New Features

  • A framework to create and execute search-based detection rules written in “Query DSL”.
  • Built in rules to monitor patterns in MITRE ATT&CK technique detections and generate alert.

Feature Enhancements

  • Upgrade MITRE ATT&CK framework to support sub technique detection.
  • Enhance the Anomalous login detection event to provide user/IP address break up.
  • Optimizations in hash lookup from Application Control to Netsurion Threat Center.


  • Deprecate SHA1 as cab tamper protection algorithm.
  • Upgrade Elasticsearch.
  • Deprecate support for older OS and SQL versions.
  • Multiple security enhancements and bug fixes.