Release Notes
Whatβs New in this Releaseβ
Build 2.9.1.3.7 Hotfix (April 24, 2023)β
info
NFO Security Updateβ
This security update fixes the following vulnerabilities:
Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)
Apache Commons FileUpload (CVE-2023-24998)
Kafka client updated to 3.4.0 (CVE-2022-34917)
OpenSearch client updated to 2.6.0 (CVE-2023-23612)
HSQLDB (CVE-2022-41853)
FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)
Downloads:
Build 2.9.1.2.3 Hotfix (November 14, 2022)β
info
NFO Security Updateβ
NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).
NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.
Bug fix in Network Conversations Moduleβ
When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.
Customer Request/Ticket numbers: NFC-11127
Implement additional status values in Network Conversations Moduleβ
Add Forwarding Status reported by Cisco routers:
- action=U for forwardingStatus 00 (unknown)
- action=F for forwardingStatus 01 (forwarded)
- action=D for forwardingStatus 10 (dropped)
- action=C for forwardingStatus 11 (consumed)
Customer Request/Ticket numbers: NFC-11122
Performance improvementsβ
Customer Request/Ticket numbers: NFC-11156
Downloads:
Build 2.9.1.0.79 (August 9, 2022)β
info
NFO Security Updateβ
Updated Java, Tomcat, and other libraries to the latest available security release.
JRE: zulu11.58.15-ca-jre11.0.16
tomcat: 9.0.65
spring: 5.3.22
spring-security: 5.7.2
log4j: 2.18.0
Customer Request/Ticket numbers: NFC-11071
Added NFO Output to AWS S3 Bucketsβ
Implemented new NFO Output Type - AWS S3
Customer Request/Ticket numbers: NFC-10354
Added NFO Output to Kafkaβ
Implemented new NFO Output Type - Kafka
Customer Request/Ticket numbers: NFC-10461
Added NFO Output to OpenSearchβ
Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)
Customer Request/Ticket numbers: NFC-10468
Added NFO Output to diskβ
Implemented new NFO Output Type - Disk
Customer Request/Ticket numbers: NFC-10486
Implemented Integration with AT&T Cybersecurityβ
Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm
Customer Request/Ticket numbers: NFC-11032
Improved Output Dictionaryβ
Added support for NFO Output dictionary in various Modules
Customer Request/Ticket numbers: NFC-10396
Improved Support for Multiple EDFNs Instalationβ
Added ability to enable / disabled EDFN agents in NFO GUI
Customer Request/Ticket numbers: NFC-11076
Added New Features in Network Conversation Moduleβ
- Added an option not to report state=E events to further reduce output volume
- Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
- Added integration with MaxMind to enrich data with Autonomous System Number
- Improved integration with Microsoft AD for user identity enrichment
Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072
Deprecate 'Known Threat Feeds hosts' in Security Moduleβ
Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor
Customer Request/Ticket numbers: NFC-10997
Downloads:
Build 2.9.0.1.2 (April 15, 2022)β
info
NFO Security Updateβ
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.
Downloads:
Customer Request/Ticket numbers: NFC-10476
Build 2.9.0.0.189 (March 25, 2022)β
info
NFO Security Updateβ
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10453
Added New Features in Network Conversation Moduleβ
- Added support for additional Azure and Google Cloud fields
- Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
- Added Application enrichment
- Added Reputation enrichment
- Added option not to report denied flows
- Added integration with VMware vCenter
- Add TOS and AS fields
- Implemented Application collector
- Added GeoIP enrichment
- Added SNMP enrichment
- Added support for Cisco ACI (Bridge domains, Tenants)
- Improved output to AWS S3 destination
- Performance and usability improvments
Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.
Added NFO Output using Splunk HECβ
Added ability to configure NFO output using Splunk HEC
Customer Request/Ticket numbers: NFC-10250
Added NFO Output to Splunk Observability Cloudβ
Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)
Customer Request/Ticket numbers: NFC-10299
Implemented Output Dictionaryβ
Added ability to override field names in syslog key=value or JSON data elements
Customer Request/Ticket numbers: NFC-10322
Implemented New sFlow formatsβ
Implemented new sFlow formats per https://sflow.org/developers/structures.php
Customer Request/Ticket numbers: NFC-10351
Improved SNMP Pollingβ
Implemented better handling of devices not replying to SNMP polling
Customer Request/Ticket numbers: NFC-10170, NFC-10321
Support Cisco ACIβ
Implemented support for Cisco ACI fields
Customer Request/Ticket numbers: NFC-10406
Various Usability Improvmentsβ
Various cosmetic changes and usability improvments
Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389
Build 2.8.1.0.75 (September 9, 2021)β
info
NFO Security Updateβ
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10175
Added New features in Network Conversation Moduleβ
- Added
input_snmpandoutput_snmpfields - Added support of firewallEvent IPFIX field
- Improve output configuration
- Added list of local IPv6 subnets for direction identification for IPv6 traffic
- Minor bug fixes and cosmetic improvements
Customer Request/Ticket numbers: NFC-9873, NFC-10056, NFC-10105, NFC-10143, NFC-10148, NFC-10151
Improved SNMP pollingβ
- Implemented better handling of bulk requests and timeouts
- Implemented EDFN Agent to improve onboarding of new devices
Customer Request/Ticket numbers: NFC-9849, NFC-10065
Improved AWS VPC Flow logs support in Top Traffic Monitor Module (nfc_id=20067)β
Added interface-id field to output of this Module for AWS VPC Flow logs
Customer Request/Ticket numbers: NFC-9768
Improved DNS Traffic Monitoringβ
Added an option to include or exclude blocked DNS traffic reporting
Customer Request/Ticket numbers: NFC-10029
Improved TCP Health Monitorβ
Added exp_ip to TCP Health Module reporting TCP Resets
Customer Request/Ticket numbers: NFC-10069
Build 2.8.0.0.380 (June 14, 2021)β
info
NFO Security Updateβ
Updated Java, Tomcat, Jquery, Net-SNMP, Azure storage libraries, and Net-SNMP library to the latest available security release. Removed support for TSL 1.0 as it is no longer supported.
Customer Request/Ticket numbers: NFC-9451, NFC-9588, NFC-9608, NFC-9904
NFO UI Upgradeβ
This release contains multiple usability improvements. Added left navigation to easily switch between various configuration sections. Added statistical counters to Status page and NFO header.
Customer Request/Ticket numbers: NFC-9570, NFC-9878, NFC-9895, NFC-9954, NFC-9978
Implemented Network Conversations Module (10062)β
This Module reports consolidated network conversations. Optionally it stitches client-server request-response flows, reporting bytes and packets server-to-client and client-to-server in separate fields. It also calculates and reports conversation metrics such as Duration (TCP session duration), State (Begin, Continue, End), Action (Accepted or Rejected), etc. The Network Conversations Module allows you to configure output fields, and to select dual destinations: UDP output and AWS S3
Customer Request/Ticket numbers: NFC-9797, NFC-9872, NFC-9873, NFC-9874, NFC-9953, NFC-9987, NFC-10041
Added JSON Output Typeβ
Now you can configure sending data in syslog format to one destination and at the same time send the same data in JSON format to another destination
Customer Request/Ticket numbers: NFC-9449
Added Clickhouse Output Typeβ
Now you can send your flow data to Clickhouse database: https://clickhouse.tech/
Customer Request/Ticket numbers: NFC-9457
Added Output Messages Rateβ
Now you can see the NFO real-time output rate in messages/sec
Customer Request/Ticket numbers: NFC-9843
Improved DNS Monitoring Modulesβ
Added dest_ip to DNS users message
Customer Request/Ticket numbers: NFC-10023
Improved Cisco AnyConnect Moduleβ
This Module reports Cisco AnyConnect NVM Flow Logs. It supports nvzFlow v3 and nvzFlow v4.
Customer Request/Ticket numbers: NFC-9582, NFC-9640
Added support of AWS VPC Flow logs v3 and other AWS VPC Flow logs processing improvementsβ
Customer Request/Ticket numbers: NFC-9936, NFC-9943
Implemented Zeek Module (10061) (only available on request)β
This Module reports NetFlow, IPFIX, sFlow, Azure NSG Flow logs, AWS VPC Flow logs, and Google VPC Flow logs in Zeek conn.log format.
Customer Request/Ticket numbers: NFC-9595, NFC-9596, NFC-9597, NFC-9611
Added MAC address reportingβ
Added source and destination MAC address to Top Traffic/Top Packets/Top Connections Modules.
Customer Request/Ticket numbers: NFC-9711
Added an option to ignore denied events in security Modulesβ
Added ability to enable or disable reporting security events for denied flows.
Customer Request/Ticket numbers: NFC-9614
Improved SNMP Polling Service and OIDs sets Module configurationβ
Introduced βDevice Groupβ to improve management of OID sets. For example, Palo Alto Networks (PAN) polling requests are now sent only to PAN devices. Improves OID sets configuration. Allow to enable/disable SNMP polling by OID sets. Improved logging for troubleshooting
Customer Request/Ticket numbers: NFC-9817, NFC-9840, NFC-9841, NFC-9842, NFC-9844, NFC-9869, NFC-9870, NFC-9889
Improved FQDN (Reverse-DNS) Lookup Serviceβ
Added ability to exclude certain subnets (e.g. private subnets) from DNS lookups. Implement priorities.
Customer Request/Ticket numbers: NFC-9598, NFC-9720, NFC-9746
Added support of Azure Services and Regionsβ
Resolve Azure Service name and Region based on source/destination IP addresses, both IPv4 and IPv6.
Customer Request/Ticket numbers: NFC-9609, NFC-9740
Added support for Azure IPv6 Rangesβ
Customer Request/Ticket numbers: NFC-9740
Added support of bidirectional flows in flow-stitching Modulesβ
Use OUT_BYTES, OUT_PKTS, initiatorOctets, initiatorPackets fields if reported by bi-directional flow exporters.
Customer Request/Ticket numbers: NFC-9529
Improved external Data Feederβ
Optimized external Data Feeder GeoIP and VMware vCenter agents to feed data to multiple Modules. Added sampling support.
Customer Request/Ticket numbers: NFC-9660, NFC-9661, NFC-9690
Improved NFO Internal Loggingβ
Report read/write UDP buffer error counts. Report exporter IP address that sends flow records failing validation.
Customer Request/Ticket numbers: NFC-9583, NFC-9745
Various bug fixes, usability and stability improvementsβ
Customer Request/Ticket numbers: NFC-9747, NFC-9804, NFC-9777, NFC-9778, NFC-9101
Build 2.7.1.5.3 - Security Update (May 13, 2021)β
info
Security updateβ
This release is to close known security vulnerabilities in Tomcat.
NFO is rebuilt with Tomcat 9.0.45.
To download this release please visit https://www.netflowlogic.com/support/
Build 2.7.1.4.2 - HotFix (March 11, 2021)β
This hotfix is to enable Repeater output filtering based on the list of exporter IPs and/or exporter IP subnets.
Customer Request/Ticket numbers: NFC-9928
To download this release please visit https://www.netflowlogic.com/support/
Build 2.7.1.3.1 - HotFix (February 4, 2021)β
This hotfix is to address the issue with SNMP GetBulk requests.
Customer Request/Ticket numbers: NFC-9845
To download this release please visit https://www.netflowlogic.com/support/
Build 2.7.1.2.4 - Security Update (February 2, 2021)β
info
Security updateβ
This release is to close known security vulnerabilities in JQuery.
NFO is rebuilt with JQuery version to 3.5.1.
To download this release please visit https://www.netflowlogic.com/support/
Build 2.7.1.1.36 - Security Update (December 15, 2020)β
info
Security updateβ
This release is to close known security vulnerabilities in Java and Tomcat.
NFO is rebuilt with Java 8u275 and Tomcat 9.0.41.
For details please visit: https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities and page 18 of this document https://docs.azul.com/zulu/zulurelnotes/Zulu_ReleaseNotes.pdf
To download this release please visit https://www.netflowlogic.com/support/
Build 2.7.1.1.21 (September 10, 2020)β
Added Microsoft Azure NSG Flow Logs Supportβ
Added ability to ingest and enrich Azure NSG Flow logs. This upgrade includes two NFO Modules; one to enrich Azure NSG Flow logs, and another to enrich and consolidate Azure NSG Flow logs with an option to report Top traffic
Customer Request/Ticket numbers: NFC-9504, NFC-9531, NFC-9657
Added NFO Modules for Google Cloud VPC Flow logsβ
- Consolidate and optimize VPC Flow logs data thus enabling customers to store and index only a fraction of volume and at the same time gain all benefits of flow information without losing accuracy
- Enrich basic VPC Flow logs with real-time information, such as VM name, etc
- Improve performance
Customer Request/Ticket numbers: NFC-9445, NFC-9470, NFC-9473, NFC-9481, NFC-9490, NFC-9496, NFC-9502
Added Reporting of "Services" to AWS VPC Flow Logsβ
Now NFO detects if source or destination is one of AWS services (e.g. S3) and enriches flow records with this information.
Customer Request/Ticket numbers: NFC-9437
Added NFO Input Configuration for Public Clouds and Ability to Enable/Disable Inputsβ
- Now NFO input ports could be enabled/disabled via GUI
- Added configuration of AWS/GCP/Azure inputs in NFO GUI of Inputs panel
Customer Request/Ticket numbers: NFC-9547
Added New Options in Top Traffic Modules (Top Traffic, Top Packets, Top Connections, Top Host Pairs)β
- Now these Modules have an option to exclude ephemeral client source or destination port from reporting. The list of server side ports is configurable.
- Enable/disable multiplying bytes, packets, and flow count by sampling rate. Any sampled NetFlow, IPFIX, or sFlow is supported.
Customer Request/Ticket numbers: NFC-5087, NFC-9137
Improve Visitors by Country Moduleβ
Added parameter to enable/disable reporting of denied flows.
Customer Request/Ticket numbers: NFC-9460
Added Cisco AVC Modules to NFOβ
Added Cisco Application Visibility and Control (AVC) (https://www.cisco.com/c/en/us/products/routers/avc-control.html) Modules to NFO packages.
Customer Request/Ticket numbers: NFC-9423
Improved SNMP polling capabilitiesβ
Allow users to add specific OIDs down to a table level.
Customer Request/Ticket numbers: NFC-9094
Added Cisco AnyConnect (aka NVM or nvzFlow) Supportβ
Added support for Cisco IPFIX fields used in AnyConnect (Secure VPN access for remote workers).
Customer Request/Ticket numbers: NFC-9516
Upgraded Syslog Output Format to Comply with RFC 5424β
NFO now uses RFC5424 (https://tools.ietf.org/html/rfc5424) when output sent as Syslog messages.
Customer Request/Ticket numbers: NFC-9492, NFC-9515
Allow Uploading Trusted Certificates via GUIβ
Add a user interface in Admin to upload trusted certs instead of dealing with CLI.
Customer Request/Ticket numbers: NFC-9202
NFO Usability Improvementsβ
Various usability improvements and cosmetic enhancements.
Customer Request/Ticket numbers: NFC-9450, NFC-9506, NFC-9422
Upgraded NFO to Tomcat 9β
Customer Request/Ticket numbers: NFC-9644
Upgraded NFO to Java 8 Update 261 (8u261)β
Customer Request/Ticket numbers: NFC-9656
Build 2.7.0.0.264 (February 26, 2020)β
info
Security update:β
XML external entity (XXE) injectionβ
This vulnerability allows an attacker to interfere with an application's processing of XML data. This vulnerability is closed in NFO 2.7.0.0.264. For prior releases please apply the following workaround:
- Edit
/opt/flowintegrator/tomcat/webapps/ROOT/WEB-INF/web.xmlfile - Find parameter:
`<init-param>`
`<param-name>com.sun.jersey.config.feature.DisableXmlSecurity</param-name>`
`<param-value>true</param-value>`
`</init-param>`
- Change
<param-value>tofalseor remove the entire<init-param>section - Restart tomcat service:
service tomcat_nfo restart
Added Amazon Web Services (AWS) VPC Flow logs supportβ
- Ingest VPC Flow logs from AWS CloudWatch, Kinesis stream, or S3
- Support processing VPC Flow logs from multiple AWS accounts, VPCs, and regions
- Enrich native VPC Flow logs with real-time information, such as EC2 name, DNS name, and AWS region
- Consolidate and optimize VPC Flow logs data thus enabling customers to store and index only a fraction of volume and at the same time gain all benefits of flow information without losing accuracy
Customer Request/Ticket numbers: NFC-9006, NFC-9251, NFC-9254, NFC-9260, NFC-9287, NFC-9300, NFC-9301, NFC-9302, NFC-9304, NFC-9305
Added Google Cloud VPC Flow logs supportβ
Added ability to ingest, consolidate, and enrich GPC VPC Flow logs.
Customer Request/Ticket numbers: NFC-9189
Added support for Cisco AVCβ
Cisco Application Visibility and Control (AVC) technology is now supported. AVC classifies more than 1400 applications, and reports them in IPFIX. AVC is available across routers, campus switches, access points, and wireless controllers. See https://www.cisco.com/c/en/us/products/routers/avc-control.html for details.
Customer Request/Ticket numbers: NFC-8027
Improved SNMP polling capabilitiesβ
Added support for 'sparse augments'. Improved SNMP service performance. Added SNMP polling and traps statistics.
Customer Request/Ticket numbers: NFC-8438, NFC-9081, NFC-9131, NFC-9133, NFC-9164
Support new MaxMind authenticationβ
Change default URLs in all Modules with GeoIP enrichment to alow users to enter their own MaxMind subscription credentials.
Customer Request/Ticket numbers: NFC-9293
Added user IP address and port to identify user when Palo Alto Networks device is not integrated with ADβ
When PAN device is not integrated with AD, all users reported as "na". To identify users for applications monitoring add user IP and port.
Customer Request/Ticket numbers: NFC-9126
Security Modules: allow setting to include flow created and flow updated eventsβ
Add parameter to all Security Modules: "Enable reporting flow created and flow updated events". Default - disabled.
Customer Request/Ticket numbers: NFC-9284
Added support for new sFlow extensions in Original Flow dataβ
NFO sFlow support includes sFlow extended structures as of December 2019 (https://sflow.org/developers/structures.php).
Customer Request/Ticket numbers: NFC-8885
Added ifAlias in SNMP polling Module (10003)β
Added ifAlias (OID 1.3.6.1.2.1.31.1.1.1.18) to the output of SNMP polling Module (10003).
Customer Request/Ticket numbers: NFC-9095
Added DNS names to Security Modules outputβ
Added DNS names, if available, for source / destination IP addresses reported by Security Modules.
Customer Request/Ticket numbers: NFC-9096
Implemented Heartbeat messages in Security Modulesβ
Now Security Modules have an option to send a heartbeat message indicating that they are up and running. The message includes Module ID and the timestamp when corresponding threat lists were updated.
Customer Request/Ticket numbers: NFC-9100
Package NFO and External Data Feeder (EDFN) togetherβ
As in most cases NFO and EDFN are installed together on the same machine, starting with this release EDFN is packaged together with NFO in one installer (rpm, tar.gz, and msi).
Customer Request/Ticket numbers: NFC-9280
Build 2.6.0.1.1 (August 15, 2019)β
info
Security update:
Remove SHA-1 ciphersβ
SHA-1 (Secure Hash Algorithm 1) has been known to be vulnerable to attacks. Digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. Now SHA-1 ciphers are completely removed from NFO.
Customer Request/Ticket numbers: NFC-8751
Implemented NetFlow Capture and Replay functionalityβ
Now you can look back in time for security issues. NFO has an option to set a rolling period of time to capture flows, store these flows in memory or on disk, and replay them when a security event is detected in order to see the traffic that preceded the event.
Customer Request/Ticket numbers: NFC-8839
Implemented Micro-segmentation Analytics Moduleβ
This Module is capable of processing NetFlow / IPFIX / sFlow from physical network devices as well as VMware Virtual Distributed Switch. It is used for analyzing βeast-westβ and βnorth-southβ traffic and providing information for micro-segmentation planning.
Customer Request/Ticket numbers: NFC-9038
info
If you had Micro-segmentation Module installed in previous NFO release, you need to reconfigure connection to vCenter after upgrading to NFO 2.6.
Implemented NSX Distributed Firewall (DFW) Monitoringβ
NSX Distributed Firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks. The new NFO modules for DFW report top bandwidth consumers, top destinations, top DFW policy violators, and top VMs with the most connections.
Customer Request/Ticket numbers: NFC-8757
Implemented JSON output optionβ
Now you have an option to choose whether NFO can be configured to produce output in Syslog or JSON format. NFO server.cfg file has two parameters:
REPLAY_OFD_OUTPUT JSON / SYSLOG β controls output format for Original Flow Data and Replay output.
MODULES_OUTPUT JSON / SYSLOG β controls output format for Original Flow Data and Replay output.
Customer Request/Ticket numbers: NFC-8974, NFC-8999
Implemented NFO Modules ability to write output to diskβ
NFO Modules now can be requested with an option to write *flow data to disk (in addition to sending it out in syslog format) β available upon request.
Customer Request/Ticket numbers: NFC-8579
Implemented support for BGP/BMP protocol to provide Autonomous System Pathsβ
External Data Feeder for NFO has an Agent capable of providing Autonomous System Paths data retrieved in real time from edge devices that support BGP. It is used *flow data enrichment with AS Paths information.
Customer Request/Ticket numbers: NFC-8561
Module: V2P Network Visibility β Enhancementsβ
This Module correlates virtual overlay network and underlying physical network and virtual network operators to identify physical network devices impacting VM Applications performance. In this release we added the following: names for VDS interfaces, ifAlias field, VDS port group name, VM Host FQDN name. Added support for new IPV4 VDS templates. Removed LAN broadcast addresses from Path output (message 20183). Improve processing of *flows with SNMP indexes equal zero. Added ESXi physical adapter speeds to calculation utilization. Hide ifIPAddress field when value is 0.0.0.0.
Customer Request/Ticket numbers: NFC-5744, NFC-6776, NFC-8700, NFC-8782, NFC-8783, NFC-8819, NFC-8820, NFC-8846, NFC-8847, NFC-8894
Added support for Gentoo Linuxβ
Gentoo Linux is now supported.
Customer Request/Ticket numbers: NFC-8598
Added support for IPFIX field layer2OctetDeltaCountβ
Added support for IPFIX field layer2OctetDeltaCount as bytes
Customer Request/Ticket numbers: NFC-8581
Added support for sFlow extensions in Original Flow dataβ
NFO sFlow support includes sFlow extended structures as of February 2019 (https://sflow.org/developers/structures.php).
Customer Request/Ticket numbers: NFC-8429
Enhance Microsegmentation Analytics for VMware vCenter Moduleβ
Implement integration with VMware NSX and vShield. Report VDS port groups.
Customer Request/Ticket numbers: NFC-8755
Added ability for External Data Feeder for NFO to update multiple data setsβ
Now EDFN agent can handle several data sets. Update cron setting is still per agent.
Customer Request/Ticket numbers: NFC-8930
Upgraded JDK8 to the latest buildβ
Changed Oracle JDK 8u66 to Zulu OpenJDK 8u212.
Customer Request/Ticket numbers: NFC-8968
Enhance NFv9/IPFIX Template persistenceβ
Implemented Templates expiration. Default is 24 hours.
Customer Request/Ticket numbers: NFC-7716, NFC-7717
Added FQDN name of DNS server to DNS Monitor Module (10004)β
Added FQDN name field in Sysog/JSON output.
Customer Request/Ticket numbers: NFC-8818
Expanded support of IPFIX variable length IEsβ
Added IPFIX variable length IEs support.
Customer Request/Ticket numbers: NFC-7985
Performance: Implemented support for very large (several M recs) data setsβ
Improve performance of External Data Feeder and NFO. In this release we support unlimited size of in-memory data sets (tested with 7M records). In addition, data sets up to 3M records could be updated every 30 seconds.
Customer Request/Ticket numbers: NFC-8614
Performance: Improve performance of streaming Modulesβ
Streaming Modules performance (with *flow enrichment) was improved more than 3 times (300K records pes second in NFO 2.5.1 vs. 900K records per second in NFO 2.6 without a single drop).
Customer Request/Ticket numbers: NFC-8560, NFC-8555
Performance: Improve performance of consolidation Modulesβ
A single instance of NFO can now run up to 8 times more *flow consolidation Modules (NFO 2.5.1 vs NFO 2.6).
Customer Request/Ticket numbers: NFC-8753
Whatβs Been Fixed in this Releaseβ
Build 2.9.1.0.71β
[Module 10062] Intermittent Incorrect Enrichment of src_vm_nameβ
Customer Request/Ticket numbers: NFC-10471
[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domainsβ
Customer Request/Ticket numbers: NFC-10485
[Module 10062] Fix Application Collectorβ
Application collector should ignore client ports.
Customer Request/Ticket numbers: NFC-11003
Build 2.9.0.0.189β
[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platformβ
Customer Request/Ticket numbers: NFC-10398
[Module 10053] Truncated syslog and incorrect JSON producedβ
Customer Request/Ticket numbers: NFC-10416
SNMP is not working if authPriv selected with SHA and AESβ
Customer Request/Ticket numbers: NFC-10417
Build 2.8.1.0.75β
Security Modules do not process some types of NetFlow version 9β
Customer Request/Ticket numbers: NFC-10199
Intermittent Bug - incorrect avg_timeβ
Service Performance Monitor Module incorrectly calculates avg_time
Customer Request/Ticket numbers: NFC-9695
Bug in Network Conversations Deduplicationβ
Fixed deduplication logic, and state reporting
Customer Request/Ticket numbers: NFC-10090, NFC-10161
Bug in Network Conversations Sampling calculationβ
Fixed bug in multiplying bytes and packets by sampling rate
Customer Request/Ticket numbers: NFC-10093
Bug in Network Conversations DCI reportingβ
Fixed bug in reporting t_int value
Customer Request/Ticket numbers: NFC-10093
Build 2.8.0.0.380β
Bug in bytes/packets reporting in Cisco ASA NetFlowβ
Customer Request/Ticket numbers: NFC-9622
Bug SNMP Custom OID Sets Monitorβ
Module crashed when polling HP memory utilization OIDs
Customer Request/Ticket numbers: NFC-9896
Bug in Original Flow Data Conversion Serviceβ
Issue with using Custom IPFIX Information Elements lookup
Customer Request/Ticket numbers: NFC-10055
Memory Leak when Module 10103 and Module 10067 Are Enabledβ
Fix memory leak when both Modules are enabled
Customer Request/Ticket numbers: NFC-9923
Fixed Issues using Safari Browserβ
Customer Request/Ticket numbers: NFC-10038
Build 2.7.1.1.21β
Intermittent Error in FQDN Serviceβ
Affected Platforms: All
Description: FQDN service intermittently raises errors when Google VPC Flow Logs Module 10301 is enabled.
Customer Request/Ticket numbers: NFC-9486
Bug in DNS Monitor Module does handling NetFlow v5β
Affected Platforms: All
Description: DNS Monitor Module does not produce output for NetFlow v5. NetFlow v9, IPFIX, and other *flow formats are working correctly.
Customer Request/Ticket numbers: NFC-9249
AWS Top Traffic Monitor intermitently reports 0 observation time intervalβ
Affected Platforms: All
Description: This Module intermitently reports 0 observation time interval.
Customer Request/Ticket numbers: NFC-9486
Various minor bug fixesβ
Build 2.7.0.0.264β
VMware vCenter integration: unable to add 10Gibit pNICβ
Affected Platforms: All
Description: The following message is displayed:
Customer Request/Ticket numbers: NFC-9177
Build 2.6.0.1.1β
Memory Leak after Known malicious hosts list has been updatedβ
Affected Platforms: All
Description: When known malicious hosts list is updated manually or via Updater, about 19MB of memory is not released.
Customer Request/Ticket numbers: NFC-7023
[Module 10103] Output produces separate syslog with non-table values when module is polling table data and scalar (non-table) data configured in the same OID setβ
Affected Platforms: All
Customer Request/Ticket numbers: NFC-8466
[Module 10103] Intermittent problem sending Module outputβ
Affected Platforms: All
Customer Request/Ticket numbers: NFC-9120
Partial or complete lack of syslog output becuse of malformed KRON outputβ
The Windows Filtering Platform prevents NFO Controller from a bind to a local port at some point on Windows Server 2016 platformβ
Affected Platforms: Windows 7/10, Windows Server 2012/2016
Description: When a block of a bind to a local port happens, NFO Controller warns on Status page that NFO Sever is unavailable and restarts it.
Customer Request/Ticket numbers: NFC-8505