Release Notes

2.11.3.0.49 Maintenance Release (July 31, 2025 - EOL: July 31, 2027)

What’s New in this Release

info

NFO Security Update

This security update includes the following:

• Upgrade OpenSSL and crypto libraries to version 3.x

Customer Request/Ticket numbers: NFC-11919

Added support for Model Driven Telemetry (MDT) input (Preview)

Introduced support for Model Driven Telemetry (MDT) input, enabling more granular and real-time network visibility.

Customer Request/Ticket numbers: NFC-11922, NFC-12008

Splunk HEC output: add channel identifier

Customer Request/Ticket numbers: NFC-11915

Added support for Cisco SD-WAN IPFIX fields (including options)

Added support for Cisco SD-WAN IPFIX fields (including options), providing deeper visibility into SD-WAN traffic.

Customer Request/Ticket numbers: NFC-11169

Add Archive and Restore Configuration

Introduced Archive and Restore Configuration, allowing you to easily back up and restore your NFO settings.

Customer Request/Ticket numbers: NFC-11997

Improve Splunk HEC output

• Introduced support for multiple Splunk HEC outputs to a single IP/port, facilitating the routing of various NFO data types to distinct Splunk indexes.
• NFO now supports Splunk HEC output in JSON format, for improved data ingestion.

Customer Request/Ticket numbers: NFC-11933, NFC-11978

Improved SNMP v3 Trap Handling

We've made SNMP v3 trap handling much simpler. Now, NFO automatically handles device EngineIDs when encrypted SNMP v3 traps are received. This means you no longer need to create separate credentials for each device, significantly streamlining your setup.

Customer Request/Ticket numbers: NFC-12011

NFO License Manager to report SNMP polling blocks

The NFO License Manager now includes reporting on SNMP polling blocks, helping you manage your licensed capacity more effectively.

Customer Request/Ticket numbers: NFC-12000

Improve Auto-discovery feature

• Added engineID to preview devices list

Customer Request/Ticket numbers: NFC-12012

Usability improvments

• Explanations for Auto-discovery steps
• External Data Feeder for NFO page - EDFN selection in case of multiple EDFNs are configured
• Added upload button to EDFN Agent configuration lists
• Added Clear and reset buttons to EDFN agent settings

Customer Request/Ticket numbers: NFC-12050, NFC-11989, NFC-12013, NFC-12042

What’s Been Fixed in this Release

Auto-discovery: SNMP v3 is Not Processed Correctly (Intermittent)

Customer Request/Ticket numbers: NFC-12076

Upload yaml OID Set with New Device Group Name is not Allowed

Now when yaml OID set is uploaded with a new Device Group name, this Group is automatically added.

Customer Request/Ticket numbers: NFC-11992

2.11.2.0.32 Maintenance Release (April 30, 2025 - EOL: April 30, 2027)

What’s New in this Release

info

NFO Security Update

This security update includes the following:

• JRE 11.0.27 (CVE-2025-21587)
• Json-smart 2.5.2 (CVE-2024-57699)

Customer Request/Ticket numbers: NFC-11919

Added support for Open Telemetry (OTel) output

Customer Request/Ticket numbers: NFC-11811

Redesigned SNMP device group assigments

Customer Request/Ticket numbers: NFC-11941

Sending NFO/EDFN internal logs to syslog server or Splunk HEC

Customer Request/Ticket numbers: NFC-11926

Improved NFO Output Preview

Customer Request/Ticket numbers: NFC-11929

Option to fix out of sequence timestamps in NFv5 and IPFIX

Customer Request/Ticket numbers: NFC-11948

Usability improvments

• GUI for installations with multiple EDFNs

Customer Request/Ticket numbers: NFC-11972

2.11.1.1.1 Hotfix Release (March 9, 2025)

What’s New in this Release

SNMP Custom OID Sets Monitor bug fix

Download the Module set:

Utilities

Instructions how yo apply the fix

2.11.1.0.70 Maintenence Release (February 10, 2025 - EOL: February 10, 2027)

What’s New in this Release

info

NFO Security Update

This security update includes the following:

• Apache Tomcat 9.0.98
• JRE 11.0.25
• Implemented Cross-Site Request Forgery (CSRF) protection

Customer Request/Ticket numbers: NFC-10410

Improved performance for Linux 9

Customer Request/Ticket numbers: NFC-11837

Added support of IPv6 exp_ip sampling

Customer Request/Ticket numbers: NFC-11264

Improved performance for AWS S3 output

Customer Request/Ticket numbers: NFC-11337

Implement Preview output feature

Customer Request/Ticket numbers: NFC-11840, NFC-11805

Added support for post-NAT IP addresses in Network Conversations Module

Customer Request/Ticket numbers: NFC-11863

Changed default in Network Conversations Module

Changed default to report bi-directional conversations

Customer Request/Ticket numbers: NFC-11830

Improve Auto-discovery feature

• Added connections based on next_hop
• Added connections IEEE 802.1D devices
• Allow to enable/disable auto-disovery

Customer Request/Ticket numbers: NFC-11871, NFC-11838, NFC-11855

Implement exclusion list for port consolidation

In the list of known server destination port numbers, allow marking which server application ports should be processed with client ports reported.

Customer Request/Ticket numbers: NFC-11285

Added Azure VNet flow logs support

Customer Request/Ticket numbers: NFC-11648

Improve NFO license manager

Allow to exclude peer nodes from production usage count

Customer Request/Ticket numbers: NFC-11696

Improve SNMP service and Auto-discovery

Customer Request/Ticket numbers: NFC-11786

Improve NFO Status page and troubleshooting

Customer Request/Ticket numbers: NFC-11809, NFC-11810, NFC-11828, NFC-11833, NFC-11882,

Improve NFO upgrade procedure

Restore server.cfg file after upgrade

Customer Request/Ticket numbers: NFC-11786

What’s Been Fixed in this Release

TFS registration error occurs intermittently in NFO server for sFlow data

Customer Request/Ticket numbers: NFC-11308

The server drops TFS due to duplicate template registration within 10-second interval

Customer Request/Ticket numbers: NFC-11820

Modified NFO server.cfg file incorrectly synchronized with config DB

Customer Request/Ticket numbers: NFC-11850

Missing VNet exporter names for Microsoft Azure Flow Logs input

Customer Request/Ticket numbers: NFC-11867

2.11.0.0.95 Major Release (September 30, 2024 - EOL: September 30, 2026)

What’s New in this Release

Implemented automatic device discovery using SNMP polling, streamlining network monitoring setup

Customer Request/Ticket numbers: NFC-11588

Implemented NFO output filtering based on Module id (nfc_id)

Customer Request/Ticket numbers: NFC-11703

Okta SSO

Customer Request/Ticket numbers: NFC-11700

Implement EDFN agent for OpenCTI

Customer Request/Ticket numbers: NFC-10641

Implement EDFN agent for Cisco ACI Bridge Domain enrichment

Customer Request/Ticket numbers: NFC-10434

Added support for username reported by Palo Alto Networks, Cisco AVC, and IPFIX element 371

Customer Request/Ticket numbers: NFC-11707

Added Support for nexthop, allowing for detailed visualization of network traffic routing paths

Customer Request/Ticket numbers: NFC-11630

Added Support for NetScaler IPFIX elements: AppName, RTT, and TCP retransmits

Customer Request/Ticket numbers: NFC-11167

Improved Kafka output configuration

Customer Request/Ticket numbers: NFC-11213

Implemented "Catch all" in Repeater filters

Customer Request/Ticket numbers: NFC-11391

Performance improvement

Customer Request/Ticket numbers: NFC-11668

What’s Been Fixed in this Release

vCenter agent generates records with duplicate MAC addresses and zero IP addresses

Customer Request/Ticket numbers: NFC-11780

AWS S3 output: Some Syslog generated files missing the header row

Customer Request/Ticket numbers: NFC-11725

2.10.2.0.88 Maintenance Release (April 24, 2024 - EOL: April 24, 2026)

What’s New in this Release

info

NFO Security Update

This security update includes the following:

• Apache Tomcat 9.0.88
• JRE 11.0.23

Added Support for Oracle Cloud Infrastructure (OCI)

Customer Request/Ticket numbers: NFC-11422, NFC-11449

Added support for IPv6 in Security Threat Lists in Network Conversations Module

Customer Request/Ticket numbers: NFC-11296

Implemented Azure Logs Ingestion API (as Data Collector API will be deprecated)

Customer Request/Ticket numbers: NFC-11448

Added support for Original Flow Data and NetFlow Recorder to AWS S3 output

Customer Request/Ticket numbers: NFC-11197

Improved EDFN Agento to support AWS/Azure/GCP/OCI public IP ranges

Customer Request/Ticket numbers: NFC-11461

Added support for IPv6 in SNMP Polling and Traps

Customer Request/Ticket numbers: NFC-11481

Added support of SNMP Polling Configuration via YAML Packages

Customer Request/Ticket numbers: NFC-11554

Added ifHighSpeed OID to SNMP Polling

Customer Request/Ticket numbers: NFC-11486

Added new SNMP OIDs to interface_mon Set

Customer Request/Ticket numbers: NFC-11491

Performance Improvements

Customer Request/Ticket numbers: NFC-11318, NFC-11543

Various Usability Improvments

Customer Request/Ticket numbers: NFC-11469, NFC-11478, NFC-11480, NFC-11544, NFC-11575, NFC-11611

2.10.1.3.2 Hotfix Release (February 9, 2024)

What’s New in this Release

info

NFO Security Update

This security update addresses the following vulnerabilities:

• Apache Tomcat 9.0.85 (CVE-2023-46589, CVE-2023-42795, CVE-2023-44487)
• JRE 11.0.22 (the latest version)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

2.10.1.0.23 Maintenance Release (September 30, 2023 - EOL: September 30, 2025)

What’s New in this Release

info

NFO Security Update

This security update addresses the following vulnerabilities:

• Apache Tomcat 9.0.80 (CVE-2023-41080, CVE-2023-34981)

Improved SNMP Polling Statistics

Add SNMP polling requests queue length and the number of unresponsive devices to Status page.

Add unresponsive devices to NFO internal logs (nfo_audit.log).

Customer Request/Ticket numbers: NFC-11362, NFC-10408

Improved Error Logging for AWS S3 Output

Customer Request/Ticket numbers: NFC-11401

Improved Format for Original NetFlow Data Output

Customer Request/Ticket numbers: NFC-11412

Improved Formatting of Output Syslog and JSON Messages

Add an option to include nfo_hostname as key-value pair to Syslog output.

Customer Request/Ticket numbers: NFC-11374

2.10.0.1.6 Security Update Security update (July 24, 2023)

What’s New in this Release

info

NFO Security Update

This security update addresses the following vulnerabilities:

• OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)

EDFN

• AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
• Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
• SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)

NFO

• OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
• Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
• Json-smart 2.4.10 (CVE-2023-1370)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

2.10.0.0.140 Major Release (June 30, 2023 - EOL: June 30, 2025)

What’s New in this Release

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

Customer Request/Ticket numbers: NFC-10xxx

Implemented Support for Full IPv6 Network

Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.

Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278

Implemented Integration with Okta for User Identity Enrichment

Customer Request/Ticket numbers: NFC-11007

Added NFO Output to Microsoft Azure Log Analytics Workspace

Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)

Customer Request/Ticket numbers: NFC-11110

Added NFO Output to Microsoft Azure Blob Storage

Implemented new NFO Output Type - Azure Blob Storage

Customer Request/Ticket numbers: NFC-11151

AWS OpenSearch Output Upgrade

Upgrade OpenSearch library from 1.3 to 2.4

Customer Request/Ticket numbers: NFC-11181

Implemented NFO License Master

Customer Request/Ticket numbers: NFC-11139, NFC-11240

Implemented NFO Additional NFO Troubleshooting Features

Added NFv9/IPFIX templates logging

Customer Request/Ticket numbers: NFC-11183

Improved NFO Output Performance to AWS S3 Buckets

Customer Request/Ticket numbers: NFC-11191

Improved Microsoft AD Integration

Allow multiple user groups configuration

Customer Request/Ticket numbers: NFC-11292

Improved Integration with AlienVault (AT&T Cybersecurity)

Implement an option to use Pulses with malicious domains

Customer Request/Ticket numbers: NFC-11304

Improved Security in NFO Clouds Input/Output Configuration

Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205

Improved NFO Status Page Reporting

Customer Request/Ticket numbers: NFC-11234

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers

Customer Request/Ticket numbers: NFC-11142

What’s Been Fixed in this Release

[Module 1006x] Report client port when it is disabled

Customer Request/Ticket numbers: NFC-11132, NFC-11176

Known Issues

[Module 20062] S3 output failed with "no access" error code

Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:

Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

2.9.1.3.7 Security update (April 24, 2023)

What’s New in this Release

info

NFO Security Update

This security update fixes the following vulnerabilities:

• Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)

• Apache Commons FileUpload (CVE-2023-24998)

• Kafka client updated to 3.4.0 (CVE-2022-34917)

• OpenSearch client updated to 2.6.0 (CVE-2023-23612)

• HSQLDB (CVE-2022-41853)

• FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

• OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

2.9.1.2.3 Hotfix Release (November 14, 2022)

What’s New in this Release

info

NFO Security Update

NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).

NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.

Bug fix in Network Conversations Module

When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.

Customer Request/Ticket numbers: NFC-11127

Implement additional status values in Network Conversations Module

Add Forwarding Status reported by Cisco routers:

• action=U for forwardingStatus 00 (unknown)
• action=F for forwardingStatus 01 (forwarded)
• action=D for forwardingStatus 10 (dropped)
• action=C for forwardingStatus 11 (consumed)

Customer Request/Ticket numbers: NFC-11122

Performance improvements

Customer Request/Ticket numbers: NFC-11156

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

2.9.1.0.79 Maintenance Release (August 9, 2022 - EOL: August 9, 2024)

What’s New in this Release

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

JRE: zulu11.58.15-ca-jre11.0.16

tomcat: 9.0.65

spring: 5.3.22

spring-security: 5.7.2

log4j: 2.18.0

Customer Request/Ticket numbers: NFC-11071

Added NFO Output to AWS S3 Buckets

Implemented new NFO Output Type - AWS S3

Customer Request/Ticket numbers: NFC-10354

Added NFO Output to Kafka

Implemented new NFO Output Type - Kafka

Customer Request/Ticket numbers: NFC-10461

Added NFO Output to OpenSearch

Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)

Customer Request/Ticket numbers: NFC-10468

Added NFO Output to disk

Implemented new NFO Output Type - Disk

Customer Request/Ticket numbers: NFC-10486

Implemented Integration with AT&T Cybersecurity

Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm

Customer Request/Ticket numbers: NFC-11032

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules

Customer Request/Ticket numbers: NFC-10396

Improved Support for Multiple EDFNs Instalation

Added ability to enable / disabled EDFN agents in NFO GUI

Customer Request/Ticket numbers: NFC-11076

Added New Features in Network Conversation Module

1. Added an option not to report state=E events to further reduce output volume
2. Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
3. Added integration with MaxMind to enrich data with Autonomous System Number
4. Improved integration with Microsoft AD for user identity enrichment

Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072

Deprecate 'Known Threat Feeds hosts' in Security Module

Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor

Customer Request/Ticket numbers: NFC-10997

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

2.9.0.1.2 Security Update (April 15, 2022)

What’s New in this Release

info

NFO Security Update

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Customer Request/Ticket numbers: NFC-10476

2.9.0.0.189 Major Release (March 25, 2022 - EOL: March 25, 2024)

What’s New in this Release

info

NFO Security Update

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10453

Added New Features in Network Conversation Module

1. Added support for additional Azure and Google Cloud fields
2. Added User Identity (integrations with Microsoft AD, Microsoft Entra ID, Login/Logout via syslog)
3. Added Application enrichment
4. Added Reputation enrichment
5. Added option not to report denied flows
6. Added integration with VMware vCenter
7. Add TOS and AS fields
8. Implemented Application collector
9. Added GeoIP enrichment
10. Added SNMP enrichment
11. Added support for Cisco ACI (Bridge domains, Tenants)
12. Improved output to AWS S3 destination
13. Performance and usability improvments

Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.

Added NFO Output using Splunk HEC

Added ability to configure NFO output using Splunk HEC

Customer Request/Ticket numbers: NFC-10250

Added NFO Output to Splunk Observability Cloud

Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)

Customer Request/Ticket numbers: NFC-10299

Implemented Output Dictionary

Added ability to override field names in syslog key=value or JSON data elements

Customer Request/Ticket numbers: NFC-10322

Implemented New sFlow formats

Implemented new sFlow formats per https://sflow.org/developers/structures.php

Customer Request/Ticket numbers: NFC-10351

Improved SNMP Polling

Implemented better handling of devices not replying to SNMP polling

Customer Request/Ticket numbers: NFC-10170, NFC-10321

Support Cisco ACI

Implemented support for Cisco ACI fields

Customer Request/Ticket numbers: NFC-10406

Various Usability Improvments

Various cosmetic changes and usability improvments

Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389