At Stamus Networks, we measure releases by how much they improve the day-to-day work of security analysts and threat hunters. By that measure, Clear NDR® U42.2 is one of our most significant releases to date.
U42.2 focuses on two major areas: a completely redesigned Analyst Operations Console built to accelerate investigations, and a significantly expanded MCP toolset that deepens AI-assisted network investigation workflows.
The release also introduces 23 advanced protocol analytics dashboards, 32 new threat hunting filter sets, and expanded REST API coverage, and delivers industry unmatched performance and scalability improvements. Host Insights tracks over 60 security parameters per host simultaneously for an excess of 500 million hosts concurrently with minimal disk and memory requirements - all production deployment proven. This provides unparalleled Agentic AI calculation and token efficiency security data for each communicating host that touches the network. Scalability of deployments exceeding 500 probes is also addressed by the release.
The Analyst Operations Console (aka user interface) in U42.2 is a complete redesign focused on improving analyst speed, visibility, and investigation workflows.
As Clear NDR expanded its capabilities, reducing operational friction became a priority. The redesigned console streamlines navigation, improves access to raw network telemetry and investigation data, and helps analysts move more quickly from detection to response.
Enhanced visualizations and telemetry access. Updated charts, graphs, and investigation views make it easier to identify patterns, spot anomalies, and understand network activity during active investigations. U42.2 also brings deeper network telemetry data - protocol transaction logs, flow records, etc – directly into the hunting interface, enabling analysts to pivot from a Declaration of Compromise event to the underlying network logs with a single click – without leaving the investigation workflow.
Improved investigation workflows. The redesigned navigation and information architecture reduces the number of steps between an analyst’s question and the data needed to answer it. Common workflows have been streamlined to better reflect how investigations actually unfold, rather than how features are organized internally.
Customizable interface options. Analysts can now tailor the visual appearance – with multiple “skin” options – of the console to match their working preferences and environments. For teams operating across shifts, monitoring environments, or multi-screen workflows, these customization options improve long-term usability and operational comfort.
Richer contextual guidance. Expanded tooltips and in-context descriptions surface relevant information directly within investigation workflows, reducing the need to reference external documentation during active investigations. The goal is to keep analysts focused on investigation and response rather than searching for operational context.
Faster performance and responsiveness. The redesigned console improves page loads, data rendering, and navigation between investigation views, helping analysts work more efficiently during active investigations. In high-pressure scenarios, reducing delays in accessing and correlating information is an operational advantage.
The result is a more streamlined investigation experience with less context switching and faster access to the evidence analysts need to validate threats and respond effectively.
U42 introduced Clear NDR’s Model Context Protocol (MCP) integration, enabling AI agents and analysts to interact with network intelligence through natural language queries. U42.2 significantly expands those capabilities with four new MCP tools and enhanced investigation workflows designed to accelerate threat analysis and validation.
The expanded MCP toolset – to 14 tools – gives analysts and AI-assisted workflows deeper access to network telemetry, behavioral analysis, threat detection coverage validation, and high-confidence threat findings directly within the investigation process.
U42.2 expands MCP access beyond structured detections and summaries by enabling direct interaction with raw network telemetry stored within the Clear NDR data platform.
This capability supports deeper forensic analysis, advanced threat hunting, and custom investigation workflows that require access to underlying event data. Analysts and AI-assisted workflows can retrieve the precise telemetry needed for investigation without unnecessary abstraction layers or manual data retrieval steps.
When a new vulnerability or threat emerges, one of the first questions security teams ask is whether existing detections provide coverage. U42.2 enables analysts and AI-assisted workflows to search Clear NDR’s detection library using CVEs, malware families, protocol behaviors, and other indicators to validate detection coverage in seconds.
By bringing coverage analysis directly into AI-assisted investigation workflows, teams can assess exposure, validate detection readiness, and accelerate both proactive threat analysis and post-incident investigations.
One of the most important questions in threat hunting is understanding what is normal on the network and what is not. U42.2 expands MCP behavioral analysis capabilities by enabling frequency-based analysis across network telemetry and metadata.
Analysts and AI-assisted workflows can identify common behaviors to establish operational baselines or surface rare and unusual activity that may warrant investigation. This makes it easier to detect anomalies across enterprise, OT, and IoT environments where behavioral deviations often provide the earliest indicators of compromise.
In practice, teams can ask questions such as:
By combining behavioral analysis with high-fidelity network telemetry, analysts can more quickly distinguish routine activity from behaviors that deserve deeper investigation.
U42.2 introduces several enhancements to how Clear NDR’s highest-confidence threat findings are surfaced through MCP workflows.
Declarations of Compromise® and Declarations of Policy Violations® can now be filtered by declaration type or threat family, helping analysts and AI-assisted workflows focus more quickly on the findings most relevant to a specific investigation.
U42.2 also introduces direct hyperlinks from MCP findings into the Analyst Operations Console, allowing analysts to move directly from AI-assisted analysis into the underlying network evidence with a single click. An AI-assisted workflow surfaces a Declaration of Compromise® on a specific asset; the analyst selects the associated link and immediately pivots into the related investigation data and supporting telemetry within Clear NDR.
By reducing the need to manually navigate between investigation views and telemetry sources, this workflow significantly accelerates validation and response during active investigations.
U42.2 also improves MCP session initialization by ensuring AI-assisted workflows begin with the correct operational context and configuration data. This helps maintain consistency across automated investigation workflows operating at scale.
Clear NDR captures detailed protocol transaction data that provides analysts with deep visibility into network activity, communications, and behavioral patterns. U42.2 introduces 23 new advanced protocol analytics dashboards designed to make that telemetry more accessible during investigations and threat hunting workflows.
New dashboards provide dedicated visibility into areas such as proxy activity and SMB communications, helping analysts identify suspicious behaviors, investigate lateral movement, and analyze network interactions that are often difficult to surface through higher-level detections alone.
The new proxy discovery dashboards help analysts better understand proxy traffic patterns, an increasingly important area of visibility as attackers and malicious tooling rely more heavily on proxy infrastructure to obscure activity and evade detection.
The SMB analytics dashboards build on the SMB protocol enhancements introduced in U42, providing deeper visibility into file-sharing activity, session behaviors, and SMB communications that are frequently relevant during ransomware and lateral movement investigations.
All dashboards are accessible directly within the Analyst Operations Console, allowing analysts to pivot into deeper network telemetry without leaving the investigation workflow.
Threat hunting is most effective when analysts can move quickly from hypotheses to investigation. Building queries from scratch for every hunt slows that process, particularly in OT and IoT environments where protocol diversity and device behaviors make investigations significantly more complex.
U42.2 introduces 32 new pre-defined hunting filter sets designed to accelerate investigations across three primary areas:
By providing validated starting points for investigation, these filter sets allow analysts to spend less time constructing queries and more time analyzing suspicious activity, validating threats, and uncovering behaviors that might otherwise go unnoticed.
Security operations rarely happen within a single platform. U42.2 introduces new REST API endpoints that extend Analyst Operations Console capabilities into external integrations, SOAR platforms, ticketing systems, and custom automation workflows.
These enhancements make Clear NDR network intelligence more accessible across broader SOC operations, allowing teams to integrate investigation data, detections, and telemetry into the tools and workflows they already rely on.
For organizations building automated and AI-assisted security operations pipelines, the new API capabilities help extend high-fidelity network intelligence beyond the Clear NDR interface and into the broader operational ecosystem.
U42.2 introduces several infrastructure and scalability improvements designed for large enterprise deployments and managed security service provider (MSSP) environments.
The release improves the speed of configuration changes and threat detection updates across distributed deployments, reducing the time between detection updates being published and operational across the environment.
U42.2 also expands supported deployment scale to environments operating 500 or more probes while tracking over 60 security parameters for more than 500 million hosts, simultaneously.
These improvements strengthen Clear NDR’s ability to deliver high-fidelity network intelligence across large, complex, and highly distributed network environments without sacrificing investigative depth or operational performance.
U42.2 reflects a clear direction for the future of security operations. As organizations increasingly adopt AI-assisted investigations, agentic copilots, and automation workflows, the quality of the underlying intelligence becomes critical.
AI systems are only as effective as the data and context available to them. For security operations, that means access to deep, high-fidelity, and trustworthy network intelligence that supports investigation, validation, and response workflows.
Clear NDR is designed to provide that foundation. The expanded MCP toolset extends AI-assisted investigation capabilities deeper into network telemetry and threat analysis workflows. The redesigned Analyst Operations Console helps analysts move more quickly from surfaced findings to supporting evidence. New dashboards, hunting filter sets, API integrations, and scalability improvements further extend that intelligence across the broader security operations ecosystem.
This is what Stamus Networks means by the network intelligence foundation for AI-assisted security operations: delivering the visibility, telemetry, and investigative context needed to support faster and more effective security decisions.
U42.2 is one of the clearest expressions of that strategy to date.
Current customers can access the U42.2 update through the My.Stamus portal.
Considering Clear NDR? See the new capabilities in action or get a tailored pricing quote:
For more information, visit www.stamus-networks.com or contact your Stamus Networks account representative.
If you’d like to meet with one of our engineers (or me) for a live demonstration of this hot new version of Clear NDR, please let us know here >>