What's new

• Deep integration with the Kaspersky Endpoint Detection and Response Expert (KEDR Expert). Integration is available only with a Symphony XDR license.
• Added integration with Kaspersky Industrial CyberSecurity for Networks in asset inventory and response scenarios.
• Expanded integration with Kaspersky Security Center.
• Expanded capabilities for an SQL search based on events in storage.
• Expanded capabilities of event collection components (collectors):
  • Added enrichment with information about the region by IP address (GeoIP).
  • Added capability of enrichment from dictionaries (tables) filled in manually in the web interface or via API.
  • Added capability to adjust the time according to the time zone of the event source.
• Added computable variables to cover complex threat detection scenarios during event correlation.
• Added capability to collect events from an isolated segment containing a data diode when there is no possibility of transmitting network UDP packets.
• Added capability to configure custom templates and alert notification rules.
• Expanded analytics tools and added new widgets.
• Added asset audit function.
• Added sFlow traffic telemetry support for Juniper hardware. Similarly to Netflow, event data can be collected without limitations when using a license with an active Netflow module.