What's new in Advanced Threat Defense 4.12.0

Releases can introduce new features and enhancements or update platform support.

New features

This release introduces new features or improves existing features:

  • Enhancement in URL Scanning in Email — Email connector can now extract and analyze URLs within the email body.
  • Support non-management port for SMTP — Now configure any ethernet port to receive SMTP connections to the EC module. A new command to the CLI interface allows setting of any interface port to be used for EC SMTP submission.
  • Block port 24 & 8505 when not in UsePort 8505/8506 (ipsservice) & port 24 (lbctrl) can be blocked now when not in use by using CLI commands. By default, port 24 and port 8505 are enabled, when disabled load balancing and NSP won't work.
  • Report Enhancements for Network BehaviorAdvanced Threat Defense now reports the following additional information:
    • HTTP GET requests URLs
    • HTTP POST request URLs
    • GTI Reputation for GET/POST request
  • Network Activity Analysis for detecting Malware and improving ATT@CK coverageAdvanced Threat Defense collects network traffic from the sandbox for each sample. With this release, Advanced Threat Defense can now analyze those network captures and provide more information regarding the network activities of the sample. By default, network scan status is enabled and you can Disable it from CLI commands.
  • Compressed file typeAdvanced Threat Defense now supports xz compressed file type.
  • Enhancements to MITRE coverageAdvanced Threat Defense now covers these MITRE techniques:
    • Spearphishing Attachment
    • Spearphishing Link

Note: Advanced Threat Defense 4.12 is migration only release.