgent.
• Automated policy assistance for firewalls: Added native Fortinet integration (in addition to Stormshield), able to publish inventory and generate baseline filtering policies automatically — reducing manual firewall rule authoring around OT assets.
• Smarter enrichment for industrial devices: The backend now automatically enriches Siemens devices using the Siemens catalog (order numbers, lifecycle status, industrial details) and infers device type centrally, removing guesswork from the sensor and producing cleaner, vendor-aware asset classification.
• Network map performance and clarity: The topology map now renders faster by simplifying redraw logic, batching edge calculation, and removing low-value MAC noise; PLCs are visibly marked; broadcast destinations and subnet-level broadcast behavior are handled more accurately.
• High-volume alert triage at scale: Alert Groups are now first-class — alerts are deduplicated and grouped with their own detail page, investigation and response guidance, pagination for long-running issues, and direct links to affected rules and assets.
• Preloaded dashboards and reports: Global Overview, per-account overview, Settings, and Reports now load data via route-level loaders (alerts, snapshots, vulnerabilities, compliance, findings, traffic) before the view renders, which makes navigation feel immediate even in very large environments.
• Console ergonomics and visual polish: Added dark mode–aware theming across tables and charts, breadcrumb-based page titles, PLC badges in network views, scroll performance improvements, row virtualization for big inventories, automatic redirect to Global Overview on login, and consistent “don’t show empty cards” cleanup throughout the UI.
• Backend scalability and tuning: Added targeted indexes and query refinements across alerts, alert groups, vulnerabilities, and traffic data; adopted a more efficient MAC vendor database and caching/prefetch strategies; improved external intel fetching (Siemens, NVD, AbuseIPDB) to avoid rate and resource exhaustion.
• Higher-fidelity PLC awareness: The sensor now tags PLCs in network maps and tracks low-level L2 traffic (including broadcast and multicast at the MAC layer), giving better visibility into industrial controller behavior beyond traditional IP-only analysis.
• Baseline management moved to the backend: Baselines for “ever seen” external destinations and behavioral models are now stored centrally instead of per sensor, improving consistency across sites and making tuning and audit easier.