GREYCORTEX RELEASES MENDEL 2.9

GREYCORTEX is happy to announce the latest version of GREYCORTEX MENDEL; Version 2.9.0. This version includes several new important features: the first is the Flow Exporter, which gives you the possibility to export flows from MENDEL to your SIEM solution. The second important feature is the ability to execute script commands to other devices e.g. a firewall systems in order to block communications. SCADA network protocols Modbus and DNP3 L7 visibility have also been added, as has the ability to audit commands executed from ssh connections.
New Features

  • Added a Flow Export feature, which allows you to export flows from MENDEL to your favorite SIEM tool. This allows you to have the same data detail of a much more expensive SIEM-specific flow export tool, at a fraction of the cost.
  • Added ability to execute and send scripts, e.g. to a firewall – which means you can identify and stop incoming malware at the firewall, without ever leaving MENDEL.
  • Added integrated Modbus and DNP3 SCADA protocol visibility. Think of it as MENDEL for the industrial control systems. GREYCORTEX takes its next steps into protecting not just “traditional” networks, but also SCADA systems as well with these protocols.
  • Added SSH auditing (turn on the SSH audit signature in status monitor signatures)
  • Added possibility to filter by group of entities (subnet, host, mac, user) to extend filtering options using comma “,”, e.g. src:172.16.9.20,172.16.9.21 & dst:1.2.3.4 which shows communication between source IPs 172.16.9.20 or 172.16.9.21 and destination IP 8.8.8.8. In a nutshell: much more efficient filtering capabilities are now yours. Identify communication from not just one source and destination, but several hosts to a single destination, so complicated attacks are now clear.
  • MENDEL is powerful and detailed, but now it works just as well for the T1 Security Analyst. New installations and newly created users will see new default dashboards with Overview, Performance, and Security tabs included, for ease of use by everyone.

Improvements
Several different features of MENDEL were improved. These included improvements to the installation and update process, optimization of flows, and detection features – including the ability to choose your favorite IDS ruleset, or better L7 application service recognition.
Bug Fixes
In general, our development team focused on repairing inconsistencies in user experience and connectivity.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

MENDEL 2.8 RELEASED

We are happy to announce the latest version of GREYCORTEX MENDEL. Version 2.8 includes three new important features: the first is the Event Collector. Released as part of v2.7 (a limited release), the Event Collector offers the opportunity to centrally monitor events from several remote GREYCORTEX MENDEL collectors. The second major new feature is the Correlation Engine. This tool correlates individual, less-serious events – which together may be indicative of attacks within the network, to more effectively alert security analysts. Finally, MENDEL 2.8 includes proxy pairing functionality which identifies source or destination addresses hidden by proxy servers, which will allow security analysts to better identify potential issues on the network and provide even greater visibility.

New Features

  • Added a beta version of the Correlation Engine, including seven tuned rules which further increase security (The feature may be turned on by going to Settings->System Components)
  • Added a proxy pairing feature to display source or destination addresses hidden by a proxy server

Improvements

  • Optimized the display of charts and tables in the Network module
  • Added information about the type of key exchange algorithms in HTTPS and TLS flows
  • Improved the calculation of flow metrics to show values valid for specific parts

Bug Fixes

  • Fixed issues with disabling deep packet inspection and enabling rules in IDS
  • Fixed an issue with updates to older installations
  • Fixed issues with MS-SQL protocol parsing at higher speeds
  • Fixed an issue with displaying current values on the Network Services tab
  • Fixed an issue with displaying multiple VLAN IDs in a single flow
  • Fixed issues with parsing SMB flows
  • Fixed issues with editing export definitions
  • Fixed an issue with pagination results in the Peers graph
  • Fixed issues with restarting services
  • Fixed an issue with filtering by protocol type
  • Fixed an issue with deleting user-defined filters
  • Fixed an issue with saving user-created or user-defined filters
  • Fixed an issue with displaying VLAN statistics in the Analysis module
  • Fixed an issue with exporting records in CEF and Syslog formats
  • Fixed an issue with long hostnames
  • Fixed issues with calculating the minimum and maximum duration of flows
  • Fixed link formatting in Exports
  • Fixed an issue with displaying ASN names in flows
  • Fixed an issue with displaying host information in the Analysis module
  • Fixed the calculation of RTT and ART metrics in long term flows with unfinished communication
  • Fixed an issue with the validation of row counts in Column Manager


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX RELEASES MENDEL V 2.6.1

In the newest version of GREYCORTEX MENDEL (2.6.1) we have implemented several new features to improve performance, including a new flow scheme. This new scheme will also store more flow data and metrics. Existing data will be automatically transferred into this new scheme to ensure its continued usability. This data transfer process will run in the background, allowing you to continue to work with new flow data. Depending on the amount of existing flow data, the transfer may take few days, but it will not affect system usability.

We have also added a new DHCP application parser. This means you can now use DHCP data to identify hosts by their hostnames, giving you better knowledge/information about hosts; for better and more effective action.

Additional Features

  • Added new aggregated flow structures and their visualizations to achieve better performance
  • Added an additional severity decision mechanism for outlier detection to better highlight larger anomalies
  • Added a new DHCP application parser
  • Added the capability to display unfinished flows
  • Added an additional metric:  UET – User Experience Time – to network flows

Improvements

  • Improved database query performance
  • Improved the precision of the Round Trip Time and Server Application Response Time metrics computation
  • Optimized the performance of the Peers graph for faster loading
  • Upgraded the database to achieve greater performance
  • Set default log interval in log reporting to 7 days

Bugs Fixed

  • Fixed SMB protocol identification
  • Fixed network services model calculation
  • Removed queries to root DNS servers
  • Fixed missing DNS server configurations, which occurred in rare cases
  • Fixed settings for RX queues in network drivers
  • Fixed timezone usage
  • Fixed filtering issues in Incident Management
  • Fixed data inconsistency between Peers and Hosts graphs
  • Fixed report generation where data fields did not display correctly
  • Fixed hyperscan support on non-Intel architectures
  • Fixed password escaping issue
  • Fixed custom server certificate handling
  • Fixed system monitoring data propagation
  • Fixed DNS server settings
  • Fixed ICMP event and flow pairing
  • Fixed MS-SQL protocol parser
  • Fixed time handling in False Positives for different time zones
  • Fixed color configuration for Port Sweep detection
  • Fixed flows search in Outlier events
  • Fixed issue with duplicate hostnames
  • Fixed flow search in limit events
  • Fixed network configuration calculation
  • Fixed Url Share functionality in the comments field in Incident Management
  • Fixed filtering issue in Incident Management
  • Fixed pagination in Incident Management
  • Fixed issue in Url Share
  • Fixed transfer data calculation in the Peers graph
  • Fixed firewall autoconfiguration when enabling Netflow source
  • Fixed events filtering by name
  • Fixed subnet traffic calculation
  • Fixed allow/deny configuration description
  • Fixed the “To Filter” button in Peers graph
  • Fixed port and service name filtering
  • Fixed other issues related to Incident Management
  • Fixed subnet icons in Events
  • Fixed vulnerability to CVE-2016-2183
  • Fixed empty service description editing
  • Fixed false positives value editing
  • Fixed ICMP flow filtering on services
  • Fixed the assignment of hosts into incorrect subnets
  • Fixed host information display in the Analysis module
  • Fixed invalid DHCP transaction IDs in individual flows
  • Fixed DHCP parsing issues on flows from the DHCP relay
  • Fixed the password warning message when the password is shown as invalid during installation
  • Fixed the event payload display in IDS events
  • Fixed issues with special characters during installation
  • Fixed an issue with filtering port number and service name together
  • Fixed an issue with flow duration calculation
  • Fixed cancel button functionality in Flows view
  • Fixed calculation of the number of subnets in Events
  • Fixed the use of an incorrect filter in subnet to filter function in the Events tab
  • Fixed the filling service in False Positive
  • Fixed traffic information in incident links

MENDEL 2.5 RELEASED

GREYCORTEX has just released MENDEL 2.5. In this most recent version, we have made several additions to further improve performance, including a new detection method for forbidden services, faster pattern processing for IDS rules (requires Intel architecture), and HTTPS traffic decryption capabilities (with imported private key). The full changelog for MENDEL 2.5 is provided below.

Additional Features

  • Added a new detection method for forbidden services
  • Added faster pattern processing for IDS rules (requires Intel architecture)
  • Added new traffic direction types for better filtering
  • Added system self-reporting for additional functionality support
  • Added HTTPS traffic decryption capabilities (with imported private key)

Improvements

  • System components have been upgraded to their newest versions
  • VoIP protocol parsers have been included for better performance
  • Improved system hardening
  • Improved query performance in the Flows tab

Bugs Fixed

  • Fixed IDS stability problems
  • Fixed IP address settings for new interfaces
  • Fixed disabling parsing IDS rules and DPI
  • Fixed issues with system log rotation, maintenance, and removal
  • Fixed truncated application requests within flow data
  • Fixed ICMP codes reporting in flow records
  • Fixed the reporting service type in outlier analysis methods
  • Fixed upgrade log downloading via the GUI
  • Fixed false positive matching for countries
  • Fixed issues in Incident Management
  • Fixed displaying colored, blacklisted IP addresses on the Peers tab
  • Fixed support for IPv6 filtering
  • Fixed computation functionality in the Peers graph
  • Fixed the computation of severity in the Toplists dashboard
  • Fixed invalid filter value handling
  • Fixed an issue with user rights in the reporting module
  • Fixed autocomplete in Host filtering
  • Fixed time limit for false positive application
  • Fixed status monitor event information
  • Fixed filtering by timestamp in event lightboxes
  • Fixed filtering false positives in “Table by Service or Port”

User Note

To further improve performance, it is strongly suggested that users turn off unused ports.

 

 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

NEW VERSION 2.4.1 RELEASED

GREYCORTEX has launched version 2.4.1 of its MENDEL solution. This release adds a couple of new features and several bug fixes to help you better and more efficiently identify threats within your network.

The full list of additional features, improvements, and repairs is provided here:

Features

  • New background report generation with historical download capability
  • Extended IDS signature information with integrated description

Bugs Fixed

  • Fixed DNS cache parameters to improve hostname record display in network flows
  • Fixed system timeout issue during transmission of large reports via email
  • Fixed data update when downloading via proxy server
  • Fixed false positive detection for specific time periods
  • Fixed boundary display in network model
  • Fixed invalid time window in incident management link
  • Fixed data traffic display for selected hosts in graphs displayed on the Peers tab
  • Reduced system load following upgrade, including service restart
  • Fixed issue with IDS service restart after system reboot
  • Fixed database upgrade

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.