MDR Agent Version 4.6.10
MDR Server Version 2.127.0
Binary Defense has released a new version of MDR. Highlights include new productivity features, important new Windows detections, and a variety of routine fixes.
All servers have been updated to the latest release. MDR Agent software will update over the next few weeks for all clients except those who have previously opted out of updates. If you are currently receiving updates and would like to opt out of this one, please send your request [email protected].
Mitre ATT&CK Mapping
Where applicable, alarms now contain corresponding links to the Mitre ATT&CK Framework, providing additional attack context in order to help guide response. Users can find this new information on the full alarm page and in all tickets.
Asset Contact Report
A new email report has been added to help identify assets that have not transmitted event activity to the server within a configurable time period. Default settings are for one week of no contact and emailed once a week. Reports can be sent to an individual email or a distribution list. To take advantage of this feature, please send a request to [email protected].
OS Support Additions
Support added for MacOS Big Sur and Ubuntu 20.04.
Portal Enhancements
There have been several portal productivity enhancements: New bandwidth charts, read/unread state for alarm links, and additional flags on alarms in the alarm page call out renamed executables. These enhancements will help all users work more efficiently.
Additional Detections and Alarm Enhancements
- Scheduled Task detections (Win)
- Windows 10 Group Policy Bypass Attack Alarm (Win)
- Support for PSCredentials as a suspicious string (Win)
- Outlook Home Page attack alarm (Win)
- Additional Windows Defender alarms (Win)