January 21, 2020
GREYCORTEX is happy to announce that we have released the latest version of our MENDEL network traffic analysis solution. Version 3.5.0 brings important features, improvements, and bug fixes. Among major features, you can find Central Event Management, which enables users to create multi-level appliance structure for exhaustive network overview, or data export into CSV format for more in-depth analysis or enriching other big data tools.
This version contains a number of major changes in the system. To ensure a smooth upgrade process and to provide support to all our partners and customers, we will be introducing this release gradually over the next 14 days.
Data Export into CSV format
MENDEL users can now export data regarding hosts, network, flows, and even incidents into csv. format for further processing and creation of new network data visualizations.
Central Event Management
For customers or partners with larger deployments, MENDEL offers the ability to connect appliances using a multi-level structure; consisting of sensors, collectors, and a Central Event Management console. This provides a more comprehensive overview of the full network.
Validating SSL and TLS certificates
For encrypted communication, MENDEL detects expired or invalid SSL and TLS certificates and alerts the user.
ARP protocol parser
We have added the ability to parse the communications using the Address Resolution Protocol for even better processing of non-IP data.
Operating system identification using L7 data
MENDEL is able to detect the operating system of the host more precisely, using an advanced data model based on Samba, DHCP, HTTP, SSH, and L3/L4 parameters, among others. Data is also presented within a new dashboard showing the top operating systems in the network for the chosen period.
Filtering data by additional values
We added the option to filter by additional variables, including operating system, interface, application, and port range.
New predefined dashboards
We have provided two new dashboards: Risks and Statistics; for our users to quickly and easily review the situation in their network.
- Upgrade of system components
- Printer tagging
- Browser protocol parser
- Sensor-Collector management
- Enhanced TLS 1.3 protocol parser
- Extended host/subnet lease time
- Configurable display level
- Decoding QoS/DSCP
- System improvements
- Network capture module improvements
- GUI improvements
- Localization improvements
MMS protocol processing
For the visualization of MMS protocol data and further analysis, we added MMS protocol processing.
Asset resources management
We added the ability to name, manage, and add new devices in the network.
DLMS/COSEM protocol parser
We added parsing for DLMS/COSEM, one of the most widely accepted international standards for utility meter data exchange.
OMRON FINS protocol parser
We added parsing for the OMRON FINS protocol, which can be used by a PLC program to transfer data and perform other services with a remote PLC connected on an ethernet network.
In general, our development team focused on improving user experience and reporting. As well as more improvements to user experience, system stability, and performance.
Please note that upgrading to version 3.5.0 will replace the system kernel and reboot the appliance.
We recommend having direct or remote access to the appliance in order to be able to restart it if necessary.