15.0.0 Changelog

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

Overview

15.0 is a major new release containing new the new Threat Prevention application and WebFilter enhancements.

Threat Prevention

Threat Prevention is a new application that blocks traffic based on URL or IP address malicious reputation. Blocked web sessions will be redirected to a local block page. All other non-web sessions will be dropped. Reputations are provided by Brightcloud.

This application is part of the Complete subscription.

Threats

Traffic blocking is performed based on session URL or IP address matching the selected threat reputation threshold. The default is High Risk. A lower threshold will also block higher matching reputations. For example, selecting Suspicious will block URLs and IP addresses with a reputation of either Suspicious or High Risk.

Threats may or may not have one or more categories associated with them, such as Malware and Web Attacks.

Rules

For customization, you can create your own Threat Prevention rules. For example, you can create a rule for client address that is passed and not blocked.

Additionally, if Threat Prevention is enabled, new Threat Prevention rule conditions for reputation and category are available in rules for other applications such as WebFilter.

Reports

Web and Non-Web Event reports provide detailed information about an address's reputation. To view this detailed information, click the row and open the Details pane.

Web Filter

Web Filter contains the following enhancements:

Kid Friendly search redirect

A new Advanced option Force searches through kid-friendly search engine will redirect known search engine requests through https://www.kidzsearch.com/.

Custom block page

A new advanced option Custom block page allows you to redirect block pages to an external site for block page customization. The following parameters are passed as GET parameters:

Name Description Example
appid WebFilter identifer 5
appname WebFilter application name web-filter
host Blocked host www.someblockedsite.com
url Full blocked url http://www.someblockediste.com/page.html
reason Category name or blocking rule name Adult and Pornography - Sexually explicit material ...
clientAddress IP address of client 192.168.1.10

NOTE: Unblock operations are not available when using a custom block page.

KidszSearch & DuckDuckGo search engine support

Support for search engines Kidzsearch and DuckDuckGo have been added including support for search terms and kid friendly search.

Category Submit Request

The Site Lookup, Suggest a different category operation now properly works and submits the URL to be re-classified.

QUIC messages

If you block QUIC sessions, those blocks will be recorded as WebFilter status metrics instead of logging each instance to the WebFilter log.

Query performance enhancements

Various improvements have been added to the Brightcloud query engine to improve performance.

Custom Email Alerts

Email Alerts can now be customized through the new Email Template tab.

The message now defaults to a key-value formatted message with values converted to "human-readable" formats. For example, a numeric value like 99214905344 will display at 92G.

As you customize the template, a preview is displayed using a live SystemStatEvent event, showing exactly how the template will be applied.

Kernel Upgrade

Kernel upgrade to 4.9.0-11 will be forced with this release.

Important: Please make sure that your hardware is compatible with kernel version 4.9 before upgrading from a previous version.

Other

  • Network interface mark preservation improves interoperability with other advanced routing technologies.
  • Google drive backups stopped working due to a Google change. This has been fixed.
  • Reports now properly escape HTML and JavaScript to prevent injection out of band XSS