Release Notes
Version 5.4.0 (October 2025)
-
New Integration for Forcepoint DLP
-
Added new alerts for Windows
-
Added new alerts for Windows AD
-
Added new alerts for Authentication
- Added
User Inventoryconfiguration page. - Added
SophosVPN event support. - Added
pfSense OpenVPNevent support. -
Added support of
AIXservers to collect data from it. -
Enhancements
- Added
cs_basic_network_scanning_thresholdto configure the threshold value for each host to visit different destination IPs and ports in an hour. - Changes in
cyences_severityfor following alerts:- Basic Netowrk Scanning
- Fortigate - High Threats Alert
- Palo Alto - High Threats Alert
- CrowdStrike - Suspicious Activity or Malware Detected
- Updated frequency of following alerts:
- Defender ATP - Alerts : from every hour to every 15 minutes.
- Enahancement in
O365 - Successful Login From Unusual Countryalert query to filter out successful login events if access is already blocked by Conditional access policies. - Updated
ms_obj_user_change_outmacro to includeTarget_Account_Namefield.
- Added
-
Bug fixes
- Fixed the oracle dashboard field issue to populate the dropdown filters.
- Fixed
Kaspersky Critical Host Foundpanel timerange issue of Kaspersky dashboard to populate the panel according to selected timerange. - To avoid taking “NA” group into cosideration for
AD - Group Membership Changedpanel, excluded “NA” group from events. - Updated User Inventory dashboard to exclude invalid users for
Proofpoint Inc.
Upgrade Guide from 5.3.0 to 5.4.0
- Make sure to upgrade TA-cyences (v1.1.4) before upgrading cyences to v5.4.0.
- Onboard Forcepoint DLP logs to utilize the related alerts. For more details, refer to Forcepoint DLP Data Onboarding
- Migrate to new cisco app Cisco Security Cloud in order to collect DUO data as older app Duo Splunk Connector is deprecated. For more details, refer to DUO Data Onboarding