Defants AIR version 1.16
A new step for Defants AIR: version 1.16 is now available!
Here are the main new features and improvements that this update brings:
Integration with Velociraptor EDR
With our new integration with Velociraptor EDR, you can now collect forensic data from Windows and Linux endpoints. This enhancement provides greater flexibility for investigation and incident response.
Velociraptor agents download
We make it easy to download and deploy Velociraptor agents directly from our platform, with agents generated specifically for your Velociraptor EDR server. You can choose between :
- Windows installer (MSI)
- Linux packages (DEB/RPM)
- Configuration file to generate other packages to suit your needs
Multi-EDR support
Our platform now supports the configuration of multiple EDR solutions simultaneously, including Velociraptor and HarfangLab. This feature offers flexibility to adapt your cybersecurity operations to your specific needs.
Complete data export
A new option under Settings > System allows you to export all platform data, including:
- The graph
- Reports
- Microservices settings
- Threat intelligence rules
The data is bundled into an encrypted ZIP file, secured with a user-defined password, ensuring security during transfer and storage.
New and improved microservices
New Jumplist microservice
Analyze Windows Jumplists to gain insights into recent file usage and access patterns.
New Edge microservice
The Edge microservice allows for the analysis of browser history and downloads, further enhancing the platform’s forensic capabilities.
Registry Shellbags analysis
The reghive microservice now includes analysis of Windows registry Shellbags, enabling precise reconstruction of user activities and file access patterns.
O365 Microservice enhancement with Azure
The O365 microservice now supports the analysis of CSV log files containing user connection logs from Microsoft Defender for Identity, improving the detection of potentially suspicious activities.
NTFS Zone Identifier support
The NTFS microservice now analyzes Zone Identifiers in the NTFS file system, helping to determine file origins and assess potential security risks.
WMI Event Log analysis
The evtx microservice now supports the analysis of WMI event logs, providing comprehensive details on system activities and enhancing anomaly detection.
Manual score removal
It is now possible to manually remove assigned scores via the contextual or top menu, helping to reduce false positives.
With the 1.16 release, Defants AIR takes another step forward in cybersecurity enhancement, offering more powerful forensic analysis tools, multi-EDR integration, and microservices. These advancements empower users to strengthen their investigation capabilities and adapt their protection strategies with greater flexibility.