Breach Detection Service Upgrade

At CyFlare, we are committed to providing continuing innovation across our security platforms.  For our customers, that means they can trust they are consistently protected with the most leading-edge products and services we offer. CyFlare is excited to announce the latest version of our Breach Detection System! Upgrading to the latest release lets our customers take advantage of the innovation being created at CyFlare. 

Version 3.6.0, releasing tonight, May 14th at 9:00pm EST brings many new features and improvements to the Breach Detection Service, including improved detection and machine learning, enhanced user interface and dashboard, customization options, and more. 


  • Improved detections and machine learning
  • Introducing AWS VPC traffic mirroring native support
  • Introducing new event exclusion filter option
  • Introducing an option to place custom logo to reports
  • Introducing Syslog over TLS option 
  • Improved data ingestion
  • Additional log parsing capability to speed up ingestion
  • Bug fixes within the UI
  • Page loading speed increased
  • Dashboard performance
  • Dashboard Navigation
  • Report Performance improved
  • Windows & Linux Agent performance improved

More Data Ingestion With Better Control 

We made the following improvements to existing ingestion capabilities: 

  • Improved the Cylance ingestion to ingest multiple tenants’ data with a single connection/parser 
  • Improved the parser for Cisco ASA ingestion 
  • Added native support for AWS VPC traffic mirroring 
  • Added support for syslog over TLS 

Improved User Interface and Navigation 

  • Improved page loading performance
  • Improved the navigation tracing by introducing unique URLs per sub-page for a more typical website experience. 
  • You can:
    • See the menu path on your browser URL bar  
    • Share and navigate directly to the desired destination by using the exact path
    • Use browser back/forward navigation to switch between pages and browsing history 
  • Introducing the ability to open new browser tabs/windows from a reference object inside the page in order to drill down on that as an additional view without losing the current view

New Ingestions:

  • Crowdstrike (Port 5143) 
  • SentinelOne over TLS (Port 5175) 
  • NetIQ Access Manager over TLS (Port 5142) 
  • Cisco Meraki (Port 5172) 
  • Palo Alto Traps (Port 5143) 
  • Automox (Port 5183) 
  • Privacy-I (Port 5178) 
  • PrintChaser (Port 5179) 
  • SafePC (Port 5180) 
  • DBSafer (Port 5181) 
  • Sniper IPS (Port 5182) 

More on Detections:  

  • Introducing a new data source to detection matrix and integration level page: 
  • Improved “Impossible Travel Anomaly” interflow to represent both login events that were compared to make the detection on original ID fields for easier tracking.  
  • Improved Machine Learning models on: 
    • Detect → Killchain → Reconn → Scanner Behavior Anomaly 
    • Detect → Killchain → C&C → Command & Control Reputation Anomaly 
    • Detect → Killchain → Exploit → Uncommon Process Anomaly 
    • Detect → Killchain → Exploitation → Private To Private Exploit Anomaly 
    • Detect → Killchain → Exploitation → Private To Public Exploit Anomaly 
    • Detect → Killchain → Exploitation → Public To Private Exploit Anomaly 
    • Detect → Killchain → Exploitation → Public To Public Exploit Anomaly 
    • Detect → Killchain → C&C → Command Anomaly 
    • Detect → Network Traffic Analyzer → Outbytes Anomaly 
    • Detect → Network Traffic Analyzer → Bad Source Reputation Anomaly 
    • Detect → Network Traffic Analyzer → Sql Anomaly 
    • Detect → Network Traffic Analyzer → User Agent Anomaly 
    • Detect → Network Traffic Analyzer → Firewall Policy Anomaly 
    • Detect → Network Traffic Analyzer → Network Uncommon Application Anomaly

Introducing Event Filter:

  • Added a new way to remove data from detections. You can now select any combination of fields and values to exclude from future detections.  
    • For example, you can select the “Event” Thumbs Down to exclude anything matching srcip: A.B.C.D and tenant:acme and event_name:login_failure to avoid any future login failure detections from that source IP of that tenant.  
  • You can also add a comment to each exclusion rule to explain the reason and put a reminder for future reference.  

Improvements for Even Better User Experience!  

  • Moved the Panoramic view to the investigation menu from the detection menu.  
  • You can now import a custom logo to exported reports. You can configure an account level and partner level logo to brand the exports.  
  • Improved the report generation engine performance around 5X to generate/send more reports in a shorter time frame. 
  • Added a new 30 day risk score history graph to the user profiles to give you a quick glimpse at the progression of risk for the investigated user.  
  • Improved the representation of timestamps under event details by using a uniform format. Human readable time is now put right next to Epoch time in brackets to make it easy for everyone to understand each time field value.  
  • Added the ability to copy a link to an event and go directly to the event details through that link for easy sharing of event details in between tools and admins.  

No comment yet, add your voice below!

Add a Comment