# April 15, 2025 This release introduces new capabilities and usability improvements, including:\ **🛡️ MITRE ATT\&CK tactics and techniques selection in Response Policies**\ **🔍 Pivoting support in Traffic Top for faster forensic investigations**\ **🧪 Infoblox NIOS as a DNS traffic source (*****Early Access*****)**\ **📋 Expand Roles Table to view permissions**\ **🔐 Global Security/SSO settings page split into Password & Security and SSO** ### 🛡️ MITRE ATT\&CK Framework in Response Policies You can now select MITRE ATT\&CK tactics and techniques directly from a visual editor when creating or editing Response Policies. This builds on our [February release](https://docs.netography.com/changelog/release-notes-02182025), where MITRE ATT\&CK Framework classifications were first introduced in the Events view. **How to Use:**\ 1\. Go to **Settings > Response Policies**\ 2\. Add or edit a policy\ 3\. Under **Match By**, choose **Detection & MITRE Categories**\ 4\. Select from the tactics and techniques shown. Selecting a tactic will automatically select all associated techniques.

Response Policy with MITRE ATT&CK Tactics selected

### 🔍 Pivoting in Traffic Top Traffic Top now allows you to **pivot into detailed views** of aggregated data, accelerating investigations. If a column displays an entry like **+6** next to the item, it means there are **at least** six additional items not shown. Click it to pivot into a filtered view showing **additional items** for that row. **Example: Investigating Unusual Traffic to an Internet (external) Port**\ 1\. Open **Traffic Top** from the **Investigate** menu\ 2\. Select the **Internet Ports** preset\ 3\. Note the aggregation by `dstport`. You see `53` with a **+6** in the Source column\ 4\. Click **+6** to pivot—your filter now scopes to `dstport == 53` and aggregates by `srcip`, providing a table of source IPs. When you pivot, the Aggregate By field (`dstport` in this case), is added to the global filter, and Traffic Top is now set to Aggregate by the field you selected to pivot (`srcip` in this case). This now changes your view from looking at all source IPs aggregating data by the source IPs that are communicating to port 53.

Traffic Top - Clicked **+6** box in Source column for **Aggregation 53** to do a srcip Pivot — Traffic Top - Clicked +6 box in Source column for **Aggregation 53** to do a srcip Pivot

> ### ℹ️Why do I see more entries when I pivot than the number originally shown? > > The Traffic Top view only looks at the first 1,000 traffic records that match your current filters. If you’re starting with a larger dataset (like traffic for an entire network or a long time window), you’re only seeing aggregations of those first 1,000 records—not everything. > > When you click on a number in the table to pivot (like clicking on port 53), the filters automatically narrow to just show traffic that matches that row. This pulls a fresh set of up to 1,000 records that all relate to that specific item, which is why you might see more detail than before. > > Want to dig deeper? You can exclude some of the top items from the current results. For example, if you add to the global filter:`&& srcip != 10.0.16.168 && srcip !=10.1.24.116`and click *Refresh*. This will filter out the most common entries and let you see more of what’s underneath.
### 🧪 Early Access: Infoblox NIOS as a DNS Traffic Source Fusion now supports DNS log ingestion from **Infoblox NIOS** via the new **netodns collector** (Early Access). It operates similarly to `netoflow` and runs as a syslog listener on a Linux host or container. This utilizes the Infoblox NIOS syslog output method to send query logs. To participate in the Early Access program:\ • Contact **Netography Support** to receive access to the netodns collector and deployment guidance. If you’re an Infoblox NIOS user and want to understand details of this integration or discuss alternative methods to ingest Infoblox NIOS resolver logs, reach out to discuss.

Infoblox NIOS is now supported as a DNS traffic source

### 👥 Roles/Permissions Updates **▶ Expand Roles Table to View Permissions** You can now expand roles inline (click the ▶) to quickly see associated permissions—no need to navigate into edit mode..

Expanded view of `admin` permissions in Role Page

✅ **New Permission: Send NetoDNS** A new permission has been added to correspond to the new Infoblox NIOS support and `netodns` collector. **Send NetoDNS** permission controls the ability to ingest DNS logs from a `netodns` collector.
### 🔐 Security Settings Update To streamline configuration, the **Global Security/SSO** page has been split into two pages:\ • **Password & Security**\ • **SSO** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/release-notes/2025/april-15-2025.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.