Defants AIR version 1.15
A new step for Defants AIR: version 1.15 is now available!
Here are the main new features and improvements that this update brings:
Extended persistence detection
- Defants AIR now offers broader coverage of Windows persistence mechanisms. An expanded range of registry keys and related artifacts is now detected and represented in the graph, ensuring a more exhaustive analysis.
Enriched semantic representation
- New semantic links: We have introduced new vocabulary (BOOT_START, SYSTEM_START, LOGON_START, AUTO_START) to enhance and better represent the knowledge graph semantically.
This allows for a better understanding of persistence mechanisms and facilitates more effective threat detection.
New effect type: system.service
- Enhanced visualization of system services: We are introducing a new effect type, system.service, to accurately represent system services in the knowledge graph.
The introduction of this new effect not only further enriches the semantic representation of the incident but also enhances the ability to track malicious activities.
Rapid Search
- Pivot by name: With the new quick search feature, simply select a node and press SHIFT+F to search for effects with the same name in the knowledge graph.
This feature enhances the search process and enables more efficient exploration of relationships within the graph.
System robustness and performance
- Enhanced efficiency: Major improvements have reduced resource consumption, eliminated load spikes, and increased stability. Large files are now processed faster, providing a smoother user experience.
- Thorough load testing: Extensive load tests have been conducted to validate the processing of larger DFIR data volumes and ensure the system’s robustness during periods of high demand.
The Defants team is committed every day to improving the efficiency and clarity of our tools to better meet your cybersecurity needs. Explore the full potential of our Defants AIR platform now to stay ahead in your threat investigation activities.