New Features

GPO Deployment Documentation and Scripts

• We have added detailed instructions and pre-configured scripts to help system administrators deploy the software across Active Directory domains using standard Windows Server management tools.
• This update makes GPO-based deployments easier to configure, more reliable, and faster to implement in enterprise environments.
• All deployment instructions and configuration scripts are available in the ACSIA SOS UI.

What is a GPO?

In simple terms, GPO (Group Policy Object) deployment is a way to automate software installation across a whole network from a central server.

Instead of manually installing the software on each workstation, administrators can now use centralized policies to distribute and configure it automatically on all domain-joined computers.

For more information, please take a look at the linked documentation: Microsoft Learn

If you have any questions or need assistance with the new features, our support team is here to help.

The post ACSIA SOS V.8.7.3 – Release Notes appeared first on Dectar.

New Features

• AI-Powered Security Incident Analysis
  Security incident analysis is now enhanced with integrated AI capabilities.
  For each incident, the AI:
  • Identifies the type of security event.
  • Classifies the activity as legitimate, malicious, or suspicious.
  • Suggests recommended actions and verification steps when suspicious or malicious behavior is detected.
  This helps analysts accelerate triage, reduce false positives, and focus on the most critical threats.
• Advanced Reporting (PDF Export)
  Reporting capabilities have been expanded with the ability to:
  • Download a PDF report for a single security incident.
  • Export a PDF report of the entire dashboard, providing a consolidated view of the security posture.
  These reports are designed for operational reviews, audits, and executive communication.
• Asset Inventory Reporting (Excel Export)
  Asset visibility is further improved with the ability to download an Excel report of the Asset Inventory for a single device.
  For Windows systems, the report includes:
  • A detailed list of hotfixes with direct links to the corresponding Microsoft support documentation.
  This feature simplifies vulnerability assessment, compliance checks, and patch management activities.

If you have any questions or need assistance with the new features, our support team is here to help.

The post ACSIA SOS V.8.6.1 – Release Notes appeared first on Dectar.

We’re thrilled to announce ACSIA SOS v8.2.1, a milestone release that brings AI innovation and broader infrastructure coverage — from endpoints and firewalls to mobile devices — delivering truly unified protection across your entire digital perimeter.

New Features

AI Detection Rules Generator
Writing detection rules has never been easier. With the new AI-powered Sigma Rules Generator, anyone can create advanced detection logic simply by chatting with AI — no need to be a cybersecurity expert.
Describe what you want to detect in plain language, and the AI will generate a Sigma rule ready to be reviewed and inserted directly into the ACSIA SOS platform.

Frontend Sigma Rules Management
In addition to AI generation, you can now add, edit, and manage Sigma rules directly from the ACSIA SOS frontend.
This gives full control over rule customization and maintenance, enabling faster tuning, testing, and response — all without leaving the platform.

Mobile Protection
The ACSIA SOS security ecosystem continues to grow — from clients and servers to firewalls, and now mobile devices.
Through secure VPN-based coverage, mobile traffic is continuously monitored and filtered using the same intelligence that protects your core infrastructure.

Firewall Integration: Amazon WAF Added
We’ve expanded our firewall family!
ACSIA SOS now integrates with Amazon WAF, alongside WireGuard, pfSense, and FortiGate.
This allows you to block malicious actors at the perimeter, before they can reach your internal systems — just like keeping enemies outside the castle walls.
With this addition, all your network and cloud frontlines can now leverage ACSIA SOS’s threat intelligence to protect every device behind the firewall, even those without an agent.

Fixes

Updated Agent for Ubuntu 20 & 22
Released a new version of the ACSIA SOS agent that resolves compatibility issues related to iptables on some Ubuntu 20.04 and 22.04 systems, improving reliability and stability across deployments.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.8.2.1 appeared first on Dectar.

New Features

Firewall Integration: WireGuard Support

We’re introducing support for WireGuard-based environments as part of our growing firewall integration capabilities.

This new feature allows ACSIA SOS to enforce threat intelligence at the network level in infrastructures where WireGuard is used for secure remote connectivity.

How it works

ACSIA SOS leverages a dedicated script that periodically fetches malicious IP threat feeds via URL. These feeds are then applied to the system’s firewall rules associated with WireGuard interfaces, enabling automatic, real-time blocking of suspicious IP addresses.

Key Benefits

• Automated IP blocking based on continuously updated threat intelligence
• Enhanced security for environments where WireGuard is preferred due to its speed and lightweight nature
• Zero-touch configuration once enabled – the process runs automatically in the background

With the addition of WireGuard, ACSIA SOS now supports FortiGate, pfSense, and WireGuard firewalls, ensuring broader protection across hybrid and remote infrastructures.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.8.1.0 appeared first on Dectar.

New Features

pfSense Firewall Integration

We’re excited to introduce our new pfSense firewall integration, built to deliver proactive, network-wide protection—just like our existing Fortinet firewall integration.

With this powerful upgrade, ACSIA SOS automatically creates firewall rules in pfSense to block malicious IPs and Indicators of Compromise (IOCs), extending protection to all devices behind your firewall—not just those monitored by ACSIA SOS.

• Proactive Defense: Preemptively block known malicious IPs using global threat intelligence—before threats even reach your network.
• Reactive Response: Instantly block malicious IPs in real time when suspicious activity is detected on any ACSIA-monitored device.

This integration turns your pfSense firewall into a dynamic enforcement point—automated, intelligent, and always up to date.

Smarter protection. Broader coverage. Zero manual effort.
Stay ahead of threats with ACSIA SOS and pfSense.

Incident Notes Field

Say hello to smarter collaboration and audit-ready incident tracking with our new Incident Notes Field.

You can now add and manage notes directly within each incident, building a time-stamped history of decisions, actions, and insights. Whether you’re actively investigating or closing out an alert, everything is documented in one place.

• Historized Notes: Each entry is logged chronologically, ensuring a clear and traceable incident timeline.
• Collaborative Context: Team members can contribute over time, improving transparency and shared understanding.
• Clearer Closures: Document the reasoning behind resolutions to build confidence and accountability.

Keep track. Stay aligned. Close with confidence.

Improvements in v7.8.0

Improved Device & Incident Filtering

We’ve made it easier than ever to find what you’re looking for. Both the Device and Incident sections now support IP filtering with “LIKE” functionality, allowing partial IP matches.

This makes subnet-level investigations and bulk asset reviews faster and more flexible.

Smarter filtering. Faster investigations. More control.

UI Enhancements That Improve Clarity and Actionability

The ACSIA SOS interface just got better—with a refreshed look and features that enhance both usability and response speed.

• Updated Icons: Clean, modern visuals create a more intuitive experience across the platform.
• Enhanced Incident Detail View:
  • Attacker IP Intelligence: Click “Get more information” to instantly view enriched data about the attacking IP.
  • Direct Action Buttons: Take action in real time with one-click access to ban, isolate, or respond directly from the incident view.

These updates are designed to streamline your security operations and reduce time-to-response.

Better visuals. Deeper insight. Immediate action.

If you have any questions or need assistance with the new features, our support team is here to help.

The post Release Note ACSIA SOS V.7.8.0 appeared first on Dectar.

1. Incident Notifications via Telegram
   You can now receive real-time incident notifications via Telegram!
   With this feature, you’ll get instant updates on security incidents, including:
   • Incident category and severity (High, Critical, Medium, etc.)
   • Brief incident details, including the affected device and its IP address
   • Attacker IP (if available) – clicking on it allows you to check its details using a public lookup service
   • Attacker geolocation data – see where the IP is located
   • Direct access to the incident overview – clicking the “View Incident” link will take you to ACSIA SOS for a full analysis (login required)
     
     Why is this important?
   • Stay informed instantly, without needing to check emails or dashboards.
   • Respond to security threats faster, improving your organization’s protection.
   • Get critical insights at a glance, including attacker details and geolocation.
     
     Important: We strongly recommend using a private Telegram channel for notifications to keep your security data safe and confidential.
     
2. Incident Notifications via Mattermost
   You can now receive incident notifications via Mattermost, just like with Slack and Teams!
   With this integration, you’ll get real-time alerts directly in your Mattermost workspace, including:
   • Incident category and severity (High, Critical, Medium, etc.)
   • Brief incident details, including the affected device and its IP address
   • Attacker IP (if available) – allowing quick identification of potential threats
   • Direct access to the incident overview – click the “View Incident” link to jump straight into ACSIA SOS for further analysis (login required)
     
     Why is this important?
   • Instant visibility: No need to check emails or external dashboards—get alerts where your team already collaborates.
   • Faster response times: Immediate awareness means quicker action to mitigate threats.
   • Seamless integration: Works like Slack and Teams, making it easy to adopt.
     
     By enabling Mattermost notifications, you ensure your security team stays informed and ready to respond—without disrupting their workflow.

Improvements in v.7.7.0

1. Enhanced Incident Details Visibility More details are now displayed directly in the incident list, reducing the need to open each incident.
   • Executable File Dropped: Detected processes are now shown directly in the list.
   • Multiple Windows Logon Failures: The username that failed to log in is now shown directly in the list.
   • Sysmon: Detected processes are now shown directly in the list.
     
2. Incidents and Devices Section
   Added the option to sort incidents by IP for easier investigation.
3. Incident Filters Introduced a dropdown menu to filter incidents by category without manually entering the category name, making filtering faster and more user-friendly.
   

If you have questions or need assistance, please reach out to our support team.

The post Release Note ACSIA SOS V.7.7.0 appeared first on Dectar.

New Features in v7.6.0

1. Firewall Integration ACSIA SOS now integrates with Fortigate firewalls, offering a unified view of your infrastructure and enabling seamless communication for enhanced threat response.
   • Unified Device Overview:
     The ACSIA SOS interface now displays detailed information about your firewall alongside your other devices (servers and clients). This centralized view allows you to monitor and manage your entire infrastructure from a single platform.
   • Dynamic Rule Creation via API:
     When ACSIA SOS detects a threat and applies an IP ban as remediation, it communicates with the firewall via API to automatically create corresponding rules. These rules are not pre-existing in the firewall, ensuring effective enforcement of bans at both the ACSIA SOS and firewall levels.
   • Secure Token-Based Communication:
     The communication between ACSIA SOS and Fortigate is secured with token-based API authentication. The token must be generated by an administrator using the Fortinet GUI and is designed to be exclusively used by ACSIA SOS for security purposes.
   • Guided Setup:
     When adding a device of type “firewall” in the ACSIA SOS interface, users are provided with a detailed guide on generating the API token in the Fortinet GUI, making the integration process straightforward and secure.
     
2. Device Tags
   Users can now create and apply custom tags to multiple devices within the same tenant. This feature simplifies device organization and enhances management capabilities, making it easier to classify and track devices based on specific criteria.  

Improvements in v.7.6.0

1. Enhanced Password Security
The length of passwords automatically generated for accessing the compliance Wazuh dashboard has been increased from 10 to 32 characters, providing significantly stronger protection against unauthorized access.

2. Bulk Actions in Device Management
A new bulk actions feature has been added to the device management section, allowing users to select multiple devices and perform actions on them simultaneously. The supported actions include:

• Uninstall: Remove the ACSIA SOS agent from selected devices in bulk.

If you have questions or need assistance, please reach out to our support team.

The post Release note ACSIA SOS v.7.6.0 appeared first on Dectar.

New Features in v7.5.0

1. Agent for MacOS
   With the introduction of the MacOS agent, ACSIA SOS now provides comprehensive support across all operating systems, ensuring seamless integration and monitoring regardless of your platform.
2. Detection of Custom IIS Logs on Windows Machines
   Building on existing capabilities for Linux systems, ACSIA SOS can now automatically identify custom IIS logs on Windows machines. These logs are displayed in the “Custom Logs” section of the device details, eliminating the need for manual addition during the initial setup or when a new IIS site is added.

Improvements in v.7.5.0

1. Enhanced Device Details
   The “General” section of the device details has been enhanced to include:

• Agent Last Seen: Displays the last communication date of the agent.
• Last Inventory Snapshot: Indicates when the most recent inventory snapshot of the device was taken.

If you have questions or need assistance, please reach out to our support team.

The post Release note ACSIA SOS v.7.5.0 appeared first on Dectar.

New Features in v7.4.0

1. Transition to Keycloak Open ID Provider

The adoption of Keycloak introduces support for industry-standard authentication protocols, ensuring seamless and secure integration:

• OpenID Connect (OIDC): Provides a modern, lightweight authentication framework built on OAuth 2.0.
• LDAP (Lightweight Directory Access Protocol): Simplifies integration with your organization’s existing directory for user management. -> Available only for on-premises version of ACSIA SOS

2. Default Two-Factor Authentication (2FA)

To strengthen account security, Two-Factor Authentication (2FA) will now be enabled by default.

• All users will secure their accounts with authentication apps like Authy or Google Authenticator or Microsoft Authenticator.
• This additional layer of protection ensures better security for user accounts.

Important Post-Update Information

1. Password Reset Required

For security reasons, existing passwords cannot be migrated to the new system.

• After the update, all users must reset their passwords to comply with the new authentication framework. Watch this video for a step-by-step guide.

2. Automatic 2FA Setup

Upon first login after the update:

• To complete the setup, you will need to download and install an authenticator app such as Authy or Google Authenticator or Microsoft Authenticator.

Upgrade Notes

• Existing user roles and permissions will remain unchanged, ensuring continuity in your workflows.
• Detailed guidance for the password reset and 2FA setup process will be available in the ACSIA SOS Support Portal.

Why This Update Matters

These updates underscore our commitment to providing a secure, scalable, and enterprise-ready platform.

• Keycloak integration ensures compliance with modern authentication standards.
• Default 2FA adds a critical layer of security to protect your data and account access.

We thank you for your cooperation during this transition. If you have questions or need assistance, please reach out to our support team.

The post Release note ACSIA SOS v.7.4.0 appeared first on Dectar.

New features in v.7.3.0

Compliance dashboards integration

• ACSIA SOS now includes direct access to the Wazuh Dashboard, enabling users to monitor compliance with critical security standards, such as GDPR, HIPAA, PCI-DSS, NIST 800-53, and Trust Services Criteria (TSC). This integration allows users to easily monitor compliance status and address vulnerabilities from within the ACSIA SOS environment.
  
  Note: By default, users are not enabled to access this functionality. To view the Wazuh dashboards, the user must be enabled, and a password specific to this purpose must be generated. This password will then be used to log into the Wazuh dashboards directly from ACSIA SOS. Please, follow this guide to enable users for this new feature.

Improvements in v.7.3.0

Sigma rule update – “Executable File Dropped in Folder Commonly Used by Malware”

For any further assistance or detailed setup instructions, please refer to the official ACSIA SOS documentation or contact the Support Team.

The post Release note ACSIA SOS v.7.3.0 appeared first on Dectar.