\u201cCompromise Assessment Mode\u201d includes only matches of the highly successful rules. The second mode is the \u201cDeep Inspection Mode\u201d. This view is basically how it used to be (the old default view). It shows all Alerts and Warnings unless they are already part of an existing case. <\/span><\/p>\n[\/et_pb_text][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/07\/Screenshot-2022-07-18-at-17.49.44.png” title_text=”Screenshot 2022-07-18 at 17.49.44″ _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
This new \u201cCompromise Assessment Mode\u201d dramatically reduces our customer\u2019s baselining effort. <\/span><\/p>\nIn our tests we noticed a decrease of events in the Baselining section of more than 90%. We believe that especially entities that follow our \u201cContinuous Compromise Assessment\u201d approach should switch into this new mode. <\/span>We’ve also challenged the new mode with the post exploitation tools and techniques found in the context of HAFNIUM \/ Exchange exploitations in March 2021 and covered almost every aspect of the attacks in the new view.<\/span><\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
Asset Labels<\/span><\/h1>\nAnother exciting new feature that comes with Analysis Cockpit version 3.5 is an event filter based on asset labels. This was requested by many of our customers and partners, but until now we never found a way to deliver this feature without negatively affecting the Cockpit\u2019s performance. We solved this now by allowing two limitations to this feature. It doesn\u2019t work for events that existed prior to the update. Secondly an event always remains linked to the asset label it had at the time the event occurred. Changing an assets label will only affect events from scans that take place after the label change.<\/span><\/p>\n[\/et_pb_text][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/07\/Screenshot-2022-07-18-at-18.48.24.png” title_text=”Screenshot 2022-07-18 at 18.48.24″ _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
Other Changes<\/h1>\n\n- Hidden static filters in certain views<\/li>\n
- Minor bugfixes and stability improvements<\/li>\n<\/ul>\n
[\/et_pb_text][et_pb_text _builder_version=”4.17.6″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″]<\/p>\n
Release<\/h1>\n
The new Analysis Cockpit will be released in the 2nd half of August.\u00a0Interested customers can get a guide to use the “preprod” version of Analysis Cockpit 3.5.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context “success” means, that the detection uncovered malicious activity in the wild and at the same time had a low anomaly and false positive rate. Additionally we also consider a detection to be successful that caused little or no false positives or anomalies. All this lead to two new views within the Cockpit\u2019s Baselining section: \u201cCompromise Assessment Mode\u201d and \u201cDeep Inspection Mode\u201d. \u201cCompromise Assessment Mode\u201d includes only matches of the highly successful rules. The second mode is the \u201cDeep Inspection Mode\u201d. This view is basically how it used to be (the old default view). It shows all Alerts and Warnings unless they are already part of an existing case. This new \u201cCompromise Assessment Mode\u201d dramatically reduces our customer\u2019s baselining effort. In our tests we noticed a decrease of events in the Baselining section of more than 90%. We believe that especially entities that follow our \u201cContinuous Compromise Assessment\u201d approach should switch into this new mode. We’ve also challenged the new mode with the post exploitation tools and techniques found in the context of HAFNIUM […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[36,749,46,1],"tags":[90,678,69,152,666,162],"class_list":["post-13644","post","type-post","status-publish","format-standard","hentry","category-asgard-analysis-cockpit","category-homepage","category-newsletter","category-nextron","tag-analysis","tag-cockpit","tag-compromise-assessment","tag-mode","tag-release","tag-threat-hunting"],"yoast_head":"\n
New Analysis Cockpit 3.5 - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"New Analysis Cockpit 3.5\",\"datePublished\":\"2022-07-29T09:31:21+00:00\",\"dateModified\":\"2024-04-12T14:33:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\"},\"wordCount\":677,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"analysis\",\"Cockpit\",\"compromise assessment\",\"mode\",\"Release\",\"threat hunting\"],\"articleSection\":[\"ASGARD Analysis Cockpit\",\"Homepage\",\"Newsletter\",\"Nextron\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\",\"name\":\"New Analysis Cockpit 3.5 - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2022-07-29T09:31:21+00:00\",\"dateModified\":\"2024-04-12T14:33:27+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Analysis Cockpit 3.5 - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"New Analysis Cockpit 3.5","datePublished":"2022-07-29T09:31:21+00:00","dateModified":"2024-04-12T14:33:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/"},"wordCount":677,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["analysis","Cockpit","compromise assessment","mode","Release","threat hunting"],"articleSection":["ASGARD Analysis Cockpit","Homepage","Newsletter","Nextron"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/","url":"https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/","name":"New Analysis Cockpit 3.5 - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2022-07-29T09:31:21+00:00","dateModified":"2024-04-12T14:33:27+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2022\/07\/29\/new-analysis-cockpit-3-5\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/13644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=13644"}],"version-history":[{"count":9,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/13644\/revisions"}],"predecessor-version":[{"id":13853,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/13644\/revisions\/13853"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=13644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=13644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=13644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}