Release Notes
What’s New in this Release
Build 2.10.0.1.6 (July 24, 2023)
NFO Security Update
This security update addresses the following vulnerabilities:
- OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN
- AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
- Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
- SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO
- OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
- Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
- Json-smart 2.4.10 (CVE-2023-1370)
Downloads:
Build 2.10.0.0.140 (June 30, 2023)
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
Customer Request/Ticket numbers: NFC-10xxx
Implemented Support for Full IPv6 Network
Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.
Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278
Implemented Integration with Okta for User Identity Enrichment
Customer Request/Ticket numbers: NFC-11007
Added NFO Output to Microsoft Azure Log Analytics Workspace
Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)
Customer Request/Ticket numbers: NFC-11110
Added NFO Output to Microsoft Azure Blob Storage
Implemented new NFO Output Type - Azure Blob Storage
Customer Request/Ticket numbers: NFC-11151
AWS OpenSearch Output Upgrade
Upgrade OpenSearch library from 1.3 to 2.4
Customer Request/Ticket numbers: NFC-11181
Implemented NFO License Master
Customer Request/Ticket numbers: NFC-11139, NFC-11240
Implemented NFO Additional NFO Troubleshooting Features
Added NFv9/IPFIX templates logging
Customer Request/Ticket numbers: NFC-11183
Improved NFO Output Performance to AWS S3 Buckets
Customer Request/Ticket numbers: NFC-11191
Improved Microsoft AD Integration
Allow multiple user groups configuration
Customer Request/Ticket numbers: NFC-11292
Improved Integration with AlienVault (AT&T Cybersecurity)
Implement an option to use Pulses with malicious domains
Customer Request/Ticket numbers: NFC-11304
Improved Security in NFO Clouds Input/Output Configuration
Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205
Improved NFO Status Page Reporting
Customer Request/Ticket numbers: NFC-11234
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers
Customer Request/Ticket numbers: NFC-11142
Build 2.9.1.3.7 Hotfix (April 24, 2023)
NFO Security Update
This security update fixes the following vulnerabilities:
-
Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)
-
Apache Commons FileUpload (CVE-2023-24998)
-
Kafka client updated to 3.4.0 (CVE-2022-34917)
-
OpenSearch client updated to 2.6.0 (CVE-2023-23612)
-
HSQLDB (CVE-2022-41853)
-
FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
-
OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)
Downloads:
Build 2.9.1.2.3 Hotfix (November 14, 2022)
NFO Security Update
NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).
NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.
Bug fix in Network Conversations Module
When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.
Customer Request/Ticket numbers: NFC-11127
Implement additional status values in Network Conversations Module
Add Forwarding Status reported by Cisco routers:
- action=U for forwardingStatus 00 (unknown)
- action=F for forwardingStatus 01 (forwarded)
- action=D for forwardingStatus 10 (dropped)
- action=C for forwardingStatus 11 (consumed)
Customer Request/Ticket numbers: NFC-11122
Performance improvements
Customer Request/Ticket numbers: NFC-11156
Downloads:
Build 2.9.1.0.79 (August 9, 2022)
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
JRE: zulu11.58.15-ca-jre11.0.16
tomcat: 9.0.65
spring: 5.3.22
spring-security: 5.7.2
log4j: 2.18.0
Customer Request/Ticket numbers: NFC-11071
Added NFO Output to AWS S3 Buckets
Implemented new NFO Output Type - AWS S3
Customer Request/Ticket numbers: NFC-10354
Added NFO Output to Kafka
Implemented new NFO Output Type - Kafka
Customer Request/Ticket numbers: NFC-10461
Added NFO Output to OpenSearch
Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)
Customer Request/Ticket numbers: NFC-10468
Added NFO Output to disk
Implemented new NFO Output Type - Disk
Customer Request/Ticket numbers: NFC-10486
Implemented Integration with AT&T Cybersecurity
Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm
Customer Request/Ticket numbers: NFC-11032
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules
Customer Request/Ticket numbers: NFC-10396
Improved Support for Multiple EDFNs Instalation
Added ability to enable / disabled EDFN agents in NFO GUI
Customer Request/Ticket numbers: NFC-11076
Added New Features in Network Conversation Module
- Added an option not to report state=E events to further reduce output volume
- Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
- Added integration with MaxMind to enrich data with Autonomous System Number
- Improved integration with Microsoft AD for user identity enrichment
Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072
Deprecate 'Known Threat Feeds hosts' in Security Module
Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor
Customer Request/Ticket numbers: NFC-10997
Downloads:
Build 2.9.0.1.2 (April 15, 2022)
NFO Security Update
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.
Downloads:
Customer Request/Ticket numbers: NFC-10476
Build 2.9.0.0.189 (March 25, 2022)
NFO Security Update
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10453
Added New Features in Network Conversation Module
- Added support for additional Azure and Google Cloud fields
- Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
- Added Application enrichment
- Added Reputation enrichment
- Added option not to report denied flows
- Added integration with VMware vCenter
- Add TOS and AS fields
- Implemented Application collector
- Added GeoIP enrichment
- Added SNMP enrichment
- Added support for Cisco ACI (Bridge domains, Tenants)
- Improved output to AWS S3 destination
- Performance and usability improvments
Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.
Added NFO Output using Splunk HEC
Added ability to configure NFO output using Splunk HEC
Customer Request/Ticket numbers: NFC-10250
Added NFO Output to Splunk Observability Cloud
Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)
Customer Request/Ticket numbers: NFC-10299
Implemented Output Dictionary
Added ability to override field names in syslog key=value or JSON data elements
Customer Request/Ticket numbers: NFC-10322
Implemented New sFlow formats
Implemented new sFlow formats per https://sflow.org/developers/structures.php
Customer Request/Ticket numbers: NFC-10351
Improved SNMP Polling
Implemented better handling of devices not replying to SNMP polling
Customer Request/Ticket numbers: NFC-10170, NFC-10321
Support Cisco ACI
Implemented support for Cisco ACI fields
Customer Request/Ticket numbers: NFC-10406
Various Usability Improvments
Various cosmetic changes and usability improvments
Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389
Build 2.8.1.0.75 (September 9, 2021)
NFO Security Update
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10175
Added New features in Network Conversation Module
- Added
input_snmp
andoutput_snmp
fields - Added support of firewallEvent IPFIX field
- Improve output configuration
- Added list of local IPv6 subnets for direction identification for IPv6 traffic
- Minor bug fixes and cosmetic improvements
Customer Request/Ticket numbers: NFC-9873, NFC-10056, NFC-10105, NFC-10143, NFC-10148, NFC-10151
Improved SNMP polling
- Implemented better handling of bulk requests and timeouts
- Implemented EDFN Agent to improve onboarding of new devices
Customer Request/Ticket numbers: NFC-9849, NFC-10065
Improved AWS VPC Flow logs support in Top Traffic Monitor Module (nfc_id=20067)
Added interface-id field to output of this Module for AWS VPC Flow logs
Customer Request/Ticket numbers: NFC-9768
Improved DNS Traffic Monitoring
Added an option to include or exclude blocked DNS traffic reporting
Customer Request/Ticket numbers: NFC-10029
Improved TCP Health Monitor
Added exp_ip to TCP Health Module reporting TCP Resets
Customer Request/Ticket numbers: NFC-10069
What’s Been Fixed in this Release
Build 2.10.0.0.140
[Module 1006x] Report client port when it is disabled
Customer Request/Ticket numbers: NFC-11132, NFC-11176
Build 2.9.1.0.79
[Module 10062] Intermittent Incorrect Enrichment of src_vm_name
Customer Request/Ticket numbers: NFC-10471
[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domains
Customer Request/Ticket numbers: NFC-10485
[Module 10062] Fix Application Collector
Application collector should ignore client ports.
Customer Request/Ticket numbers: NFC-11003
Build 2.9.0.0.189
[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platform
Customer Request/Ticket numbers: NFC-10398
[Module 10053] Truncated syslog and incorrect JSON produced
Customer Request/Ticket numbers: NFC-10416
SNMP is not working if authPriv selected with SHA and AES
Customer Request/Ticket numbers: NFC-10417
Build 2.8.1.0.75
Security Modules do not process some types of NetFlow version 9
Customer Request/Ticket numbers: NFC-10199
Intermittent Bug - incorrect avg_time
Service Performance Monitor Module incorrectly calculates avg_time
Customer Request/Ticket numbers: NFC-9695
Bug in Network Conversations Deduplication
Fixed deduplication logic, and state reporting
Customer Request/Ticket numbers: NFC-10090, NFC-10161
Bug in Network Conversations Sampling calculation
Fixed bug in multiplying bytes and packets by sampling rate
Customer Request/Ticket numbers: NFC-10093
Bug in Network Conversations DCI reporting
Fixed bug in reporting t_int value
Customer Request/Ticket numbers: NFC-10093
Known Issues
Build 2.10.0.0.140
[Module 20062] S3 output failed with "no access" error code
Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:
Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt
to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt
)
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt