Data sources and objects capture
EtherSensor EtherCAP service:
[+] Traffic capture engine was updated.
[+] Support for RSS technology. Hardware acceleration support was added for processing traffic in multicore systems using standard equipment.
[+] Integration with the updated IPC at the operating system kernel level was added.
[+] Processing of traffic streams up to 20 Gbit was added.
[+] Resource usage was decreased by a factor of 4.
[+] Capture and processing of WebSocket protocol was added.
[+] Capture and processing of SMB1 and SMB2 protocol was added.
[+] ICQ and MRA protocols were updated.
[+] WEB tunnels decapsulation (CONNECT method, WebSocket) was added.
[+] SOCKS tunnels decapsulation, recognition and processing for protocols in SOCKS was added.
[-] Errors were fixed in IMAP4 processing.
Captured objects analysis:
[+] IPC (Inter Process Communications) engine was updated.
[+] Speed of real time data processing was increased.
[+] Resource usage was decreased by a factor of 2.
[+] HTTP request processing was extended, support for ACL, AJAX, BAN, BASELINE-CONTROL, BCOPY, BDELETE, BIND, BITS_POST, BMOVE, BPROPFIND, BPROPPATCH, CCM_POST, CHECKIN, CHECKOUT, CONNECT, COPY, DELETE, GET, HEAD, HTML, INVOKE, JSON, LABEL, LINK, LOCK, LOG, MERGE, MKACTIVITY, MKCOL, MKREDIRECTREF, MKWORKSPACE, MOVE, M-SEARCH, NETHCMD, NOTIFY, OPTIONS, ORDERPATCH, PATCH, POLL, POST, PROPFIND, PROPPATCH, PURGE, PUT, REBIND, REPORT, REQMOD, RESPMOD, SEARCH, SCRIPT, SOURCE, SUBSCRIBE, TRACE, UNBIND, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, UPDATE, UPDATEREDIRECTREF, VERSION-CONTROL, X-MS-ENUMATTS methods was added.
[+] A possibility to generate an HTTP request log in CEF format to deliver to SIEM systems was added to HTTP filter.
[+] Detection of WebSocket based chats (Skype, Mobile Applications, Web Chats) was added.
[+] Web WhatsUp (contact lists, user identification) events processing was added.
[+] Detection of Google Protobuf (Gmail) based messages was added.
[+] Detection of Web Skype messages was added.
[+] Detection of Web ICQ, MRA (Mail.ru Group) messages was added.
[+] Detection of file transfer via SMB1 and SMB2 protocols was added.
[+] Web detectors were updated: !generic,!fileupload, accounts, facebook.com, google.com, mail.ru, mamba.ru, odnoklassniki.ru, vkontakte.ru, yandex.ru.
Delivering analysis results to consumer system:
[+] IPC integration was added.
[+] Resource usage was decreased by a factor of 2.
[+] Message delivery via SYSLOG protocol. Forming messages for SYSLOG protocol was customized via the integration with Lua script language. A possibility to form messages in custom formats was added.
[+] Message delivery via SYSLOG protocol using TCP was added, SSL support was implemented.
[+] A module of LUA integration was added to send via SYSLOG protocol in CEF format. Example consumers: Splunk, HP ArcSight, IBM QRadar, LogRhythm, EMC-RSA NetWitness, McAfee Enterprise Security Manager/NitroView, Symantec Security Information Manager (SSIM).
Logging:
[+] EtherSensor log records were translated and are now being logged in English.
[+] HTTP request log in CEF format was added.
Configuration console:
[+] Update service was integrated into Ethersensor installation package.
News 