What's new in version R1.7
- Logging user actions
To monitor the history of PT TAD user actions, you can now download logs of user actions for a specified period in the CSV format.
- PT TAD health monitoring
PT TAD now contains a set of SNMP trap rules, which allows you to monitor the product health using an SNMP manager. Among parameters available for monitoring are disk space and memory usage, CPU load, sensor statistical information (amount of captured traffic, triggered correlations, etc.).
- Sending scheduled statistical reports
You can now configure PT TAD to send statistical reports according to a specified schedule. You can limit report data to specific attacks by creating filters by attributes within scheduled report rules. You can send scheduled reports to your own email address or to external recipients (up to 10 email addresses).
- Sending notifications of detected attacks
You can now configure PT TAD to send notifications to your email address or a syslog server if the number of detected attacks reaches a specified threshold. For example, you can configure notifications to be sent if 10 or more attacks are detected during an hour. You can also create filters by attribute within notification rules to send notifications only of specific attacks (for example, of a specified type or from a specified country).
- New attack types
New signatures have been developed, which allows PT TAD to detect new types of attacks including those of Diameter Category 2 and Category 3. Obsolete signatures have been removed (for instance, those related to CL Request (suspicious), ForwardSM Aborted, and SAI Suspicious attacks).