New Features

GPO Deployment Documentation and Scripts

• We have added detailed instructions and pre-configured scripts to help system administrators deploy the software across Active Directory domains using standard Windows Server management tools.
• This update makes GPO-based deployments easier to configure, more reliable, and faster to implement in enterprise environments.
• All deployment instructions and configuration scripts are available in the ACSIA SOS UI.

What is a GPO?

In simple terms, GPO (Group Policy Object) deployment is a way to automate software installation across a whole network from a central server.

Instead of manually installing the software on each workstation, administrators can now use centralized policies to distribute and configure it automatically on all domain-joined computers.

For more information, please take a look at the linked documentation: Microsoft Learn

If you have any questions or need assistance with the new features, our support team is here to help.

The post ACSIA SOS V.8.7.3 – Release Notes appeared first on Dectar.

New Features

• AI-Powered Security Incident Analysis
  Security incident analysis is now enhanced with integrated AI capabilities.
  For each incident, the AI:
  • Identifies the type of security event.
  • Classifies the activity as legitimate, malicious, or suspicious.
  • Suggests recommended actions and verification steps when suspicious or malicious behavior is detected.
  This helps analysts accelerate triage, reduce false positives, and focus on the most critical threats.
• Advanced Reporting (PDF Export)
  Reporting capabilities have been expanded with the ability to:
  • Download a PDF report for a single security incident.
  • Export a PDF report of the entire dashboard, providing a consolidated view of the security posture.
  These reports are designed for operational reviews, audits, and executive communication.
• Asset Inventory Reporting (Excel Export)
  Asset visibility is further improved with the ability to download an Excel report of the Asset Inventory for a single device.
  For Windows systems, the report includes:
  • A detailed list of hotfixes with direct links to the corresponding Microsoft support documentation.
  This feature simplifies vulnerability assessment, compliance checks, and patch management activities.

If you have any questions or need assistance with the new features, our support team is here to help.

The post ACSIA SOS V.8.6.1 – Release Notes appeared first on Dectar.

We’re thrilled to announce ACSIA SOS v8.2.1, a milestone release that brings AI innovation and broader infrastructure coverage — from endpoints and firewalls to mobile devices — delivering truly unified protection across your entire digital perimeter.

New Features

AI Detection Rules Generator
Writing detection rules has never been easier. With the new AI-powered Sigma Rules Generator, anyone can create advanced detection logic simply by chatting with AI — no need to be a cybersecurity expert.
Describe what you want to detect in plain language, and the AI will generate a Sigma rule ready to be reviewed and inserted directly into the ACSIA SOS platform.

Frontend Sigma Rules Management
In addition to AI generation, you can now add, edit, and manage Sigma rules directly from the ACSIA SOS frontend.
This gives full control over rule customization and maintenance, enabling faster tuning, testing, and response — all without leaving the platform.

Mobile Protection
The ACSIA SOS security ecosystem continues to grow — from clients and servers to firewalls, and now mobile devices.
Through secure VPN-based coverage, mobile traffic is continuously monitored and filtered using the same intelligence that protects your core infrastructure.

Firewall Integration: Amazon WAF Added
We’ve expanded our firewall family!
ACSIA SOS now integrates with Amazon WAF, alongside WireGuard, pfSense, and FortiGate.
This allows you to block malicious actors at the perimeter, before they can reach your internal systems — just like keeping enemies outside the castle walls.
With this addition, all your network and cloud frontlines can now leverage ACSIA SOS’s threat intelligence to protect every device behind the firewall, even those without an agent.

Fixes

Updated Agent for Ubuntu 20 & 22
Released a new version of the ACSIA SOS agent that resolves compatibility issues related to iptables on some Ubuntu 20.04 and 22.04 systems, improving reliability and stability across deployments.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.8.2.1 appeared first on Dectar.

New Features

Firewall Integration: WireGuard Support

We’re introducing support for WireGuard-based environments as part of our growing firewall integration capabilities.

This new feature allows ACSIA SOS to enforce threat intelligence at the network level in infrastructures where WireGuard is used for secure remote connectivity.

How it works

ACSIA SOS leverages a dedicated script that periodically fetches malicious IP threat feeds via URL. These feeds are then applied to the system’s firewall rules associated with WireGuard interfaces, enabling automatic, real-time blocking of suspicious IP addresses.

Key Benefits

• Automated IP blocking based on continuously updated threat intelligence
• Enhanced security for environments where WireGuard is preferred due to its speed and lightweight nature
• Zero-touch configuration once enabled – the process runs automatically in the background

With the addition of WireGuard, ACSIA SOS now supports FortiGate, pfSense, and WireGuard firewalls, ensuring broader protection across hybrid and remote infrastructures.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.8.1.0 appeared first on Dectar.

New Features

pfSense Firewall Integration

We’re excited to introduce our new pfSense firewall integration, built to deliver proactive, network-wide protection—just like our existing Fortinet firewall integration.

With this powerful upgrade, ACSIA SOS automatically creates firewall rules in pfSense to block malicious IPs and Indicators of Compromise (IOCs), extending protection to all devices behind your firewall—not just those monitored by ACSIA SOS.

• Proactive Defense: Preemptively block known malicious IPs using global threat intelligence—before threats even reach your network.
• Reactive Response: Instantly block malicious IPs in real time when suspicious activity is detected on any ACSIA-monitored device.

This integration turns your pfSense firewall into a dynamic enforcement point—automated, intelligent, and always up to date.

Smarter protection. Broader coverage. Zero manual effort.
Stay ahead of threats with ACSIA SOS and pfSense.

Incident Notes Field

Say hello to smarter collaboration and audit-ready incident tracking with our new Incident Notes Field.

You can now add and manage notes directly within each incident, building a time-stamped history of decisions, actions, and insights. Whether you’re actively investigating or closing out an alert, everything is documented in one place.

• Historized Notes: Each entry is logged chronologically, ensuring a clear and traceable incident timeline.
• Collaborative Context: Team members can contribute over time, improving transparency and shared understanding.
• Clearer Closures: Document the reasoning behind resolutions to build confidence and accountability.

Keep track. Stay aligned. Close with confidence.

Improvements in v7.8.0

Improved Device & Incident Filtering

We’ve made it easier than ever to find what you’re looking for. Both the Device and Incident sections now support IP filtering with “LIKE” functionality, allowing partial IP matches.

This makes subnet-level investigations and bulk asset reviews faster and more flexible.

Smarter filtering. Faster investigations. More control.

UI Enhancements That Improve Clarity and Actionability

The ACSIA SOS interface just got better—with a refreshed look and features that enhance both usability and response speed.

• Updated Icons: Clean, modern visuals create a more intuitive experience across the platform.
• Enhanced Incident Detail View:
  • Attacker IP Intelligence: Click “Get more information” to instantly view enriched data about the attacking IP.
  • Direct Action Buttons: Take action in real time with one-click access to ban, isolate, or respond directly from the incident view.

These updates are designed to streamline your security operations and reduce time-to-response.

Better visuals. Deeper insight. Immediate action.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.7.8.0 appeared first on Dectar.

1. Incident Notifications via Telegram
   You can now receive real-time incident notifications via Telegram!
   With this feature, you’ll get instant updates on security incidents, including:
   • Incident category and severity (High, Critical, Medium, etc.)
   • Brief incident details, including the affected device and its IP address
   • Attacker IP (if available) – clicking on it allows you to check its details using a public lookup service
   • Attacker geolocation data – see where the IP is located
   • Direct access to the incident overview – clicking the “View Incident” link will take you to ACSIA SOS for a full analysis (login required)
     
     Why is this important?
   • Stay informed instantly, without needing to check emails or dashboards.
   • Respond to security threats faster, improving your organization’s protection.
   • Get critical insights at a glance, including attacker details and geolocation.
     
     Important: We strongly recommend using a private Telegram channel for notifications to keep your security data safe and confidential.
     
2. Incident Notifications via Mattermost
   You can now receive incident notifications via Mattermost, just like with Slack and Teams!
   With this integration, you’ll get real-time alerts directly in your Mattermost workspace, including:
   • Incident category and severity (High, Critical, Medium, etc.)
   • Brief incident details, including the affected device and its IP address
   • Attacker IP (if available) – allowing quick identification of potential threats
   • Direct access to the incident overview – click the “View Incident” link to jump straight into ACSIA SOS for further analysis (login required)
     
     Why is this important?
   • Instant visibility: No need to check emails or external dashboards—get alerts where your team already collaborates.
   • Faster response times: Immediate awareness means quicker action to mitigate threats.
   • Seamless integration: Works like Slack and Teams, making it easy to adopt.
     
     By enabling Mattermost notifications, you ensure your security team stays informed and ready to respond—without disrupting their workflow.

Improvements in v.7.7.0

1. Enhanced Incident Details Visibility More details are now displayed directly in the incident list, reducing the need to open each incident.
   • Executable File Dropped: Detected processes are now shown directly in the list.
   • Multiple Windows Logon Failures: The username that failed to log in is now shown directly in the list.
   • Sysmon: Detected processes are now shown directly in the list.
     
2. Incidents and Devices Section
   Added the option to sort incidents by IP for easier investigation.
3. Incident Filters Introduced a dropdown menu to filter incidents by category without manually entering the category name, making filtering faster and more user-friendly.
   

If you have questions or need assistance, please reach out to our support team.

The post Release Note ACSIA SOS V.7.7.0 appeared first on Dectar.

New Features in v7.6.0

1. Firewall Integration ACSIA SOS now integrates with Fortigate firewalls, offering a unified view of your infrastructure and enabling seamless communication for enhanced threat response.
   • Unified Device Overview:
     The ACSIA SOS interface now displays detailed information about your firewall alongside your other devices (servers and clients). This centralized view allows you to monitor and manage your entire infrastructure from a single platform.
   • Dynamic Rule Creation via API:
     When ACSIA SOS detects a threat and applies an IP ban as remediation, it communicates with the firewall via API to automatically create corresponding rules. These rules are not pre-existing in the firewall, ensuring effective enforcement of bans at both the ACSIA SOS and firewall levels.
   • Secure Token-Based Communication:
     The communication between ACSIA SOS and Fortigate is secured with token-based API authentication. The token must be generated by an administrator using the Fortinet GUI and is designed to be exclusively used by ACSIA SOS for security purposes.
   • Guided Setup:
     When adding a device of type “firewall” in the ACSIA SOS interface, users are provided with a detailed guide on generating the API token in the Fortinet GUI, making the integration process straightforward and secure.
     
2. Device Tags
   Users can now create and apply custom tags to multiple devices within the same tenant. This feature simplifies device organization and enhances management capabilities, making it easier to classify and track devices based on specific criteria.  

Improvements in v.7.6.0

1. Enhanced Password Security
The length of passwords automatically generated for accessing the compliance Wazuh dashboard has been increased from 10 to 32 characters, providing significantly stronger protection against unauthorized access.

2. Bulk Actions in Device Management
A new bulk actions feature has been added to the device management section, allowing users to select multiple devices and perform actions on them simultaneously. The supported actions include:

• Uninstall: Remove the ACSIA SOS agent from selected devices in bulk.

If you have questions or need assistance, please reach out to our support team.

The post Release note ACSIA SOS v.7.6.0 appeared first on Dectar.

Cybersecurity is undergoing a major transformation. The increasing number of cyber threats demands more effective, scalable, and, most importantly, preventive solutions. Dectar was founded with this mission, driven by the vision of our CEO, Stefan Uygur.

In this interview with Shauli Zacks from Safety Detectives, Stefan shares his journey in cybersecurity, the crucial role of open-source technology, and why predictive prevention is the key to staying ahead of cyber threats.

Discover how ACSIA SOS, our flagship solution, is revolutionizing the industry with an open detection engine, advanced automation, and real-time response capabilities.

Read the full interview Safety Detectives

The post Stefan Uygur on Safety Detectives: Dectar’s Vision for an Innovative Cybersecurity appeared first on Dectar.

La cybersecurity sta vivendo un momento di grande trasformazione: il numero crescente di minacce informatiche richiede soluzioni sempre più efficaci, scalabili e soprattutto preventive. Dectar nasce proprio con questa missione, grazie alla visione innovativa del nostro CEO, Stefan Uygur.

In questa intervista con Shauli Zacks di Safety Detectives, Stefan racconta il percorso che lo ha portato a fondare Dectar, il ruolo cruciale dell’open-source nella sicurezza informatica e il valore della prevenzione predittiva rispetto agli approcci tradizionalmente reattivi.

Scopri come ACSIA SOS, la nostra soluzione di punta, sta rivoluzionando il settore con un motore di rilevamento aperto, automazione avanzata e capacità di risposta in tempo reale.

Leggi l’intervista completa in Italiano:

SafetyDetectives ha avuto l’opportunità di intervistare Stefan Uygur, CEO di Dectar, per esplorare il suo percorso nella cybersecurity e l’ispirazione che lo ha portato a fondare Dectar. Con decenni di esperienza nella sicurezza IT e una forte passione per la tecnologia open-source, Stefan ha individuato una lacuna critica nel settore: la proliferazione di soluzioni di cybersecurity che offrono solo miglioramenti incrementali, senza una reale innovazione. Per colmare questo vuoto, ha lanciato Dectar con l’obiettivo di consolidare le funzionalità di sicurezza essenziali in un’unica piattaforma altamente efficace, con un approccio basato sulla prevenzione.

In questa intervista, Stefan racconta come ACSIA SOS, la soluzione di punta di Dectar per la cybersecurity avanzata, si distingue grazie al suo motore di rilevamento aperto, alla prevenzione predittiva delle minacce e alle capacità di risposta automatizzata. Condivide inoltre approfondimenti su scalabilità, automazione e il futuro della cybersecurity, inclusi i piani di Dectar per espandersi nel settore della sicurezza mobile e nelle integrazioni cloud.

Può presentarsi e raccontarci cosa l’ha portata a fondare Dectar?

Mi occupo di cybersecurity dall’età di 14 anni, un interesse che ha sempre caratterizzato sia la mia vita personale che professionale. Sono un pioniere e membro attivo della comunità Free Open Source fin dalla nascita del movimento. Ho lavorato per oltre vent’anni con le prime dieci aziende tecnologiche globali, occupandomi principalmente di infrastrutture IT e sicurezza.

Dopo due decenni di esperienza professionale, mi sono reso conto che il settore della cybersecurity stava vivendo una sorta di regressione: il mercato produceva sempre più soluzioni, ma ciascuna offriva solo piccole variazioni rispetto alle altre, senza innovazioni significative. Questo affollamento stava creando debolezze strutturali nel settore.

Ho quindi visto la necessità di una soluzione di cybersecurity in grado di colmare le lacune esistenti, integrando più funzionalità in un’unica piattaforma per eliminare la necessità di adottare molteplici strumenti simili tra loro. È stato in quel momento che ho deciso di avviare un progetto e ho fondato Dectar.

Ci parli di Dectar: quali sono i vostri servizi di punta e cosa rende l’azienda unica?

Dectar ha sviluppato una soluzione innovativa di cybersecurity avanzata chiamata ACSIA SOS. La sua unicità risiede nel motore di rilevamento aperto, che consente agli utenti di aggiungere funzionalità personalizzate di rilevamento, risposta e mitigazione senza bisogno di competenze di programmazione. Questo è possibile grazie all’uso delle “regole Sigma”, scritte in un meta-linguaggio descrittivo.

Gli utenti di ACSIA SOS non sono vincolati a un unico vendor: pur essendo dotata di capacità di rilevamento all’avanguardia, la piattaforma permette agli utenti di estendere autonomamente le funzionalità senza il nostro intervento. Questo approccio rivoluzionario si ispira al modello open-source, che promuove lo sviluppo collaborativo delle tecnologie più avanzate.

In un panorama di minacce in continua evoluzione, cosa distingue l’approccio di Dectar alla previsione e prevenzione delle minacce rispetto ad altre aziende di cybersecurity?

Oggi, quasi tutte le soluzioni di cybersecurity sul mercato sono reattive: rilevano le minacce solo quando il problema è già presente, il che spesso è troppo tardi. Nel settore della protezione avanzata degli endpoint, non esistono ancora soluzioni realmente focalizzate sulla difesa predittiva e preventiva.

ACSIA SOS adotta un approccio prevention-first, implementato attraverso due strategie principali:

1. Threat intelligence in tempo reale – La piattaforma è in grado di identificare le minacce in anticipo, bloccandole immediatamente al primo contatto (prevenzione predittiva).
2. Monitoraggio delle attività di ricognizione – Le regole Sigma preconfigurate coprono tutti i possibili passi di una fase di ricognizione. Poiché un attacco non può avvenire senza una fase di esplorazione preliminare, noi ci concentriamo nel bloccare gli attori malevoli mentre stanno ancora cercando di identificare i punti d’accesso, prima che possano eseguire un attacco vero e proprio.

Questi due elementi, insieme al nostro motore di rilevamento aperto, rendono ACSIA SOS un’innovazione senza precedenti nel settore.

Come Dectar garantisce la scalabilità delle sue soluzioni per adattarsi sia alle piccole imprese che alle grandi aziende?

ACSIA SOS è una piattaforma multitenant, costruita interamente con microservizi, il che la rende estremamente scalabile. È progettata per soddisfare sia le esigenze delle PMI, che devono proteggere un numero limitato di asset con una soluzione economicamente sostenibile, sia quelle delle grandi imprese, che necessitano di funzionalità avanzate e personalizzabili.

La piattaforma include componenti come SIEM, IAM, IDS, IPS, gestione degli asset e firewall integration, tra gli altri. Per le piccole imprese, ACSIA SOS offre una protezione essenziale senza bisogno di un team IT dedicato, grazie alle sue capacità di gestione automatizzata degli eventi. Per le grandi aziende, invece, la soluzione si adatta facilmente a infrastrutture più complesse, con un pricing flessibile basato sulle esigenze specifiche.

Qual è il ruolo dell’automazione nei prodotti Dectar? Come aiuta a ridurre il carico di lavoro dei team IT?

L’automazione è una delle nostre priorità, perché aiuta a combattere l’alert fatigue e ridurre l’intervento umano nei processi di sicurezza. ACSIA SOS è in grado di gestire automaticamente fino al 90% degli alert, senza necessità di supervisione.

Per il restante 10%, la piattaforma fornisce un riepilogo dettagliato e in linguaggio naturale, così gli utenti possono prendere decisioni rapide ed efficaci. Inoltre, ogni intervento manuale viene registrato e usato per migliorare continuamente il sistema, riducendo progressivamente il numero di eventi che richiedono un’azione diretta.

Guardando al futuro, quali sono i prossimi sviluppi e innovazioni su cui Dectar sta lavorando?

Il nostro obiettivo è continuare a semplificare la cybersecurity, consolidando funzionalità diverse in un’unica soluzione completa. I nostri progetti futuri includono:

• Protezione dei dispositivi mobili, un’area sempre più critica nel mercato attuale.
• Integrazioni cloud con provider come Microsoft, Google e AWS, per offrire una protezione completa su più ambienti.
• Rafforzamento delle funzionalità di prevenzione, perché crediamo che la chiave della cybersecurity sia bloccare gli attacchi prima che avvengano.

Per innovare nella difesa informatica, è essenziale pensare come un hacker e anticipare le loro mosse. È proprio questa mentalità che ci permette di mantenere ACSIA SOS sempre un passo avanti rispetto alle minacce emergenti.

The post Stefan Uygur su Safety Detectives: la visione di Dectar per una cybersecurity innovativa appeared first on Dectar.

Welcome to the second installment of our series dedicated to the advanced features of ACSIA SOS, the cybersecurity platform designed to protect every aspect of your company’s digital infrastructure. In this article, we will focus on one of ACSIA SOS’s most powerful tools: the Detection Engine.

What is the Detection Engine?

The Detection Engine in ACSIA SOS is the beating heart of the platform, designed to analyze data from various sources, such as:

• Operating system logs.
• Network events.
• Third-party alerts, like those generated by tools such as Wazuh.

The detection engine offers proactive protection against emerging threats by combining advanced technologies and customizable detection rules.

Sigma Rules: The Key to Advanced Detection

One of the distinguishing features of the Detection Engine is its use of Sigma Rules, a widely adopted detection standard supported by a global community of security experts. Sigma Rules enable the system to:

• Quickly adapt to new threats.
• Provide insights into both known and emerging risks.
• Offer a flexible and customizable detection format.

How Does the Detection Engine Work?

The detection process is developed in three key stages:

1. Stage 1: Initial Anomaly Identification
   • Using open-source tools to quickly identify suspicious behaviors in system logs and network events.
2. Stage 2: Application of Sigma Rules
   • Analyzing collected data to assess the severity and nature of potential threats.
3. Stage 3: Advanced Correlation
   • A correlation engine links various alerts together to identify complex attacks that might evade traditional detection methods.

Notifications and Threat Response

When a threat is detected, the Detection Engine in ACSIA SOS sends alerts through multiple channels, including:

• Email.
• Collaboration platforms like Slack and Microsoft Teams.

Additionally, ACSIA SOS stands out for its ability to automatically block attacks, reducing the need for manual intervention. This includes:

• Customizing network policies.
• Optimizing alerts to reduce false positives.

Why Choose ACSIA SOS for Detection?

The ability to quickly and effectively detect and respond to threats is essential for any company seeking to safeguard its digital infrastructure. With the Detection Engine in ACSIA SOS, businesses can:

• Continuously monitor their IT environment.
• Proactively address threats.
• Significantly reduce the workload on security teams.

Thanks to the combination of advanced technologies, automated processes, and a global support community, ACSIA SOS confirms itself as a complete and versatile cybersecurity solution.

Learn More

Want to discover how the Detection Engine in ACSIA SOS can help your company stay one step ahead of threats? Request a free demo and start exploring the potential of our platform.

Stay tuned for our series’s third and final installment, where we will discuss another innovative feature of ACSIA SOS. Protect your company, stay informed, and face cybersecurity challenges with confidence!

The post Proactive Protection: discovering the Detection Engine in ACSIA SOS appeared first on Dectar.