ThreatSync+ NDR Release Notes

ThreatSync+ NDR extends the existing ThreatSync functionality in WatchGuard Cloud and offers enhanced network detection and response, network device identification, and advanced reporting for Fireboxes, third-party firewalls, and LAN infrastructure.

For a full description of ThreatSync+ NDR features and functionality, go to ThreatSync+ NDR Help.

Release Information	Date
Latest ThreatSync+ NDR Update	15 May 2025
Release Notes Revision Date	15 May 2025

Latest Release

Release Date: 15 May 2025

Enhancements

Device counts are now simplified with consistent device and subnet counts in the ThreatSync+ UI. On the Network Summary page: [NDR-2942]
- The Total Devices widget is renamed to Total Active Devices and shows active devices seen in the last 7 days.
- The table on the Devices tab was moved to the Total Active Devices widget. You can now view details about devices seen in the last 24 hours, 7 days, 30 days, or customize the date selection up to the last 45 days.
- In the Total Active Devices widget, the Origin filter is now the Devices filter with options to select All Active Devices, and Active User Created Devices.

For more information, go to About the ThreatSync+ Summary Page in Help Center.

Resolved Issues

Minor updates and bug fixes.

Previous Releases

Release Date: 8 May 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 1 May 2025 (Minor Updates)

Resolved Issues

When you configure a ThreatSync+ NDR policy to block an external IP address automatically, policy alerts and traffic logs no longer show activity from the blocked IP address. [NDR-2891]
The table on the Devices tab of the Network Summary page no longer includes an OS column. [NDR-2926]
Minor updates and bug fixes.

Release Date: 24 April 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 17 April 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 10 April 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 3 April 2025 (Firebox IP Address Remediation, Notification Rules)

New Features

Firebox IP Address Remediation

You can now block or unblock IP addresses in ThreatSync+ NDR. You can perform actions on IP addresses manually or configure automatic block actions with a ThreatSync+ NDR policy. For more information, go to Configure Firebox Remediation and All IP Addresses in Help Center.

Enhancements

When you configure ThreatSync+ NDR notification rules, you can now select these additional notification types:

IP Addresses are Automatically Blocked
IP Addresses are Manually Blocked
IP Addresses are Manually Unblocked

For more information, go to Configure ThreatSync+ Alerts and Notification Rules in Help Center. [NDR-2609]

Resolved Issues

Minor updates and bug fixes.

Release Date: 27 March 2025 (ThreatSync+ Alerts, Compliance Reporting)

Enhancements

You can now bundle ThreatSync+ alerts for policies and set the time duration for bundled alerts. You can bundle notifications by:
- Policy
- Policy and Source
- Policy, Source, and Destination

For more information, go to Configure ThreatSync+ Alerts and Notification Rules in Help Center.[NDR-2052]

Two additional defense goal reports are now available with WatchGuard Compliance Reporting:
- Network and Information Security Directive (NIS2)
- Digital Operational Resilience Act (DORA)

ThreatSync+ NDR provides the network data required by these reports. To use Compliance Reporting, you require a ThreatSync+ NDR license and a Compliance Reporting license. For more information, go to About WatchGuard Compliance Reporting in Help Center. [NDR-516]

Resolved Issues

Minor updates and bug fixes. [NDR-2833]

Release Date: 20 March 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 13 March 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 6 March 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes. [NDR-2670]

Release Date: 27 February 2025 (Total Devices Widget, Device Count)

Resolved Issues

The Total Devices widget now works as expected when Monitor only my critical systems is selected on the Manage Subnets page. [NDR-1322]
The active device count for a ThreatSync+ NDR license now shows the correct number of active devices. [NDR-2218]
Minor updates and bug fixes. [NDR-2597]

Release Date: 20 February 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 13 February 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes. [NDR-2274, NDR-2514]

Release Date: 6 February 2025 (Device Types and Roles)

Enhancements

You can now select new device types and roles when you add a new device on the Devices page. [NDR-2410]

Resolved Issues

On the Devices page, the correct device type now shows when you add a new device. [NDR-2241, NDR-2452]
Minor updates and bug fixes.

Release Date: 30 January 2025 (Notification Rules)

Enhancements

You can now select to receive emails for notification rules in JSON format. [NDR-2231]

Resolved Issues

Minor updates and bug fixes.

Release Date: 23 January 2025 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 16 January 2025 (Traffic-Based Policies)

Enhancements

Traffic-based policies now show an Activity column on the Policy Alerts Details page. This value is the sum of the destination activities by source. [NDR-2222]

Resolved Issues

Minor updates and bug fixes. [NDR-2180, NDR-2258]

Release Date: 9 January 2025 (Notification Rules)

Enhancements

When you configure ThreatSync+ NDR notification rules, you can now select these additional notification types:
- No DHCP Logs Received from a Source
- DHCP Logs Received from a Source
- No NDR Collector Heartbeat Detected
- NDR Collector Heartbeat Detected
- No NetFlow Logs Received
- NetFlow Logs Received
- No NetFlow Logs Received from a Source
- NetFlow Logs Received from a Source

For more information, go to Configure ThreatSync+ Alerts and Notification Rules in Help Center.

In the ThreatSync+ Integrations UI, you can now mute collector failure notifications and configure which log sources have collector failure notifications muted. [NDR-1628]

Resolved Issues

Minor updates and bug fixes. [NDR-2202, NDR-2242]

Release Date: 19 December 2024 (Minor Updates)

Resolved Issues

The correct warning message now shows when you deallocate a ThreatSync+ NDR license. [WCD-22293]
Minor updates and bug fixes. [NDR-2002]

Release Date: 12 December 2024 (MSSP Report)

Enhancements

The Managed Security Service Provider (MSSP) Report now includes a Weighted/Unweighted policy alerts score and updated metrics. [NDR-1705].

Resolved Issues

Minor updates and bug fixes.

Release Date: 5 December 2024 (Policy Alert Details Page)

Enhancements

The Policy Alert Details page now shows What to Look For text that provides information about the type of policy alert and recommendations on how to tune the policy. [NDR-1705]

Resolved Issues

In the ThreatSync+ Integrations UI, the Windows Log Agents tab now shows detailed Windows Log Agent information. [NDR-1849]
Minor updates and bug fixes. [NDR-1460, NDR-1719]

Release Date: 28 November 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes. [NDR-1734]

Release Date: 21 November 2024 (ThreatSync+ SaaS GA)

New Features

Initial release of ThreatSync+ SaaS. For information about ThreatSync+ SaaS, go to Introduction to ThreatSync+ SaaS in Help Center.

Resolved Issues

Minor updates and bug fixes.

Release Date: 14 November 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes. [NDR-1471, NDR-1487, NDR-1702]

Release Date: 7 November 2024 (Collection Agent for Linux)

New Features

ThreatSync+ NDR Collection Agent for Linux

You can now enable and configure the ThreatSync+ NDR Collection Agent for Linux to collect logs from devices and provide real-time collector status. For more information, go to Configure Collectors for ThreatSync+ NDR (Linux Computers) in Help Center.

Enhancements

The ThreatSync+ NDR Collectors menu has moved to Configure > ThreatSync+ Integrations. [NDR-764]
On the Manage Devices page, you can now select Phone or Tablet as a device type when you create a device. [NDR-1642]
The ThreatSync+ NDR Collection Agent for Linux now shows an Initialization status when the collector is being installed by the WatchGuard Agent. [NDR-1453]

Resolved Issues

Minor updates and bug fixes. [NDR-1562, NDR-1666]

Release Date: 31 October 2024 (WatchGuard Agent Installer Download Link)

Enhancements

The Download WatchGuard Agent Installer dialog box now includes a Copy Download URL link. [NDR-1492]

Resolved Issues

Minor updates and bug fixes. [NDR-1466, NDR-1562]

Release Date: 24 October 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 17 October 2024 (Linux Collection Agent)

New Features

ThreatSync+ NDR Collection Agent for Linux (Beta)

You can now enable and configure the ThreatSync+ NDR Collection Agent for Linux to collect logs from devices and provide real-time collector status. To learn more or to report an issue, go to the ThreatSync+ NDR Beta test community.

Resolved Issues

Minor updates and bug fixes.

Release Date: 10 October 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 3 October 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 26 September 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 19 September 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 12 September 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 5 September 2024 (MSSP Reports)

New Features

Managed Security Service Provider (MSSP) Reports

You can now generate and schedule a Service Provider Summary Report for your managed accounts in WatchGuard Cloud. For more information, go to Schedule ThreatSync+ NDR Reports in Help Center.

Resolved Issues

Minor updates and bug fixes.

Release Date: 29 August 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 22 August 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 15 August 2024 (Minor Updates)

Resolved Issues

This release resolves a display issue with the Traffic page. [NDR-595]
Minor updates and bug fixes.

Release Date: 8 August 2024 (Data Deletion Behavior - Trials/Licenses)

Enhancements

WatchGuard Cloud now deletes ThreatSync+ NDR data for an account when:
- The ThreatSync+ NDR license expires
- You deallocate the license to 0 users
- You cancel an active ThreatSync+ NDR trial

A new message warns operators that the data will be deleted in seven days. After seven days, data is deleted and operators cannot access the ThreatSync+ NDR management UI. Deleted data cannot be restored.

For more information, go to FAQs for ThreatSync+ NDR Licensing. [NDR-433, NDR-434, NDR-435, NDR-645, NDR-647, NDR-648, NDR-649, NDR-650]

Resolved Issues

This release resolves a display issue with the Traffic page. [NDR-595]
Minor updates and bug fixes.

Release Date: 1 August 2024 (Subnets and Organizations)

Resolved Issues

You can now control how much of your network ThreatSync+ NDR monitors. [NDR-476]
Minor updates and bug fixes. [NDR-889]

Release Date: 25 July 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 18 July 2024 (Minor Updates)

Resolved Issues

Minor updates and bug fixes.

Release Date: 11 July 2024 (Traffic Page)

Enhancements

The Traffic page now shows the Alert Severity Scale when specific anomaly types are selected with the Events Data Source. [NDR-666]

Resolved Issues

The ThreatSync+ NDR UI now shows Monitor and Configure pages as expected. [NDR-641]
Minor updates and bug fixes. [NDR-637, NDR-577, NDR-694]

Release Date: 4 July 2024 (Activity by Source Device Table)

Resolved Issues

Helpdesk operators now have the expected read-write permissions in ThreatSync+ NDR. [NDR-578]
The Activity by Source Device table now shows FireClusters as a device type. [NDR-366]
The Activity by Source Device table now shows data for all dates selected. [NDR-639]
Minor updates and bug fixes.

Release Date: 27 June 2024 (ThreatSync+ NDR GA)

New Features

Initial release of ThreatSync+ NDR. For information about ThreatSync+ NDR, go to Introduction to ThreatSync+ NDR in Help Center.

© 2025 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.