2. The new features
2.1. Sigflow detection engine
2.1.1. Engine update
The Sigflow engine was updated.
This update contains new features and fixes for previously published critical vulnerabilities.
2.1.2. Multi-tenant management
The multi-tenant functionality has been improved.
When a new ruleset is applied, the detection assembler reloads the rules without restarting.
2.1.3. Support for new OT protocols
Support for the following protocols has been added:
S7COMM
OPCUA
CCSDS
DICOM
HL7
BACnet
2.1.4. ERSPAN support for flow capture
It is now possible to use ERSPAN to create a GRE tunnel between a GCap monitoring interface and a switch interface in order to send the flows to be inspected.
It is possible to filter the events of the SMB protocol according to the operations performed through it.
2.1.5. Shellcode-Detect / Powershell-Detect: addition of community ID
The community ID has been added to events generated by the Shellcode-Detect and Powershell-Detect engines.
2.2. Virtualization of the probe
2.2.1. AWS Support
AWS support has been improved.
2.3. System
2.3.1. System update
The system has been updated.
2.3.2. Log management
Some temporary logs are now retained after the probe restarts, to facilitate diagnosis in the event of problems.
2.3.3. Command line interface
Autocompletion is now available for network interface names.
2.4. Installation
2.4.1. Storage prerequisites
It is possible to install a GCap probe on a 100 GB partition.
2.4.2. UEFI support
UEFI support has been improved.
2.5. Update process
The update process with rollback capability has been improved.