Skylight interceptor 23.04 Release Notes

Executive summary

This article highlights new features and enhancements for Skylight interceptor 23.04.

Workato Integration

Added support for Workato platform allows you to:

• Send alerts generated from the Accedian platform to their ticketing systems, such as Slack, Freshdesk, Jira, Salesforce and more.
• Integrate interceptor with third party products, such as SIEM, SOAR, EDR and others.

DSL rules

Added DSL (Domain-specific language) rules support. Interceptor DSL rules use Suricata syntax, that allows you to:

• Import rules from open sources.
• Write their own rules.
• Share rules amongst deployments.

Honeypots

Interceptor now provides a honeypot solution which can run inside the customers network and track attacker’s activity. This activity is then displayed as alerts on Interceptor UI. There are three different types of honeypots added in this release, including:

• SSH
• FTP
• LDAP

Zone based user data separation

Newly added option to separate data by zones, assigned to specific user groups.

Notable fixes and minor improvements

• Added support of multiple alerts selection, to allow you to change your status in bulk.
• List of detections revised, includes:
  • Maliciouse JA3
  • Rare User Agent
  • Data Transfer Growth
  • Protocol or Port Mismatched
  • Out of Policy Country
  • Outbound SMB traffic
  • Possible Empire Powershell HTTP Beaconing
  • Cobaltstrike Beaconing
  • SMB Beaconing