Release notes 10/16/2024
This release introduces Auto Thresholding to Detection Models and a new NetoFlow Connector container build.
Auto Thresholding for Detection Models
The new Auto Thresholding feature employs machine learning to automatically adjust threshold values for triggering events in detection models. These thresholds are set based on deviations from normal traffic patterns observed during a learning phase. Once sufficient traffic is collected, the model adjusts the thresholds dynamically. Depending on the configuration, thresholds for Low, Medium, and High severity levels are generated automatically.
For detailed information, see Auto Thresholding.
Auto Thresholding Enabled for anomalous_traffic_s3
anomalous_traffic_s3The anomalous_traffic_s3 Detection Model, which detects anomalous outbound data over HTTPS to Amazon S3, is the first system Detection Model to include Auto Thresholding. This enhancement allows the model to dynamically set thresholds based on observed traffic behavior.
Additional Documentation for Detection Models
Additional resources have been provided to help you understand detection models and create your own:
If you're creating your own detection model, our Detection Engineers are here to assist you. Connect with us via the #fusion-detections channel in Netography's Discord community or contact Support directly.
For more details, visit Support.
NetoFlow Connector – Now Available as a Container
The NetoFlow Connector, previously available as a Linux software package, is now also available as a Docker-compatible container. This new option simplifies deployment across environments.
For more information on setting up NetoFlow, refer to the following resources: