Serie v4.4.x

Serie v4.4.x

v4.4.3 (2025-12-23)

Dependency upgrades for performance and security: Updated core libraries to their latest stable versions to improve runtime efficiency, maintain compatibility with modern systems, and include recent security patches.

Richer baselines: Baselines now track bytes per second (B/s) in addition to packet-based metrics, enabling more accurate anomaly analysis.
UI refinements: Switched to a lighter badge variant for improved readability and fixed WebView language handling issues.

Traffic anomaly improvements: Updated the traffic anomaly rule to leverage the new B/s baseline metric, reducing noise in high-throughput environments.
New S7 detection – WriteVar operations: Added a rule to detect S7 WriteVar operations, extending coverage of potentially unsafe write actions.

New S7 detection – SZL reads: Added a rule to detect S7 SZL read operations, improving visibility into device reconnaissance and diagnostic activity.
S7 START command detection: Added new rules to detect different S7 START CPU commands, increasing coverage of control operations.
S7 STOP CPU detection: Introduced a rule to detect S7 Stop CPU orders, providing early warning for high-impact operational actions.

Improved visual consistency: Extracted a shared Logo component that correctly adapts to dark mode across the application.
Scoped alert visibility: Alerts that are scoped out are now visually highlighted, making it easier to understand why a detection is suppressed.
Scope-based tuning: Added quick exclusions based on scope to simplify rule fine-tuning.
UI correctness: Alerts are now refreshed correctly when changing the rule scope.

Subnet-based rule scoping: Rules can now be scoped by subnet, enabling more precise detections in segmented OT networks.

Dependency upgrades for performance and security: Updated core libraries to their latest stable versions to improve runtime efficiency, maintain compatibility with modern systems, and include recent security patches.

Rule scoping: Added the ability to define a scope of application for each rule, enabling more granular and contextualized detections across plants or device groups.
MITRE ATT&CK v18 update: The detection mappings have been updated to align with the latest MITRE ATT&CK for ICS v18 framework.
Account onboarding: New accounts are now created without automatically enabling all rules, allowing more controlled activation per use case.
Siemens catalog compatibility: Adapted the Siemens integration to handle new date formats (3399) introduced in the manufacturer’s updated catalog.

EtherNet/IP protocol support: Added full decoding support for EtherNet/IP, extending visibility into industrial control communications and enhancing detection depth.
Noise reduction in detections: Introduced guards and refinements to improve signal quality across adaptive ML rules and lateral movement detections.