Version 4.5

4.5.0

• The updated Anomaly Detection and Behavioural Clustering engines allow faster detection of threats (within 5 to 10 minutes) and with increased time specificity (within a 5-minute time window). The documentation has been updated (Anomaly Detection alerts and Behavioural Clustering alerts).
• Extended event types support for Radware WAF devices: Management events and System events and now supported (documentation)
• Usability and reliability improvements:
  • Report types now include a description field.
  • User input is now supported when resolving and acknowledging an alert (using the “Alert Details” screen) allowing to fill in the reason for the performed action.
  • The alerts list now includes two new attributes (“resolved_by” and “acknowledged”) displaying the email of the user that performed a specific action.
  • The device status changes to offline when locked by a user.
  • Miscellaneous performance and reliability improvements on the alerting subsystems.
  • Optimization on the log size and log count calculation routine.

Version 4.4

4.4.0

• ThreatDB alerting and alerts screen revamp (documentation)
• In screens with contain listed items (e.g. threatdb alerts page), the total number of items is added next to the number of pages on the top of the list
• Fixed a bug regarding the “clone report-type” feature that affected report templates
• Revamp in Juniper SRX firewall integration. Juniper SRX filters have been implemented and deployed for MOREAL according to current PoC samples. For a list of supported log IDs please refer to the documentation

Version 4.3

4.3.0

• You many now lock a device to stop monitoring and receiving logs (documentation)
• Custom IP ranges with distinct names can be now added for enhanced functionality. (documentation)
• The IP Profiles view has been revampled for better navigation (documentation)
• The Alerts Overview screen has been redesigned with new functionality including multiple alerts selection and management (documentation)
• The liveness checking functionality has been improved and now includes more informative states (documentation)

Version 4.2

4.2.0

• The display pages for devices, users and organizations are enriched with new attributes including registration dates
• Customizable size options in pie charts (chart examples)
• Descriptions can now be included when adding whitelisted IPs
• Vendor integration
  • Initial support for Radware WAF appliances (Security events currently)
  • UPDATER and SPAMQUARANTINE types on Cisco ESA appliances are now supported
  • Enhanced Cisco ASA netflow support
• Various bug fixes
  • acknowledge/resolve now works properly in custom-rules alerts
  • “relevant events” links now retain the device context
  • fixed report collections in device live monitoring
  • whitespace now is ignored on event filtering
  • Custom rules for the threat sensor with “default” criticality are now properly handled
• Miscellaneous performance and reliability improvements including streamlined mail delivery and query handling

Version 4.1

4.1.0

• Custom Rules Engine v.2.1 (Documentation: Rules overview, Add/edit rule, technical article)
• Event filters expressions enhancement by providing OR and NOT operators (documentation: Events overview)
• Alerts search based on Organization and date (documentation: Alerts overview)
• Device Liveness check fix
• Show events from Report Types fix

Version 4

4.0.0

• Network graph & GraphIQ v1.0. At branch level, an interactive network graph is provided to show the most significant interactions (edges) and entities (nodes) in the monitored network. (technical overview, documentation)
• Decision Maker v.1.0 reasoning component and corresponding alerts (technical overview, generated alerts description)
• Organization level mitigation suggestions through downloadable SNORT signatures file (documentation)
• Additional Custom Rules functionality (min & max functions)
• Minor widgets improvements in MOREAL dashboards

Version 3.5

3.5.0

• Anomaly Detection v.1.1 (technical overview, generated alerts description)
• Behavioural Clustering v.1.1 (technical overview, generated alerts description)
• Alert overview redesign (documentation)
• Liveness check bug fix
• Custom Rules Engine v.2 GUI bug fix
• Alert generation improvements

Version 3.4

3.4.0

• Virtual Device support (documentation)
• ThreatDB TRI model & computation component v.2.0
• Custom Rules Back-end Engine v.2.0
• New version popup notification

Version 3.3

3.3.1

• Personalised ThreatDB whitelisting (documentation)
• Updated “Most active IPs” feature with extended time range (documentation)
• Various UI tweaks in “IP Profiles” (documentation)
• Minor UI tweaks in “Device Security Dashboard” (documentation)

3.3.0

• Anomaly Detection engine* (technical overview, generated alerts description)
• Behavioral clustering engine* (technical overview, generated alerts description)
• Most active IPs lists (documentation)
• IP Profiles screen* (documentation)
• Optimized dashboard charts (documentation)
• Several minor fixes and UI improvements including links between security and monitoring components to offer even better visibility and more efficient root-cause analysis.

*The new Anomaly Detection and Behavioral Clustering engines and the new IP-Profiles dashboard utilize aggregated metrics which are documented here.

Version 3.2.0

New Features

• Added case insensitive Full Text Search functionality to alerts
• Filtering by alert type was added to alerts screen
• Sorting by alert occurrences was added to alerts screen
• Refresh button on alerts screen allows user to see new alerts generated
• Refresh button on events screen fetches new log records when relative time context is selected
• Top-left menu alerts counter was replaced by dropdown menu presenting alerts breakdown by alert type
• Performance improvement on alerts and events screens
• On-screen help popover notifications were added for all dashboard elements
• Alerts have been reset to accommodate for the new alert grouping mechanism (old alerts still available on demand)
• New grouping backend mechanism implemented, ensuring incidents of the same reasoning are stored under one alert that is unique on daily basis

Version 3.1.0

New Features

• Added HIPAA Compliance Reporting. HIPAA Compliant Organizations can now print reports that respect selected compliance standards.
• Implementation of Vulnerability Assessment – a new alerting mechanism that checks events against existing CVEs (Common Vulnerabilities Exposures) and reports alerts per asset based on criticality. Currently only Nessus CSV files supported.
• New Dashboard features provide the user with live feed of critical network information for the last 24 hours
• The new Dashboards revolve around the point of view a user chooses to focus upon
• Organization Dashboard provides an organization wide view of network information
• Branch Dashboard provides a physical network view of information
• Device Dashboard breaks down to the lowest level possible providing network feed and device health status of a single device
• New map that can been seen inside Organization Dashboard show where the alert occurs , so an engineer can better focus upon
• Network graph found inside Branch Dashboard provides a graph visualization of alert related traffic

Bug Fixes

• Fixed a bug where users would see duplicates if they tried to add a new ip range inside an organization and then saved it.
• Some devices were misplaced on the dashboard maps. This has now been fixed.
• Acknowledge and resolve buttons in the alerts page are now working as expected.
• Map and graph zoom has been optimized for touch devices.