GREYCORTEX Mendel 4.6

Clearer Context, Faster Investigations, and Smoother Workflows

Mendel 4.6 focuses on making investigations more efficient and network context easier to understand. The new version improves how analysts work with packet data, host identity, and application-layer information, while extending support for enterprise identity standards. Together, these updates help teams confirm findings faster, reduce manual steps, and operate Mendel more effectively in large and complex environments.

GREYCORTEX Mendel 4.6 Features List ->

Track Host Identity Changes with Hostname History

Devices in a network rarely keep a single identity. Laptops move between networks, systems are reimaged, and different protocols may report different hostnames. As a result, analysts often struggle to confirm whether multiple events belong to the same device.

Hostname History and Identity Tracking provides a unified view of how a host’s name changes over time. Mendel 4.6 continuously collects and correlates hostname information from multiple network sources and presents it as a single, time-based identity record per host.

With this capability, analysts can: 
  • Recognize the same device even when its hostname or IP address changes.
  • Follow suspicious activity across different network contexts.
  • Quickly determine whether multiple alerts relate to one host or several.

The result is clearer investigations and better visibility into devices that move, are renamed, or rebuilt.

Identify Devices With Application-Layer Data

Many devices in modern networks communicate in similar ways at the network layer. Without structured application-layer context, analysts lack the information needed to accurately identify device roles and expected behavior — especially in mixed IT and OT environments.

Mendel 4.6 addresses this by extracting and structuring protocol-level metadata and linking it directly to hosts. This turns raw traffic into clear indicators of device role, service usage, and communication behavior.

With this capability, analysts can:
  • Spot unusual or unexpected protocol usage across IT and OT environments.
  • Search and filter hosts by application attributes and service characteristics.
  • Use application-layer details to add context to detections during investigations.

The new version improves asset classification, accelerates investigations, and provides clearer context for detections and alerts.

Join Our Webinar: Mendel 4.5 and 4.6 in Practice

See how recent features are used in real-world scenarios, from investigations to daily operations.

Date: February 5, 2026 at 10:00 a.m. CET / 5:00 p.m. HKT

Register for the webinar

Investigate Faster with a Unified PCAP Workspace

Mendel 4.6 introduces a unified PCAP workspace that brings capture and replay into one place, with access to PCAPs from all connected sensors. This allows analysts to move directly from alerts to packet-level evidence, speeding up validation and investigation.

With this capability, analysts can:
  • Replay captured traffic to confirm detection details and understand activity in context.
  • Search and filter packets by time, IP address, or session.
  • Correlate traffic flows across IT and OT environments.

The result is faster, more confident investigations with direct access to packet-level evidence, streamlining the retrospective investigation workflow.

Extend Identity Integration with SAML Support

Mendel 4.6 extends identity integration with SAML support, complementing existing LDAP, Kerberos, and OAuth options. This allows security teams to connect Mendel to enterprise SSO platforms and align access control with established identity and authentication policies.

With this capability, administrators can:
  • Enable web-based Single Sign-On using corporate identity providers.
  • Manage authenticators through a clearer, more flexible configuration interface.
  • Secure API access using OAuth2 client credentials and scopes.

The result is simpler user onboarding, consistent access control across environments, and better alignment with enterprise identity standards.

Additional Updates

Flow-Preserving Hardware Bypass for Napatech

High-performance sensors using Napatech adapters now support a flow-preserving hardware bypass mode that reduces CPU load while keeping flow size, timing, endpoints, and metadata.

Zabbix Integration Update for Asset Information

The Zabbix integration now aligns asset data with Mendel’s standardized Asset Information tags. Vendor, model, firmware, and device type details are displayed consistently for each host.

OpenAppID Framework
Upgrade

Mendel has been updated to support the latest OpenAppID framework and signatures, improving application and protocol identification.

Do you want to know more about new features?

Leave us a note. We will get back to you and discuss how GREYCORTEX Mendel can help secure your organization.

Your information will be used to answer your questions. We might send you additional information from GREYCORTEX about the company, its Mendel network detection and response solution, the features of the solution, etc. In such cases, you can unsubscribe at any time.