June 2, 2020

GREYCORTEX has released the latest version of its MENDEL network traffic analysis solution. Version 3.6.0 brings important features, improvements, and bug fixes. The main features in MENDEL 3.6.0 include automatic plugin execution for faster response, more efficient storage for longer data retention, improved incident management, including generating incident reports, and many others.

MAIN FEATURES

Incident management 
Improves the ability to work with incidents, providing an easier way to define and describe security incidents and their management, and provide tools to export them into a final printable report (PDF) suitable for presentation and reporting

Automated Threat Response
MENDEL allows the automatic blocking of traffic on firewalls or sending notifications to external systems through custom scripts. The execution of the script is based on predefined event filter plugins.

Application Detection 
Enhanced flow detection, which can now recognize up to 4,000 commonly used applications to improve better visibility into specific services.

Multitier storage for longer data retention
A change in the way MENDEL stores data, with the goal of saving disk space and providing more effective storage for machines, with data retention over three months.

Parsing new RDP protocol and enhance existing parsers
Many improvements have been implemented for SMB, SNMP, SIP, SMTP, Modbus (TCP/UDP), and many other protocols.

JA3S support
Enhanced support for the JA3 fingerprint method, making it possible to fingerprint the entire cryptographic negotiation between a client and it’s server by combining JA3 + JA3S (server side fingerprinting).

Enhanced detection of malicious encrypted communication
MENDEL is able to detect malicious TLS certificates, malicious clients, or servers using JA3 fingerprints.

ENHANCEMENTS

Processing Cisco ASA NetFlow
Appliances are now able to process NetFlow data from Cisco ASA solutions in the NetFlow Secure Event Logging format.

Cloning MENDEL instances from VM templates
Allows the cloning of existing MENDEL instances in a virtual environment for faster deployment without installation. 

DB Optimizations and maintenance processes
Optimization and improvement for faster processing in user interface response for large networks. 

Extended protocol detection
Improvements in flow processing, with better flow direction for greater accuracy as well as support for dealing with asynchronous flows.

Samba backup
Enhanced configuration and password handling of data backup to Samba share, including a better connection error handling and consistency check for more reliable backup in the event of a backup error.

OTHER IMPROVEMENTS

Removed deprecated IDS signatures from Proofpoint
Added a certificate valid date into TLS protocol
Added the option to cancel data requests to most pages
Added support for Citrix Xen virtualization platform
Enhanced processing for false positives for external networks
Improve the processing of network statistics on a huge number of subnets in the User Interface
Enhanced reporting for Active Directory errors during processing logs
Enhanced port filter with full text
Added IPv4 Link-local subnet (APIPA) to default subnets
Updated Dell hardware monitoring tools to the latest version
Upgraded to latest Intel 10Gbits network cards drivers
Removed deprecated blacklisted sources

FIXED ISSUES

In general, our development team focused on improving user experience and reporting, as well as more improvements to user experience, system stability, and performance.

MENDEL PRODUCT SUPPORT

Full support is provided for the new released version 3.6.0 and previous version 3.5.x. Limited support is provided for previous version 3.4.x. Versions 3.3.x and older are no longer supported, end-users with valid support and maintenance or active SW subscription can upgrade to the supported version(s).