Data sources and objects captureEtherSensor EtherCAP service:
[*]Memory loss during traffic capture was significantly reduced.
[*]TCP connection reconstruction performance is now higher in the Packet Sniffer SDK traffic capture library.
[+]VLAN 802.1Q packet processing was added to the Packet Sniffer SDK traffic capture library.
[+]The maximum number of packets held per a TCP thread can not be set in the Packet Sniffer SDK traffic capture library.
[+]Protocol parsers were added for SOCKS4 and SOCKS5. They can be used to monitor and intercept messages tunneled over SOCKS.
[+]ICAP parser was added. It can be used to passively monitor ICAP connections without any changes to the existing architecture.
EtherSensor ICAP service:
[+]SECURE ICAP operating mode was added. The ICAP server can now use SSL to create secure connections to ICAP clients.
[+]LYNC messages on Microsoft Lync (Microsoft Skype for Business) servers can now be intercepted. This feature is integrated with the Microolap LYNC agent which operates over the ICAP protocol.
Captured objects analysis:
[*]Memory consumption during message detection and analysis is now significantly lower.
[+]Message filters can now send arbitrary (compound) messages to SYSLOG servers for integration with SIEM systems.
[+]Detected search queries for search engines (google.com, rambler.ru, yandex.ru, mail.ru, aport.ru, bing.com, yahoo.com, wikipedia.org) can now be sent over the SYSLOG protocol.
[+]The following message detectors were updated: blogger.com, cv (careerist.ru, hh.ru, job50.ru, job.ru, rabota.ru, superjob.ru, zarpalata.ru), facebook.com, hotmail.com, linkedin.com, livejournal.com, loveplanet.ru, mamba.ru, mail.ru, my.mail.ru, moikrug.ru, odnoklassniki.ru, pochta.ru, rambler.ru, smsmms (beeline.ru, megafon.ru, mts.ru, skylink.ru, tele2.ru, wsms.ru), ukr.net, vkontakte.ru (reading incoming messages was added), wordpress.com.
Delivering analysis results to consumer system:
[*]Memory consumption during message sending is now significantly lower.
[+]The new SFTP transport protocol was added to send messages over SSH.
[+]SFTP transport profile was added.