January 21, 2020

GREYCORTEX is happy to announce that we have released the latest version of our Mendel network traffic analysis solution. Version 3.5 brings important features, improvements, and bug fixes. Among major features, you can find Central Event Management, which enables users to create multi-level appliance structure for exhaustive network overview, or data export into CSV format for more in-depth analysis or enriching other big data tools.

This version contains a number of major changes in the system. To ensure a smooth upgrade process and to provide support to all our partners and customers, we will be introducing this release gradually over the next 14 days.

More about GREYCORTEX Mendel 3.5

New Features

Data Export into CSV format 

Mendel users can now export data regarding hosts, network, flows, and even incidents into csv. format for further processing and creation of new network data visualizations.

Central Event Management 

For customers or partners with larger deployments, Mendel offers the ability to connect appliances using a multi-level structure; consisting of sensors, collectors, and a Central Event Management console. This provides a more comprehensive overview of the full network.

Validating SSL and TLS certificates 

For encrypted communication, Mendel detects expired or invalid SSL and TLS certificates and alerts the user.

ARP protocol parser 

We have added the ability to parse the communications using the Address Resolution Protocol for even better processing of non-IP data.

Enhancements

Operating system identification using L7 data 

Mendel is able to detect the operating system of the host more precisely, using an advanced data model based on Samba, DHCP, HTTP, SSH, and L3/L4 parameters, among others. Data is also presented within a new dashboard showing the top operating systems in the network for the chosen period.

Filtering data by additional values 

We added the option to filter by additional variables, including operating system, interface, application, and port range.

New predefined dashboards 

We have provided two new dashboards: Risks and Statistics; for our users to quickly and easily review the situation in their network.

Additional Enhancements:

  • Upgrade of system components
  • Printer tagging
  • Browser protocol parser
  • Sensor-Collector management
  • Enhanced TLS 1.3 protocol parser
  • Extended host/​subnet lease time
  • Configurable display level
  • Decoding QoS/​DSCP
  • System improvements
  • Network capture module improvements
  • GUI improvements
  • Localization improvements

SCADA

MMS protocol processing

For the visualization of MMS protocol data and further analysis, we added MMS protocol processing.

Asset resources management

We added the ability to name, manage, and add new devices in the network.

DLMS/COSEM protocol parser 

We added parsing for DLMS/COSEM, one of the most widely accepted international standards for utility meter data exchange.

OMRON FINS protocol parser

We added parsing for the OMRON FINS protocol, which can be used by a PLC program to transfer data and perform other services with a remote PLC connected on an ethernet network.

Fixed Issues

In general, our development team focused on improving user experience and reporting. As well as more improvements to user experience, system stability, and performance.

Please note that upgrading to version 3.5.0 will replace the system kernel and reboot the appliance. We recommend having direct or remote access to the appliance in order to be able to restart it if necessary.

Categories