Auto-resolve support for CTD-000001 and CTD-000033 threat signatures

Applies to

• Cayosoft Guardian 7.2 and later
• Threat signatures: CTD-000001, CTD-000033

Overview

In Cayosoft Guardian 7.2, threat signatures CTD-000001 and CTD-000033 are updated to support auto-resolve. As part of the threat signatures update process, these two threat signatures are re-created, and the system performs a one-time cleanup of certain existing alerts to avoid issues caused by older logic.

What has changed?

During the Update all threat alerts operation:

• CTD-000001 and CTD-000033 are re-created with the same names but with new GUIDs.
• The threat version is reset to a lower value (approximately 2, instead of the previous value around 100).

When the re-created CTD-000001 and CTD-000033 run for the first time:

• The system deletes all alerts in the Open state that are linked to the old GUIDs of CTD-000001 and CTD-000033.

NOTE: In some environments, alerts may have been duplicated due to previous logic. So, removing old open alerts helps to ensure the environment starts from a clean state under the updated logic.

Important notes

• This cleanup targets Open alerts associated with the old GUIDs.
• After cleanup, newly generated alerts will be associated with the new GUIDs.

After upgrading to 7.2, CTD-000001 and CTD-000033 will be auto-resolved based on their updated logic.

IMPORTANT: Threat detection logic remains unchanged.