You can view the telemetry status of your firewalls under AdministrationFirewallsFirewalls. To view telemetry status on the Firewalls table, select Telemetry Enabled in the column selector. When you click on an individual firewall, the firewall details popup also displays the telemetry status. Firewall telemetry helps Device Security learn additional subnet details, such as VLAN and security zone based on NGFW interface. When enabling telemetry on your firewall, select Device Health and Performance and Product Usage to help Device Security learn subnet details.

We improved the AdministrationData Quality page to present more robust information on data quality issues, as well as guided workflows on how to improve the data. You can view three breakdowns: Basic Health Check, Low Inventory, and Missing Devices. Each breakdown provides a more granular view into gaps in your network visibility, as well as recommendations for improving visibility and coverage across your network.

Device Security supports using the Site attribute when defining the target devices in the Rule Engine Editor. You can access the Rule Engine Editor by going to AlertsCustom Alert Rules and creating a new custom alert rule or editing an existing alert rule.

When search for vulnerabilities using the query builder, you can now search by keyword, such as Apach log4j, or by advanced persistent threat (APT) associated with the vulnerability. The vulnerability keyword attribute maps to the NVD Title attribute on the Vulnerability Details page.

In the APT column in the vulnerabilties table, Device Security now displays the number of APTs associated with each vulnerability. Click on the APT number to view more information about the APTs.

You can now search for interfaces based on their MAC addresses, even when there are multiple MAC addresses for a single interface, or for multi-interface devices. When viewing interface information on a primary device's Device Details page, you can see the MAC addresses of the individual interfaces and the source from which those interfaces were learned.

Device Security updated the subnet monitoring workflow for a more intuitive experience. When you start or stop monitoring a block, all of its children networks (blocks and subnets) inherit the same monitoring status. You can vew the monitoring status of your network in the Networks table under NetworksNetworks and SitesNetworks.

When you stop monitoring a subnet, Device Security removes all of the devices and IP endpoints associated with that subnet. Device Security also resolves the alerts, and removes the vulnerability instances, associated with the subnet's devices. If you start monitoring the subnet again, Device Security adds the related assets back to the inventory, reopens alerts, and adds back the vulnerability instances.