Skip to main content
Version: 2.10.0

Release Notes

What’s New in this Release

Build 2.10.0.1.6 (July 24, 2023)

info

NFO Security Update

This security update addresses the following vulnerabilities:

  • OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN
  • AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
  • Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
  • SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO
  • OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
  • Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
  • Json-smart 2.4.10 (CVE-2023-1370)
Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.10.0.0.140 (June 30, 2023)

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

Customer Request/Ticket numbers: NFC-10xxx

Implemented Support for Full IPv6 Network

Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.

Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278

Implemented Integration with Okta for User Identity Enrichment

Customer Request/Ticket numbers: NFC-11007

Added NFO Output to Microsoft Azure Log Analytics Workspace

Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)

Customer Request/Ticket numbers: NFC-11110

Added NFO Output to Microsoft Azure Blob Storage

Implemented new NFO Output Type - Azure Blob Storage

Customer Request/Ticket numbers: NFC-11151

AWS OpenSearch Output Upgrade

Upgrade OpenSearch library from 1.3 to 2.4

Customer Request/Ticket numbers: NFC-11181

Implemented NFO License Master

Customer Request/Ticket numbers: NFC-11139, NFC-11240

Implemented NFO Additional NFO Troubleshooting Features

Added NFv9/IPFIX templates logging

Customer Request/Ticket numbers: NFC-11183

Improved NFO Output Performance to AWS S3 Buckets

Customer Request/Ticket numbers: NFC-11191

Improved Microsoft AD Integration

Allow multiple user groups configuration

Customer Request/Ticket numbers: NFC-11292

Improved Integration with AlienVault (AT&T Cybersecurity)

Implement an option to use Pulses with malicious domains

Customer Request/Ticket numbers: NFC-11304

Improved Security in NFO Clouds Input/Output Configuration

Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205

Improved NFO Status Page Reporting

Customer Request/Ticket numbers: NFC-11234

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers

Customer Request/Ticket numbers: NFC-11142

Build 2.9.1.3.7 Hotfix (April 24, 2023)

info

NFO Security Update

This security update fixes the following vulnerabilities:

  • Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)

  • Apache Commons FileUpload (CVE-2023-24998)

  • Kafka client updated to 3.4.0 (CVE-2022-34917)

  • OpenSearch client updated to 2.6.0 (CVE-2023-23612)

  • HSQLDB (CVE-2022-41853)

  • FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

  • OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.9.1.2.3 Hotfix (November 14, 2022)

info

NFO Security Update

NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).

NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.

Bug fix in Network Conversations Module

When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.

Customer Request/Ticket numbers: NFC-11127

Implement additional status values in Network Conversations Module

Add Forwarding Status reported by Cisco routers:

  • action=U for forwardingStatus 00 (unknown)
  • action=F for forwardingStatus 01 (forwarded)
  • action=D for forwardingStatus 10 (dropped)
  • action=C for forwardingStatus 11 (consumed)

Customer Request/Ticket numbers: NFC-11122

Performance improvements

Customer Request/Ticket numbers: NFC-11156

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.1.0.79 (August 9, 2022)

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

JRE: zulu11.58.15-ca-jre11.0.16

tomcat: 9.0.65

spring: 5.3.22

spring-security: 5.7.2

log4j: 2.18.0

Customer Request/Ticket numbers: NFC-11071

Added NFO Output to AWS S3 Buckets

Implemented new NFO Output Type - AWS S3

Customer Request/Ticket numbers: NFC-10354

Added NFO Output to Kafka

Implemented new NFO Output Type - Kafka

Customer Request/Ticket numbers: NFC-10461

Added NFO Output to OpenSearch

Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)

Customer Request/Ticket numbers: NFC-10468

Added NFO Output to disk

Implemented new NFO Output Type - Disk

Customer Request/Ticket numbers: NFC-10486

Implemented Integration with AT&T Cybersecurity

Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm

Customer Request/Ticket numbers: NFC-11032

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules

Customer Request/Ticket numbers: NFC-10396

Improved Support for Multiple EDFNs Instalation

Added ability to enable / disabled EDFN agents in NFO GUI

Customer Request/Ticket numbers: NFC-11076

Added New Features in Network Conversation Module

  1. Added an option not to report state=E events to further reduce output volume
  2. Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
  3. Added integration with MaxMind to enrich data with Autonomous System Number
  4. Improved integration with Microsoft AD for user identity enrichment

Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072

Deprecate 'Known Threat Feeds hosts' in Security Module

Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor

Customer Request/Ticket numbers: NFC-10997

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.0.1.2 (April 15, 2022)

info

NFO Security Update

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Customer Request/Ticket numbers: NFC-10476

Build 2.9.0.0.189 (March 25, 2022)

info

NFO Security Update

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10453

Added New Features in Network Conversation Module

  1. Added support for additional Azure and Google Cloud fields
  2. Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
  3. Added Application enrichment
  4. Added Reputation enrichment
  5. Added option not to report denied flows
  6. Added integration with VMware vCenter
  7. Add TOS and AS fields
  8. Implemented Application collector
  9. Added GeoIP enrichment
  10. Added SNMP enrichment
  11. Added support for Cisco ACI (Bridge domains, Tenants)
  12. Improved output to AWS S3 destination
  13. Performance and usability improvments

Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.

Added NFO Output using Splunk HEC

Added ability to configure NFO output using Splunk HEC

Customer Request/Ticket numbers: NFC-10250

Added NFO Output to Splunk Observability Cloud

Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)

Customer Request/Ticket numbers: NFC-10299

Implemented Output Dictionary

Added ability to override field names in syslog key=value or JSON data elements

Customer Request/Ticket numbers: NFC-10322

Implemented New sFlow formats

Implemented new sFlow formats per https://sflow.org/developers/structures.php

Customer Request/Ticket numbers: NFC-10351

Improved SNMP Polling

Implemented better handling of devices not replying to SNMP polling

Customer Request/Ticket numbers: NFC-10170, NFC-10321

Support Cisco ACI

Implemented support for Cisco ACI fields

Customer Request/Ticket numbers: NFC-10406

Various Usability Improvments

Various cosmetic changes and usability improvments

Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389

Build 2.8.1.0.75 (September 9, 2021)

info

NFO Security Update

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10175

Added New features in Network Conversation Module

  1. Added input_snmp and output_snmp fields
  2. Added support of firewallEvent IPFIX field
  3. Improve output configuration
  4. Added list of local IPv6 subnets for direction identification for IPv6 traffic
  5. Minor bug fixes and cosmetic improvements

Customer Request/Ticket numbers: NFC-9873, NFC-10056, NFC-10105, NFC-10143, NFC-10148, NFC-10151

Improved SNMP polling

  1. Implemented better handling of bulk requests and timeouts
  2. Implemented EDFN Agent to improve onboarding of new devices

Customer Request/Ticket numbers: NFC-9849, NFC-10065

Improved AWS VPC Flow logs support in Top Traffic Monitor Module (nfc_id=20067)

Added interface-id field to output of this Module for AWS VPC Flow logs

Customer Request/Ticket numbers: NFC-9768

Improved DNS Traffic Monitoring

Added an option to include or exclude blocked DNS traffic reporting

Customer Request/Ticket numbers: NFC-10029

Improved TCP Health Monitor

Added exp_ip to TCP Health Module reporting TCP Resets

Customer Request/Ticket numbers: NFC-10069

What’s Been Fixed in this Release

Build 2.10.0.0.140

[Module 1006x] Report client port when it is disabled

Customer Request/Ticket numbers: NFC-11132, NFC-11176

Build 2.9.1.0.79

[Module 10062] Intermittent Incorrect Enrichment of src_vm_name

Customer Request/Ticket numbers: NFC-10471

[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domains

Customer Request/Ticket numbers: NFC-10485

[Module 10062] Fix Application Collector

Application collector should ignore client ports.

Customer Request/Ticket numbers: NFC-11003

Build 2.9.0.0.189

[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platform

Customer Request/Ticket numbers: NFC-10398

[Module 10053] Truncated syslog and incorrect JSON produced

Customer Request/Ticket numbers: NFC-10416

SNMP is not working if authPriv selected with SHA and AES

Customer Request/Ticket numbers: NFC-10417

Build 2.8.1.0.75

Security Modules do not process some types of NetFlow version 9

Customer Request/Ticket numbers: NFC-10199

Intermittent Bug - incorrect avg_time

Service Performance Monitor Module incorrectly calculates avg_time

Customer Request/Ticket numbers: NFC-9695

Bug in Network Conversations Deduplication

Fixed deduplication logic, and state reporting

Customer Request/Ticket numbers: NFC-10090, NFC-10161

Bug in Network Conversations Sampling calculation

Fixed bug in multiplying bytes and packets by sampling rate

Customer Request/Ticket numbers: NFC-10093

Bug in Network Conversations DCI reporting

Fixed bug in reporting t_int value

Customer Request/Ticket numbers: NFC-10093

Known Issues

Build 2.10.0.0.140

[Module 20062] S3 output failed with "no access" error code

Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:

Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt