SES Evolution 2.6.2 new features and enhancements

Asset protection

Compatibility with MITRE ATT&CK matrix

In SES Evolution logs, you can now reference attackers' techniques as listed and described in the MITRE Att&ck matrices published by the American MITRE organization. In the event of an attack, security analysts can quickly identify it by consulting its classification, and go directly to the URL of the MITRE technique concerned. This enables them to take appropriate action quickly.

This feature associates a security rule with an attack intent and tags. Technique and tactic identifiers are also displayed in the logs when an event occurs.

Find out more

Sending email notifications about system logs

In the event of a malfunction of SES Evolution' backoffice components, you can now be alerted by email. This means you're alerted quickly when certain events occur in your pool, without having to constantly monitor the SES Evolution administration console. Using notification rules, you can choose which log types should trigger a notification, and the email addresses of the recipients.

Find out more

EDR detection improvements

Rule groups

You can now create rule groups to make it easier to read and maintain rule sets.

Find out more

Rule-controlled access types

The granularity of accesses to be controlled is now much finer.

New behaviors have also been added for access type actions in rules, for example:

  • Skip rule set,
  • Skip rule group,
  • Skip rule.

Find out more

Choice of context information sent to SIEM

You can now choose the level of context you wish to send to the Syslog server: None, simple context, or detailed context.

Find out more

Level of process integrity in application identifiers

The execution context of application identifiers offers additional integrity levels. You can now choose a strict or higher than or equal integrity level.

Find out more

Rule exclusions

In protection and audit rules, you can now exclude:

  • Application identifiers,

  • Resource paths for file and registry rules.

Find out more

Administration console

Configuring administrators by Active Directory group

SES Evolution now lets you declare Active Directory user groups and assign them a role. In this way, all users within the group can automatically access the administration console according to this role. You no longer need to declare or delete each user individually.

Find out more

Compatible Windows versions

SES Evolution version 2.6.2 is no longer compatible with the following Windows operating systems:

  • Windows 7 SP 1 32 and 64 bits
  • Windows 8.1 32 and 64 bits
  • Windows Server 2008 R2
  • Windows Server 2012 R2
  • Windows 10 2015 (1507 and 1511) 32 and 64 bit
  • All 32-bit Windows systems

If you have backoffice components or SES Evolution agents on these operating systems, they cannot be updated to 2.6.x. Stormshield strongly recommends upgrading to compatible Windows versions. For more information, see the Microsoft documentation and the Update SES Evolution section of the Administration Guide.

The latest version 2.5.x will continue to protect workstations hosting the above obsolete systems with compatible security policies.

For a list of operating systems compatible with SES Evolution, see Product Lifecycle.