Releases Notes

U38.0.0 (2022-05-05)


  • Beacon detection over TLS for complex command and control architectures

  • Sightings detection of newly discovered metadata

  • Ruleset version management with revert and freeze

  • Saving and sharing custom threat hunting filters

  • Convenient tenant filtering and pagination

  • New dashboards and hunting filter sets and dashboards

  • Automatic host role identification

  • Suspicious file capture and extraction

  • Attack timeline augmented with evidence from Host Insights

  • Organizational context from the network definitions for native Suricata sensors

  • Streamlined interface

  • Extended data display time range

  • Quick start ET Pro setup from license page

  • Configure ruleset updates at the time a ruleset is created

  • Customizable Suricata start command line when operating in expert mode

  • Live profiling of rule performance

  • New expert mode for advanced Logstash configuration

  • “User actions” in activity log now includes the user’s IP address

  • Upgrade of the embedded ELK stack to 7.10.2

  • Added protocol support for TFTP, SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT, DCERPC, vxlan, vntag

  • Eliminate support for Elasticsearch 5

  • New options to log Ethernet headers and dump all HTTP headers

  • Exclusive Suricata features including new keywords for SMB, SMTP URL extraction over multiple URL schemes

  • Operating system upgrade with security patches

  • Embedded tcpdump tool has been added

U37.1.0 (2021-10-02)


  • MITRE ATT&CK framework: add information in threat hunting and threat radar

  • Host ID REST API improvement: new end points to detect change in the network

  • Hostname & IPs lookups to VirusTotal

  • Misc bug fixes and improvements

  • Operating system upgrade with security patches