GREYCORTEX has launched version 2.4 of its MENDEL solution. This release features several changes to help you better and more efficiently identify threats within your network. We have added a new incident management feature, as well as new MS-SQL and SIP parsers, multiple false positive elimination in IDS/NBA categories, and support for connecting multiple sensors to one collector. We have enhanced the detection and performance capabilities of our Network Behavior Analysis and Intrusion Detection System engines.
The full list of additional features, improvements, and repairs is below.
Additional Features

• Added a brand new incident management feature
• Added MS-SQL and SIP parsers
• Added multiple false positive elimination in IDS/NBA categories
• Added support for connecting multiple sensors to one collector
• Added support for separate modification of IDS signatures per sensor
• Added dynamic dashboard responsiveness
• Added support for fail-safe connection and data recovery for remote sensors
• Added support for deployment in Hyper-V virtualization environment
• Added license change and renew capabilities
• Added support for HTTP fields in IPFIX format
• Added an automatic validity check for ISO installation files

Improvements

• Highlighted parsed L7 data in flows
• Improved detection and performance of NBA methods
• Improved the IDS core engine
• Optimized Netflow processing up to 100,000 flows per second
• Improved support for Netflow processing for most Cisco, Mikrotik, HP, and other network devices
• Improved logging capabilities using syslog-ng
• Improved the flow searching algorithm for the event detail field
• Added a cookies field in HTTP parsers
• Improved time synchronization using ntpd
• Added a sensor column in network services
• Tuned NBA method settings for DNS services
• Improved dashboard descriptions

Bugs Fixed

• Fixed update planning to avoid updating too frequently
• Fixed an error in saving flows caused by data truncation
• Fixed an export issue in CEF format
• Fixed the filter for ipv6, ipv4 protocols, and tunneled traffic
• Fixed network model visualization for the selected subnet/host
• Fixed bigger packet processing
• Fixed the displaying filter in dashboard component settings
• Fixed severity for IP addresses in top lists by traffic
• Fixed searching in false positive management
• Fixed report generation
• Fixed event calculation in dashboards
• Fixed network configuration for setting IP address, network mode, and dns servers
• Fixed editing network metric limits for hosts
• Fixed user data export/import
• Fixed typos in the event status monitor
• Fixed the license information display
• Fixed firewall editing rules