What’s New? - 2.12.0
Security-Led Growth
In Release 2.12 of Superna Cyberstorage for Dell, we’re taking purposeful steps to support the evolving needs of security teams.
As data threats grow more sophisticated, our focus is on giving customers earlier insight, faster response capabilities, and tighter integration into the tools already in use. These updates make the platform a more natural extension of established security operations.
What's to come
Soon: Threat Hunting
Threat Hunting introduces a new layer of proactive defense, designed specifically for detecting signs of insider threats and data exfiltration before damage is done. This feature adds behavioral analytics and real-time threat scoring to help security teams identify suspicious activity earlier in the attack cycle.
Delivered as a separate appliance, Threat Hunting is installed and configured alongside the core platform. It incorporates advanced machine learning models for anomaly detection, representing a significant evolution in how security intelligence is applied within the platform. By surfacing unusual user behavior and integrating directly with existing security operations tooling, Threat Hunting enhances visibility and accelerates response.
What's New?
Features
Seamless SMB Failover
Disaster Recovery 2.12 introduces a new failover option that improves SMB client experience during Access Zone and IP pool failovers.
Seamless SMB Failover allows SMB clients to reconnect automatically during failover events, without needing to remount shares. In addition, failover readiness checks now include visibility into the number of connected SMB clients per Access Zone or IP pool, helping administrators evaluate impact before failover.
This feature reduces failover complexity and helps lower the risk of service disruption in SMB environments.
ECA Sanity Check
Originally developed as internal support tooling, the ECA Sanity Check is now available as a customer-facing troubleshooting utility. It provides a lightweight way to diagnose common issues in complex ECA-based deployments.
- New ECA Sanity Check Button: Added to the Manage Services window. When clicked, it launches the ECA Sanity Check tool.
- On-Demand Analysis: Triggers a script that collects and analyzes ECA health and configuration data. No background service required.
- Interactive Modal UI: Results are displayed directly in a modal window—similar to the SG log viewer—for immediate visibility and sharing.
- Faster Support Escalations: The report can be copied and shared with Superna Support to accelerate issue resolution.
This tool helps administrators quickly detect and report potential misconfigurations or service issues, streamlining both self-service troubleshooting and support handoff.
Pre- and Post-Script Hooks for Smart Airgap - ECS
In Smart AirGap 2.12, ECS-based deployments gain the ability to run pre- and post-job scripts as part of scheduled AirGap operations.
This feature allows execution of custom logic at the beginning and end of each job window. Scripts can perform tasks such as enabling or disabling network interfaces, triggering alerts, updating external systems, or interacting with security infrastructure.
Running 10+ ECS-Sync Jobs in a Single Vault Agent
ECS-Sync UI supports up to ten active jobs at a time. To overcome this limitation while keeping operations reliable, the vault agent now offers three new features:
- Automatic Job Archiving – completed jobs are removed from the ecssync to free up slots.
- Job Queueing – To support scheduling more than 10 jobs at a time, all jobs are placed in a queue. A maximum of 10 jobs run concurrently, while the remaining jobs wait in the queue until slots become available.
- Job Cloning – This is useful for easier initial setup of the jobs: existing jobs can be duplicated quickly with new credentials or buckets.
OEM Licensing
Branding Update
Eyeglass can now load both Superna Core Agent or OEM licenses onto the same appliance. Loading an OEM license while the desktop view displays Superna branding will replace the Superna branding with Dell branding. This is the only instance in which the branding will change.
Improvements
24-Hour User Activity via ZeroTrust API and Webhooks
Security teams need immediate answers when suspicious activity is detected. As part of this release, Superna has enhanced webhook payloads to support faster investigation workflows by delivering a snapshot of recent user activity—specifically targeting the critical 24-hour window that incident response teams rely on.
This enhancement builds on the ZeroTrust API and webhook integrations by introducing an automated way to retrieve and return user activity data. When a third-party security tool (e.g., CrowdStrike, Splunk) receives an event via webhook, a request can be made back to Superna to generate a detailed user activity report. Once generated, this report is sent back through the same webhook channel, enriching the original event with context that helps determine whether an actual threat is present.
Advanced Learned Threshold Settings Enabled by Default
Learned thresholds for global users, paths and groups were introduced in 2.9.0. This feature is now automatically enabled and helps reduce the number of false positive alerts.
NFS Monitor Mode Manual Lockout
Automated lockout is not recommended for NFS, as it can cause stale file access issues. Nonetheless, in certain cases it may be necessary to lockout nfs users. Admin users can now manually lock out the user through the actions window the event.
Configurable RSW username format
In 2.12, a new command allows setting the username format used across RSW features:
igls rsw usernameformat --format=UPN/DLLN
UPNformat:user@domainDLLNformat:domain\user
The setting applies to RSW events, snapshots, and lockout notifications.
In 2.10, events used UPN and snapshots/lockouts used DLLN.
In 2.11, lockout emails changed to UPN for consistency with the UI.
To restore 2.10 behavior,
igls rsw usernameformat --format=UPN
Platform support
PowerScale OneFS 9.11.0 Support
Dell Cyberstorage 2.12.0 now adds support for PowerScale OneFS 9.11.0, ensuring compatibility with the latest Dell storage platform release. This includes full support across all product components including Disaster Recovery, Data Security, and AirGap.
What's Next?
Upgrades and Updates
Update sudoer permissions for Seamless SMB Failover
Seamless SMB Failover requires an update to the PowerScale sudoers file. This change allows the system to collect connection information.
Use the isi_visudo command to safely open and edit the sudoers file.
Add the following line:
eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array netstat*
ECA iptables Configuration for Threat Hunting Module
Changes to eca iptables related to the threat hunting module do not persist after upgrade. Make sure to update /opt/superna/eca/scripts/eca_iptables.sh with the sudo /usr/sbin/iptables -A $CHAIN -p tcp --dport 9092 -s x.x.x.x -j ACCEPT before clustering up eca to ensure connection succeeds between eca and the threat hunting module.
Release Notes
The release notes provide detailed information on fixes, known issues, and limitations introduced or identified in this version.
Refer to this document for visibility into the state of the release.
What's New in Documentation?
Would you like to receive notices about releases for Superna Cyberstorage?
We've created the What's New? feed to keep you up to date on releases and technical advisories. Subscribe using RSS or Atom.
Improvements
Improved Search
Search updates - version, solution, improved indexing
2.12.0 Feature Documentation
Seamless SMB Failover
The following documentation explains how the feature supports client connectivity during failover and includes links to relevant configuration and operational content.
ECA Sanity Check
Use this lightweight troubleshooting tool to scan your ECA environment for common issues. Run it on demand, review the results directly in the UI, and accelerate resolution by sharing logs with Support.
Webhooks and ZeroTrust API
New documentation is available for the user activity reporting workflow introduced in this release.
This guide outlines how to configure and use Superna’s webhook and ZeroTrust API integration to generate and return a 24-hour snapshot of file access activity for a specified user.