We are happy to announce two new open-source releases that together complete a fully automated, intelligence-driven security operations pipeline, closing the loop on hybrid rule-based and AI-driven threat detection and response. IDPS-ESCAPE (v0.7 + v0.8) brings the most significant functional leap since RADAR was introduced: RADAR risk engine — a principled weighted fusion model combining anomaly detection signals, signature-based risk, and live CTI scores into a three-tier automated response: notification, remediation with case creation, and full host isolation DECIPHER integration — a fully operational client that queries CTI from MISP, fuses scores into RADAR’s risk model, and opens structured Flowintel incident cases automatically — no manual SOC intervention needed SONAR — a multivariate anomaly detection engine for Wazuh, powered by the deep learning algorithm MTAD-GAT, with a YAML-based scenario system for repeatable, code-free detection workflows, and debug mode for offline train-detect cycles without a live Wazuh instance SATRAP-DL (v0.4) delivers the other side of that integration: DECIPHER — an open-source REST microservice for automated, IOC-based severity-confidence scoring of security alerts backed by MISP threat intelligence and prioritized Flowintel case creation PyFlowintel — a clean Python library wrapping the Flowintel API, enabling programmatic case management One-command deployment of the full stack: DECIPHER + MISP + Flowintel Together, these two releases close the MAPE-K loop end-to-end: RADAR detects a threat → DECIPHER enriches it with live CTI → a risk score drives the right automated response → a prioritized Flowintel incident case lands in the analyst’s queue. Entirely open-source.

We are excited to announce C5-DEC CAD v1.2 – our open-source, AI-enabled toolkit for computer-aided secure system design, development, and evaluation. C5-DEC CAD unifies Common Criteria (CC) tooling, SSDLC traceability, compliance workflows, cyber-physical system security assessment, cryptography, and resource management in one repository-centric platform. C5-DEC CAD helps teams run a complete secure-by-design workflow in one place: Common Criteria engineering support with structured knowledge and specification workflows   End-to-end requirements, design artifacts, tests, and traceability built on our SpecEngine subsystem Practical SSDLC tooling for compliance, threat modelling, risk analysis, documentation, and evidence generation via our DocEngine What’s new in v1.2:  CRA compliance module: Annex I checklist, Annex VII technical documentation generation, Annex V EU Declaration of Conformity, with support for Default, Class I, Class II, and Critical classes    SBOM lifecycle management: Syft-based generation (CycloneDX/SPDX), validation, diffing, traceability, and CRA cross-verification    Native cryptography module: PQC, SHA-256 integrity checks, GnuPG signing/encryption, Shamir’s Secret Sharing, and digital signatures    Expanded CPSSA: threat model generation (OWASP pytm/Threagile-compatible), FAIR-based quantitative risk analysis, STRIDE-based reporting   SpecEngine and DocEngine enhancements: richer traceability visualization, interactive specification browser, traceability statistics, Mermaid rendering pipeline, design artifact hygiene utilities, and CRA-ready report/presentation templates  Also in v1.2: completed CC:2022 knowledge base content, stronger Docker hardening, and a significantly expanded test suite.

Interview with Lëtzebuerger Gemengen,translation  by  itrust  consulting. While the NIS2 Directive requires European organisations to achieve a significantly higher level of maturity in terms of security monitoring, SMEs face a disproportionate challenge: meeting detection, remediation and documentation requirements while operating with limited resources. In this context, itrust Abstractions Lab and itrust consulting are introducing an open technology stack based on two complementary systems developed as part of the CyFORT project: IDPS-ESCAPE (Intrusion Detection and Prevention System – Enhanced Security through a Cooperative Anomaly Prediction Engine), dedicated to intrusion detection and prevention, and SATRAP-DL (Semi-Automated Threat Reconnaissance and Analysis Powered by Description Logics), focused on cyber threat intelligence (CTI), contextualisation, correlation and incident management. The three key subsystems — SONAR and RADAR for IDPS-ESCAPE, DECIPHER for SATRAP-DL — form a continuous chain from collection to analysis, from CTI enrichment to remediation, to the creation of structured cases in the open source flowintel platform, which offers tight and robust integration with the MISP ecosystem developed by CIRCL in Luxembourg, among others. This philosophy extends the one that guided the creation of IDPS-ESCAPE and SATRAP-DL: to provide free, transparent and auditable solutions to help organisations comply more easily with NIS2 obligations at low implementation costs and promoting internal control. “IDPS-ESCAPE & SATRAP-DL complete the SOAR mission while strengthening NIS2 compliance.” A dual architecture to meet all NIS2 requirements IDPS-ESCAPE was initially designed as a platform combining sensors, an AI engine and automation to reduce false positives and help critical and important entities fulfil their continuous monitoring obligations. SATRAP-DL now complements this suite by adding an essential dimension: structured analysis of cybersecurity threats, comprehensive incident handling, and the ability to automatically link detection to an institutionalised, documented response that complies with regulatory expectations. In practice, IDPS-ESCAPE provides technical monitoring and active response, i.e. the ability to identify, classify and prioritise anomalies using rules, statistical models and multivariate algorithms, as well as activate defensive actions. SATRAP-DL, with DECIPHER, provides the management layer, i.e. enrichment, advanced CTI analysis, case creation, correlation, escalation and documentation. This separation provides organisations with greater clarity: IDPS-ESCAPE deals with ‘what is happening’, while SATRAP-DL deals with ‘what is being done about it’. Together, they meet both the detection and incident management requirements of NIS2. RADAR: SOAR execution within IDPS-ESCAPE   RADAR is the executive component of IDPS ESCAPE, transforming alerts into real action. It is based on SOAR principles: orchestrate, automate… Read more »

Abstractions Lab announces the release of IDPS-ESCAPE v0.6, now available on GitHub. This release continues the evolution initiated with the introduction of the RADAR subsystem in v0.4, and significantly strengthens IDPS-ESCAPE’s position as an open, modular, and research-driven SOAR (Security Orchestration, Automation, and Response) platform. Following the functional expansion delivered throughout the v0.5 series, v0.6 focuses on consolidation, robustness, and maintainability. The release enhances RADAR’s operational scenarios, improves transparency through detailed documentation, and refactors the automation layer to support long-term evolution and reproducibility. The current scenario set includes signature-based detection for suspicious login and GeoIP-based whitelist-based detection and an anomaly-detection scenario using RRCF for monitoring log volume change. Click here to read the whole article

The CNIL¹ has published a study entitled ‘What are the economic benefits of having a DPO in a company?’, which shows that appointing a Data Protection Officer (DPO) offers companies more than just compliance and legal protection; it also provides them with a valuable economic resource. Here is an overview of the main benefits identified by the study: Competitive advantage: GDPR compliance reassures customers and increases the chances of winning bids. Reduced risk of penalties: the DPO prevents data breaches and safeguards the company’s reputation. Fewer data leaks: its action enhances security and reduces the impact of cyberattacks. More efficient data management: less unnecessary storage, reduced costs, and better internal organization. A profitable investment: companies that view compliance as a lever reap measurable benefits. You can find the entire CNIL study in original French language here:https://www.cnil.fr/fr/quels-benefices-economiques-du-dpo-en-entreprise [1] Commission Nationale de l’Informatique et des Libertés, is the French Data Protection Authority.