Exclusive Webinar:

Join us Oct. 6 as Rockwell Automation & Dragos CEOs reshape the way you approach cybersecurity in manufacturing.

Skip to main content
The Dragos Blog

07.28.23 | 1 min read

Changing How We Release Knowledge Packs

Dragos, Inc.

One of the reasons our customers regularly tell us they choose Dragos Platform in their OT cyber deployments, is because of the trust they have in the types of content we bundle in. This includes threat detections and vulnerability knowledge-base details produced by our intel teams, as well as many other exclusive and carefully curated analytics, traffic dissectors, and field-ready response playbooks. Because of their essential role in how the Dragos Platform operates, we want to inform the community that we’re changing how we release knowledge packs.

Historically, most of these updates have been delivered collectively through regular Knowledge Packs (KPs) every several weeks. Over time, the size and complexity of the KPs created overhead that delayed how quickly updates were getting into the hands of customers. In today’s rapidly evolving regulatory and threat landscapes, this created the potential for deployment gaps between the point at which a threat or vulnerability is first identified, and when that information could be codified, tested, and operationalized in production environments.

Here’s what’s changing

Starting this month, we will be introducing a more robust process to decouple certain content types into two Knowledge Pack release categories that will allow us to get timely updates to customers quicker, while prioritizing key engineering resources on regression and performance testing for less frequent updates that are closer to platform internals.

Here’s how we will be splitting the content updates moving forward:

  1. ‘Knowledge Packs’ (KPs) – Released on a weekly basis and only includes new IOCs and vulnerabilities.
  2. ‘Knowledge Pack Plus’ (KP Plus) – Released on a quarterly basis. They include the IOCs and vulnerabilities from that week plus any new protocol dissection engines, new detections, playbooks, dashboards, and other minor code changes. Hence the name ‘KP Plus’

Full details on the release versioning schema and Platform compatibility will be available through the customer portal and any questions can be directed to your account team.

Ready to put your insights into action?

Take the next steps and contact our team today.