June 27, 2018

GREYCORTEX has released the latest version of our MENDEL network traffic analysis solution. Version 3.1 has several important new features which improve detection and response for the network security team.

False positive management has been improved, including new "default" false positives, host tagging, and usage statistics to improve detection and eliminate false alarms. Version 3.1 also offers a new NetFlow module to process multiple NetFlow sources more quickly. MENDEL is now able to block selected communications via external firewalls and routers directly from within MENDEL. There’s even a new color scheme.

New features include:

  • A new, redesigned false positive manager dialog for improved user experience, including default false positives and host tagging, saving time in false positive creation, and improving accuracy across like devices.
  • Added a new Netflow module to process netflow data more quickly for users with multiple, smaller locations like branch offices where a full MENDEL sensor may not be practical
  • Enhanced the plugin system for reporting events into external systems like routers, firewalls, as well as the use of custom and parameterized scripts, so users can take actions like blocking offending communications via firewall directly from the MENDEL interface.
  • Additional new features include
  • Added integrated NTP protocol visibility
  • Added integrated NFS protocol visibility
  • Added recognition for Out of Order, Zero window, and other packet errors into flows
  • Added the server name field from HTTPS communication
  • Added host discovery time into host dialog
  • Added support for downloading system logs from remote sensors

Improvements

  • Reworked Samba protocol to improve visibility and parser performance
  • Improved performance of flow storage in the system
  • Improved the Service No Reply detector for better handling of communication errors and tuned settings and descriptions of methods
  • Improved the Malware Spreading correlation rule to eliminate false detections
  • Improved rendering of certificate information
  • Improved the reporting of SPAN port outage events to eliminate false alarms

 Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.1 to work for you.