Serie v4.1.x

Serie v4.1.x

v4.1.6 (2025-10-07)

Code alignment and structural consistency: Internal data structures aligned for easier maintenance and consistent behavior across backend and sensor components.

Detection engine tuning and stability: Added standard deviation guards to port scanning and protocol expansion detections to further reduce noise and improve model reliability.

Dependency upgrades for performance and security: Updated core libraries to the latest stable versions to improve runtime efficiency and maintain modern compatibility.

Baseline insights for each device: The behavioral baseline (normal communication patterns per device) is now displayed by default in each resource’s view, making ML detections explainable and actionable.

Dependency upgrades for performance and security: Updated core dependencies and markdown packages for improved stability and runtime compatibility.

Finer control in ML-based detections: Introduced epsilon tolerance to handle ultra-stable devices, ensuring anomalies are triggered only when deviations are significant.
Protocol-level awareness: Detections now consider both the number of packets and the observed variability per protocol, improving accuracy for low-volume industrial communications.

Higher signal quality in behavioral analysis: Introduced unicast packet rate tracking to reduce noise from background broadcast or multicast traffic, ensuring alerts are tied to meaningful communications.
Improved robustness of detection models: Automatically replaces invalid IPs with safe placeholders to prevent training interruptions.
Development ergonomics: Added Makefile and structure alignment utilities to streamline internal maintenance.

Improved correlation in adaptive detections: ML-based detections now deduplicate events by rule, origin, and observation window, prioritizing the most relevant context for each anomaly.
Stable handling of invalid IPs: Introduced safer defaults when parsing incomplete network data to ensure detection continuity even with malformed packets.

Reduced false positives in ML detections: Adjusted guard and score thresholds for abnormal network activity to suppress minor variations and focus on significant behavioral changes.
Improved exception management: Quick-add button for detection exceptions now works more reliably, helping teams fine-tune detection sensitivity in live environments.

Dependency upgrades for performance and security: Updated core libraries and build dependencies to maintain compatibility and improve runtime performance.

Unified terminology with ‘Detections’: Rules are now renamed to Detections for clarity. Each detection is classified by type (e.g., Network Discovery, Abnormal Protocol Expansion, Suspicious Port Scanning) to better represent real-world behaviors.
Behavioral model improvements: Initial ML training window reduced to two days for faster learning in smaller environments.
Noise reduction improvements: Adjusted scoring floors for traffic and broadcast detections to avoid benign fluctuations.

Enhanced visibility for detections: The Detections page now includes KPIs and tooltips for each detection type, allowing analysts to quickly understand trends and coverage.
Improved Siemens and inventory enrichment: Device normalization, CPE inference, and Siemens Catalog integration were centralized for more accurate and consistent enrichment.
UI consistency and hierarchy cleanup: Standardized card titles, simplified report visuals, and cleaned legacy components for a more uniform interface.