- A framework to create and execute search-based detection rules written in “Query DSL”.
- Built in rules to monitor patterns in MITRE ATT&CK technique detections and generate alert.
- Upgrade MITRE ATT&CK framework to support sub technique detection.
- Enhance the Anomalous login detection event to provide user/IP address break up.
- Optimizations in hash lookup from Application Control to Netsurion Threat Center.
- Deprecate SHA1 as cab tamper protection algorithm.
- Upgrade Elasticsearch.
- Deprecate support for older OS and SQL versions.
- Multiple security enhancements and bug fixes.