AhnLab EPP

Subscribe
Download 446
Last updated May 20, 2026

Releases

|
1.4.2605.0

Parser Improvements

  • Added 6 CEF Log Types:

  • EDR_ALERT_DETECT, EDR_INOUT_FLOW, APRM_AGENT_EVENT, APRM_PRIVACY_INFO_EVENT, APRM_PRIVACY_LEAKAGE_EVENT, APRM_PRINT_EVENT

  • Added 16 JSON Log Types:

  • AGENT_CONNECTION_STATUS_EVENT, AGENT_EVENT, AGENT_HW_ALL, AGENT_INSTALL_PKG_EVENT, AGENT_SW_ALL, AGENT_TASK_STATUS, APM_AGENT_EVENT, APM_PATCH, APM_SW, AUDIT_EVENT, PATCH_UPDATE_EVENT, PKG_DIST_EVENT, SERVICE_EVENT, UPDATE_EVENT, V3_INTERNET, V3_SCAN, V3_SUP

  • Improved MAC address normalization

  • Enhanced performance for time value/timestamp processing

  • Added array handling for log_string_args

  • Improved file path escape handling

  • Resolved type conversion errors in code mappings

Query Command Improvements

  • Added Query Commands and Enhanced Options:
  • ahnlab-epp-query: Interface ID-based DB query lookup (New)
  • ahnlab-epp-nodes: Added interface-id option (Modified)
  • ahnlab-epp-match-node: Added interface-id option (Modified)
  • ahnlab-epp-search-file-result: Added interface-id option and improved error response handling (Modified)
  • Added timeout settings
  • Improved resource cleanup logic
  • Enhanced error handling logging

Schema / Model / Resource Improvements

  • Added 6 new log schemas and applied them to the collection model
  • Added APrM-related log templates
logpresso-ahnlab-epp-1.4.2605.0.app (257,929 bytes)

May 20, 2026, 2:08:55 PM

1.3.2512.1

Minor modification of detection rules

  • Exploit Detected rule: Added exception condition for Exploit/Win.MagicLineX
  • CoinMiner Detected rule: Changed rule name
  • Phishing Detected rule: Removed unnecessary exception condition from first search command
logpresso-ahnlab-epp-1.3.2512.1.app (232,394 bytes)

Dec 18, 2025, 12:17:30 AM

1.3.2512.0

Added 13 MITRE ATT&CK TTP detection rules

logpresso-ahnlab-epp-1.3.2512.0.app (232,415 bytes)

Dec 2, 2025, 10:53:13 PM

1.2.2410.1

Improved error when a CEF field has an empty value that requires casting

logpresso-ahnlab-epp-1.2.2410.1.app (229,181 bytes)

Nov 11, 2024, 4:31:55 PM

1.2.2410.0

Add supported log types (log format)

  • EDR_V3_DETECT (CEF)
  • EDR_AGENT_EVENT (CEF)
  • EDR_OS_EVENT (CEF)
  • AGENT_TASK_STATUS (CEF)
  • AGENT_SW_ALL (CEF)
  • AGENT_HW_ALL (CEF)
  • SERVICE_EVENT (JSON)
  • AUDIT_EVENT (JSON)
  • ESA_EVENT (JSON)
  • V3_MALWARE (JSON) - Add fields

Support for profile parameter in EPP extended query commands

logpresso-ahnlab-epp-1.2.2410.0.app (229,144 bytes)

Oct 21, 2024, 8:57:48 PM

1.1.2311.1

Changes

  • Improved parser to correct CEF format inconsistencies (missing escapes) in EDR_POWER_SHELL logs to be parsed
logpresso-ahnlab-epp-1.1.2311.1.app (218,836 bytes)

Mar 5, 2024, 12:51:05 AM

1.1.2311.0

Added parser, logger model, and dashboard.

  • Support EPP 1.0.14 version.
logpresso-ahnlab-epp-1.1.2311.0.app (217,654 bytes)

Nov 27, 2023, 4:53:41 PM

1.0.2205.0

First release. Support following commands:

  • ahnlab-epp-ack-unknown
  • ahnlab-epp-block-network-result
  • ahnlab-epp-collect-ahnreport-result
  • ahnlab-epp-collect-file-result
  • ahnlab-epp-match-node
  • ahnlab-epp-nodes
  • ahnlab-epp-search-file-result
  • ahnlab-epp-start-block-network
  • ahnlab-epp-start-collect-ahnreport
  • ahnlab-epp-start-collect-file
  • ahnlab-epp-start-search-file
  • ahnlab-epp-start-unblock-network
  • ahnlab-epp-start-v3-scan
  • ahnlab-epp-tasks
  • ahnlab-epp-unblock-network-result
  • ahnlab-epp-unknown-behaviors
  • ahnlab-epp-unknown-detail
  • ahnlab-epp-unknowns
  • ahnlab-epp-v3-scan-result
logpresso-ahnlab-epp-1.0.2205.0.app (118,826 bytes)

May 22, 2022, 8:35:15 PM