Release Notes Moved to Security Blogs
Future release notes will be added to the Security Blogs page with the Cognitive Intelligence label and cognitive-release-notes tag.
November and December 2018
Classifier for Redis Database Service Discovery
Autoupdate for Cryptomining Classifier
The cryptomining classifier is now updated daily with information from external cryptomining feeds. Each update goes through a verification process to filter out false positives that may occur in external feeds. Autoupdate extends the scope of the classifier and allows it to detect mining activity that uses unusual cryptomining pools as well as stay in tune with new pools that are created.
Example: This incident shows communication to an exotic cryptomining pool. The IP address 188.8.131.52 is strongly associated with cryptomining but is not a commonly used cryptomining pool. The IP address is also associated with a C&C channel for malware. This activity was discovered as a result of an autoupdate to the cryptomining classifier.
URL–Based Neural Network Classifier for High-Risk Malware
AMP Probabilistic Threat Propagation
High-Risk Classifier from Weak-Events Combination
Superforest Enablement for Stealthwatch Customers