Skip to main content


Version 24.2.0



  • New HTTP clients table on Alert details page to inspect attack sources
  • Updated CLI with new automation features, including license activation and rule management
  • New Attack trends chart on Dashboard
  • New telemetry module to enable shared threat intelligence
  • Hosts can be associated to an existent Domain Group from the Assets - Hosts page
  • New filter that allows to show/hide Hosts associated with a Domain Group on Assets - Hosts page
  • New targets on Custom Rule creation
  • Network rule automation can be enabled for specific Domain Groups, Hosts or attack types
  • Detection can be disabled for specific response codes or client IPs
  • Hosts not assciated with a Domain Group that are not seen by the software for a configurable amount of time will be deleted


  • Improved Path Traversal and Bruteforce detection modules
  • Improved concurrency and efficiency on main Seer Box Engine processes
  • The loading times of the Alert page have been drastically reduced
  • The loading times of the Metrics data have been drastically reduced
  • Oplon WAF rule translation

Version 24.1.2



  • Bug blocking sending of application rules to Oplon WAF
  • Bug preventing network rule syncronization after their expiration date
  • Wrong IP validation on Seer Box GUI input fields


  • Generic Oplon firewall integration is now split in Oplon WAF and Oplon Firewall for IP blacklisting


  • Prevent alert detection for specific subset of status codes

Version 24.1.1



  • Bug blocking license validation process after license service disruption
  • Error while inserting User Agent data related to alerts
  • Minor fixes


  • Redundant dependency on Seer Box GUI container image

Version 24.1.0



  • New Audit Logs section on Seer Box web interface
  • New Seer Box Sentinel component to enable distributed traffic monitoring
  • Built-in support for standard NCSA log formats
  • Alert will be automatically ignored after a configurable amount of time
  • New filters available on Alerts, Rules, Legitimates and HTTP Traffic pages
  • Sample configurations for Kubernetes-based deployments


  • HAProxy log format now supports more fields, including HTTP request body
  • Docker-based deployments now support host directory bind mounts
  • Notifications destination now allows hostnames


  • Type mismatch exception on report creation
  • Bug preventing Seer Box Engine from restarting its listeners
  • Bug preventing Seer Box Engine to properly cache metrics and trends
  • PostgreSQL connections are now limited to allow reuse
  • no data warning on Dashboard traffic chart
  • Report generation on Docker-based deployments
  • Editing an existing SIEM Notification resets the log format to CEF