Javascript is required for MOREAL Online Documentation to function properly. Please enable Javascript by adjusting your browser settings.


Version 5.0


  • ¬†Layout is redesigned and Sky Framework is adopted.

Version 4.6


  • Quota and Storage Utilization feature.
    • Changes in various screens for more effective display of information related to organizations’ subscription plans. The documentation has been updated (Subscription plans overview and Creating/editing a subscription plan).
    • Email notifications regarding subscription plans volume are sent frequently to appropriate users for taking action.
    • Storage Utilization backend component produces monthly utilization documents regarding organizations volume for reporting purposes.
  • Map in device dashboards page is updated when user is searching for devices.
  • Map in organizations’ security dashboard displays the correct organization names.


Version 4.5


  • Audit logging refactoring with the ability to track actions on users, organizations and devices.
  • Report templates and rules are now properly configured to be created and viewed by authorized users.
  • Transactional email delivery using the SendGrid service.
  • Timing information (occurrence time) on alerts is now properly formatted.



  • The updated Anomaly Detection and Behavioural Clustering engines allow faster detection of threats (within 5 to 10 minutes) and with increased time specificity (within a 5-minute time window). The documentation has been updated (Anomaly Detection alerts and Behavioural Clustering alerts).
  • Extended event types support for Radware WAF devices: Management events and System events and now supported (documentation)
  • Usability and reliability improvements:
    • Report types now include a description field.
    • User input is now supported when resolving and acknowledging an alert (using the “Alert Details” screen) allowing to fill in the reason for the performed action.
    • The alerts list now includes two new attributes (“resolved_by” and “acknowledged”) displaying the email of the user that performed a specific action.
    • The device status changes to offline when locked by a user.
    • Miscellaneous performance and reliability improvements on the alerting subsystems.
    • Optimization on the log size and log count calculation routine.


Version 4.4


  • ThreatDB alerting and alerts screen revamp (documentation)
  • In screens with contain listed items (e.g. threatdb alerts page), the total number of items is added next to the number of pages on the top of the list
  • Fixed a bug regarding the “clone report-type” feature that affected report templates
  • Revamp in Juniper SRX firewall integration. Juniper SRX filters have been implemented and deployed for MOREAL according to current PoC samples. For a list of supported log IDs please refer to the documentation

Version 4.3


  • You many now lock a device to stop monitoring and receiving logs (documentation)
  • Custom IP ranges with distinct names can be now added for enhanced functionality. (documentation)
  • The IP Profiles view has been revampled for better navigation (documentation)
  • The Alerts Overview screen has been redesigned with new functionality including multiple alerts selection and management (documentation)
  • The liveness checking functionality has been improved and now includes more informative states (documentation)

Version 4.2


  • The display pages for devices, users and organizations are enriched with new attributes including registration dates
  • Customizable size options in pie charts (chart examples)
  • Descriptions can now be included when adding whitelisted IPs
  • Vendor integration
  • Various bug fixes
    • acknowledge/resolve now works properly in custom-rules alerts
    • “relevant events” links now retain the device context
    • fixed report collections in device live monitoring
    • whitespace now is ignored on event filtering
    • Custom rules for the threat sensor with “default” criticality are now properly handled
  • Miscellaneous performance and reliability improvements including streamlined mail delivery and query handling

Version 4.1


Version 4


  • Network graph & GraphIQ v1.0. At branch level, an interactive network graph is provided to show the most significant interactions (edges) and entities (nodes) in the monitored network. (technical overview, documentation)
  • Decision Maker v.1.0 reasoning component and corresponding alerts (technical overview, generated alerts description)
  • Organization level mitigation suggestions through downloadable SNORT signatures file (documentation)
  • Additional Custom Rules functionality (min & max functions)
  • Minor widgets improvements in MOREAL dashboards


Version 3.5



Version 3.4


  • Virtual Device support (documentation)
  • ThreatDB TRI model & computation component v.2.0
  • Custom Rules Back-end Engine v.2.0
  • New version popup notification


Version 3.3





*The new Anomaly Detection and Behavioral Clustering engines and the new IP-Profiles dashboard utilize aggregated metrics which are documented here.

Version 3.2.0

New Features

  • Added case insensitive Full Text Search functionality to alerts
  • Filtering by alert type was added to alerts screen
  • Sorting by alert occurrences was added to alerts screen
  • Refresh button on alerts screen allows user to see new alerts generated
  • Refresh button on events screen fetches new log records when relative time context is selected
  • Top-left menu alerts counter was replaced by dropdown menu presenting alerts breakdown by alert type
  • Performance improvement on alerts and events screens
  • On-screen help popover notifications were added for all dashboard elements
  • Alerts have been reset to accommodate for the new alert grouping mechanism (old alerts still available on demand)
  • New grouping backend mechanism implemented, ensuring incidents of the same reasoning are stored under one alert that is unique on daily basis

Version 3.1.0

New Features

  • Added HIPAA Compliance Reporting. HIPAA Compliant Organizations can now print reports that respect selected compliance standards.
  • Implementation of Vulnerability Assessment – a new alerting mechanism that checks events against existing CVEs (Common Vulnerabilities Exposures) and reports alerts per asset based on criticality. Currently only Nessus CSV files supported.
  • New Dashboard features provide the user with live feed of critical network information for the last 24 hours
  • The new Dashboards revolve around the point of view a user chooses to focus upon
  • Organization Dashboard provides an organization wide view of network information
  • Branch Dashboard provides a physical network view of information
  • Device Dashboard breaks down to the lowest level possible providing network feed and device health status of a single device
  • New map that can been seen inside Organization Dashboard show where the alert occurs , so an engineer can better focus upon
  • Network graph found inside Branch Dashboard provides a graph visualization of alert related traffic

Bug Fixes

  • Fixed a bug where users would see duplicates if they tried to add a new ip range inside an organization and then saved it.
  • Some devices were misplaced on the dashboard maps. This has now been fixed.
  • Acknowledge and resolve buttons in the alerts page are now working as expected.
  • Map and graph zoom has been optimized for touch devices.