Trellix Network Detection and Response Console (formerly Network Investigator) Release 4.1.0 is available for download today.
Network Detection and Response Release 4.1.0 includes various fixes in addition to detection and response capabilities, and powerful new features and enhancements described below. For a complete list of all the fixes, please refer to the Product Release Notes.
- Trellix Hyperautomation to streamline incident response, automate security tasks, orchestrate security workflows, and schedule or manually run response actions for NDR alerts
- Nozomi Guardian integration strengthens our capability to monitor and secure Operational Technology (OT) and Industrial Control Systems (ICS) environments. Through this integration, the NDR Console will receive security alerts generated by Nozomi Guardian, improving the visualization of both OT and IoT assets
- Amazon S3 integration for ingesting VPC Flow Logs enabling the detection of malicious lateral movement activities by cloud endpoints
- Enables two way detection with ability to pivot from SIEM alert back into NDR Console for deeper investigation
- Enhanced IPv6 support for Federal and Government compliance
- Rich alert context and guided next steps provide threat details and suggest mitigation actions, enabling analysts to quickly investigate and remediate issues
- Suppressing Policy Violation Alerts from Trellix IPS Sensors improves SOC efficiency by reducing alert fatigue and unnecessary triage time
- Improved detection for various DNS anomalies and attacks, including DNS Hijacking, DNS Poisoning, DNS Rebinding, and DNS Fast Flux
- Domain Controller Attack Detection for DC Sync and DC Shadow attacks through plugin-based detection mechanisms
- Categorizing alerts generated by DGA and DNS Tunneling as anomalies
- The NDR Console now provides MITRE ATT&CK data for both Enterprise and IoT/ICS assets, showing tactics, techniques, and sub-techniques across these environments. Comprehensive threat visibility empowers users to effectively identify and respond to alerts. Users can employ the Matrix filter to view alert counts, categorized by Enterprise, IoT/ICS, or a combined matrix
- Alert Status filter enhancements
- Support for NDR Console deployment on Microsoft Hyper-V
Notes:
Network Detection and Response Console 4.1 is compatible with Packet Capture 6.2 or later.
You can upgrade your NDR Console appliance (formerly Network Investigator) to Release 4.1.0 from Release 4.0.0. For upgrade instructions, please refer to the NDR Console Product Guide.
For further details on the features and fixes included in this release, please log in to the Trellix Customer Support Portal using your Trellix support credentials and refer to the Network Detection and Response Console 4.1 Release Notes.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.