GREYCORTEX is happy to announce the latest version of GREYCORTEX Mendel; Version 2.9.0. This version includes several new important features: the first is the Flow Exporter, which gives you the possibility to export flows from Mendel to your SIEM solution. The second important feature is the ability to execute script commands to other devices e.g. a firewall systems in order to block communications. SCADA network protocols Modbus and DNP3 L7 visibility have also been added, as has the ability to audit commands executed from SSH connections.
- Added a Flow Export feature, which allows you to export flows from Mendel to your favorite SIEM tool. This allows you to have the same data detail of a much more expensive SIEM-specific flow export tool, at a fraction of the cost.
- Added ability to execute and send scripts, e.g. to a firewall - which means you can identify and stop incoming malware at the firewall, without ever leaving Mendel.
- Added integrated Modbus and DNP3 SCADA protocol visibility. Think of it as Mendel for the industrial control systems. GREYCORTEX takes its next steps into protecting not just “traditional” networks, but also SCADA systems as well with these protocols.
- Added SSH auditing (turn on the SSH audit signature in status monitor signatures)
- Added possibility to filter by group of entities (subnet, host, mac, user) to extend filtering options using comma “,”, e.g. src:172.16.9.20,172.16.9.21 & dst:18.104.22.168 which shows communication between source IPs 172.16.9.20 or 172.16.9.21 and destination IP 22.214.171.124. In a nutshell: much more efficient filtering capabilities are now yours. Identify communication from not just one source and destination, but several hosts to a single destination, so complicated attacks are now clear.
- Mendel is powerful and detailed, but now it works just as well for the T1 Security Analyst. New installations and newly created users will see new default dashboards with Overview, Performance, and Security tabs included, for ease of use by everyone.
Several different features of Mendel were improved. These included improvements to the installation and update process, optimization of flows, and detection features — including the ability to choose your favorite IDS ruleset, or better L7 application service recognition.
In general, our development team focused on repairing inconsistencies in user experience and connectivity.