New: Detection of AS-REP Roasting

Netwrix Threat Manager can now detect AS-REP Roasting attacks, in which adversaries steal the password hashes of user accounts that have Kerberos pre-authentication disabled. The attackers can then crack those credentials offline and use them to access IT resources and escalate their privileges.

New: Detection of SPN Assigned to Privileged Account

Netwrix Threat Manager can now detect when a ServicePrincipalName (SPN) is added to a privileged account, which makes the account vulnerable to Kerberoasting. In a Kerberoasting attack, adversaries exploit the Kerberos protocol to extract password hashes from user accounts with SPN values.

New: SAML and OpenID Connect Integration

Seamless integration with SAML and OpenID Connect now enables single sign-on (SSO) for accessing Netwrix Threat Manager, streamlining the login process for users.

Enhancement: Netwrix StealthiNTERCEPT Integration

Netwrix Threat Prevention reporting data is now available directly from the Threat Manager interface.

Enhancement: Investigation Subscriptions

Netwrix Threat Manager investigations can now be scheduled to run on a recurring basis, creating reports that can be exported or emailed to specified users.

Enhancement: Rebranding

Netwrix StealthDEFEND is now Netwrix Threat Manager. The reporting module, which is used by Netwrix Threat Prevention, has also been updated to reflect this change.

Other changes have been made to improve the administration experience and performance.

Bug Fix List

See the Netwrix ThreatManager v2.8 - Bug Fix List. for a list of bugs fixed in this version.