Skip to main content
Version: Next

Release Notes

What’s New in this Release​



NFO Security Update​

Updated Java, Tomcat, and other libraries to the latest available security release.

Customer Request/Ticket numbers: NFC-10xxx

Implemented Support for Full IPv6 Network​

Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.

Customer Request/Ticket numbers: NFC-9998, NFC-9999

Implemented Integration with Okta for User Identity Enrichment​

Added NFO Output to Microsoft Azure Log Analytics Workspace​

Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)

Customer Request/Ticket numbers: NFC-11110

Added NFO Output to Microsoft Azure Blob Storage​

Implemented new NFO Output Type - Azure Blob Storage

Customer Request/Ticket numbers: NFC-11151

Added Support for Cisco SD-WAN​

Added Support for Cisco prorietary SD-WAN IPFIX fields

Customer Request/Ticket numbers: NFC-11169

Added Support for Citrix AppFlow​

Added Support for Citrix AppFlow IPFIX fields in Network Conversations Module

Customer Request/Ticket numbers: NFC-11167

Improved NFO Output to AWS S3 Buckets​

Improved Output Dictionary​

Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers

Customer Request/Ticket numbers: NFC-111142

Implemented NFO License Master​

Customer Request/Ticket numbers: NFC-111139

Build Hotfix (April 24, 2023)​


NFO Security Update​

This security update fixes the following vulnerabilities:

  • Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)

  • Apache Commons FileUpload (CVE-2023-24998)

  • Kafka client updated to 3.4.0 (CVE-2022-34917)

  • OpenSearch client updated to 2.6.0 (CVE-2023-23612)

  • HSQLDB (CVE-2022-41853)

  • FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

  • OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)


NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build Hotfix (November 14, 2022)​


NFO Security Update​

NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).

NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.

Bug fix in Network Conversations Module​

When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.

Customer Request/Ticket numbers: NFC-11127

Implement additional status values in Network Conversations Module​

Add Forwarding Status reported by Cisco routers:

  • action=U for forwardingStatus 00 (unknown)
  • action=F for forwardingStatus 01 (forwarded)
  • action=D for forwardingStatus 10 (dropped)
  • action=C for forwardingStatus 11 (consumed)

Customer Request/Ticket numbers: NFC-11122

Performance improvements​

Customer Request/Ticket numbers: NFC-11156


NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build (August 9, 2022)​


NFO Security Update​

Updated Java, Tomcat, and other libraries to the latest available security release.

JRE: zulu11.58.15-ca-jre11.0.16

tomcat: 9.0.65

spring: 5.3.22

spring-security: 5.7.2

log4j: 2.18.0

Customer Request/Ticket numbers: NFC-11071

Added NFO Output to AWS S3 Buckets​

Implemented new NFO Output Type - AWS S3

Customer Request/Ticket numbers: NFC-10354

Added NFO Output to Kafka​

Implemented new NFO Output Type - Kafka

Customer Request/Ticket numbers: NFC-10461

Added NFO Output to OpenSearch​

Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)

Customer Request/Ticket numbers: NFC-10468

Added NFO Output to disk​

Implemented new NFO Output Type - Disk

Customer Request/Ticket numbers: NFC-10486

Implemented Integration with AT&T Cybersecurity​

Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit

Customer Request/Ticket numbers: NFC-11032

Improved Output Dictionary​

Added support for NFO Output dictionary in various Modules

Customer Request/Ticket numbers: NFC-10396

Improved Support for Multiple EDFNs Instalation​

Added ability to enable / disabled EDFN agents in NFO GUI

Customer Request/Ticket numbers: NFC-11076

Added New Features in Network Conversation Module​

  1. Added an option not to report state=E events to further reduce output volume
  2. Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
  3. Added integration with MaxMind to enrich data with Autonomous System Number
  4. Improved integration with Microsoft AD for user identity enrichment

Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072

Deprecate 'Known Threat Feeds hosts' in Security Module​

Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor

Customer Request/Ticket numbers: NFC-10997


NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build (April 15, 2022)​


NFO Security Update​

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See for details.


NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Customer Request/Ticket numbers: NFC-10476

Build (March 25, 2022)​


NFO Security Update​

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10453

Added New Features in Network Conversation Module​

  1. Added support for additional Azure and Google Cloud fields
  2. Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
  3. Added Application enrichment
  4. Added Reputation enrichment
  5. Added option not to report denied flows
  6. Added integration with VMware vCenter
  7. Add TOS and AS fields
  8. Implemented Application collector
  9. Added GeoIP enrichment
  10. Added SNMP enrichment
  11. Added support for Cisco ACI (Bridge domains, Tenants)
  12. Improved output to AWS S3 destination
  13. Performance and usability improvments

Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.

Added NFO Output using Splunk HEC​

Added ability to configure NFO output using Splunk HEC

Customer Request/Ticket numbers: NFC-10250

Added NFO Output to Splunk Observability Cloud​

Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)

Customer Request/Ticket numbers: NFC-10299

Implemented Output Dictionary​

Added ability to override field names in syslog key=value or JSON data elements

Customer Request/Ticket numbers: NFC-10322

Implemented New sFlow formats​

Implemented new sFlow formats per

Customer Request/Ticket numbers: NFC-10351

Improved SNMP Polling​

Implemented better handling of devices not replying to SNMP polling

Customer Request/Ticket numbers: NFC-10170, NFC-10321

Support Cisco ACI​

Implemented support for Cisco ACI fields

Customer Request/Ticket numbers: NFC-10406

Various Usability Improvments​

Various cosmetic changes and usability improvments

Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389

Build (September 9, 2021)​


NFO Security Update​

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10175

Added New features in Network Conversation Module​

  1. Added input_snmp and output_snmp fields
  2. Added support of firewallEvent IPFIX field
  3. Improve output configuration
  4. Added list of local IPv6 subnets for direction identification for IPv6 traffic
  5. Minor bug fixes and cosmetic improvements

Customer Request/Ticket numbers: NFC-9873, NFC-10056, NFC-10105, NFC-10143, NFC-10148, NFC-10151

Improved SNMP polling​

  1. Implemented better handling of bulk requests and timeouts
  2. Implemented EDFN Agent to improve onboarding of new devices

Customer Request/Ticket numbers: NFC-9849, NFC-10065

Improved AWS VPC Flow logs support in Top Traffic Monitor Module (nfc_id=20067)​

Added interface-id field to output of this Module for AWS VPC Flow logs

Customer Request/Ticket numbers: NFC-9768

Improved DNS Traffic Monitoring​

Added an option to include or exclude blocked DNS traffic reporting

Customer Request/Ticket numbers: NFC-10029

Improved TCP Health Monitor​

Added exp_ip to TCP Health Module reporting TCP Resets

Customer Request/Ticket numbers: NFC-10069

Build (June 14, 2021)​


NFO Security Update​

Updated Java, Tomcat, Jquery, Net-SNMP, Azure storage libraries, and Net-SNMP library to the latest available security release. Removed support for TSL 1.0 as it is no longer supported.

Customer Request/Ticket numbers: NFC-9451, NFC-9588, NFC-9608, NFC-9904

NFO UI Upgrade​

This release contains multiple usability improvements. Added left navigation to easily switch between various configuration sections. Added statistical counters to Status page and NFO header.

Customer Request/Ticket numbers: NFC-9570, NFC-9878, NFC-9895, NFC-9954, NFC-9978

Implemented Network Conversations Module (10062)​

This Module reports consolidated network conversations. Optionally it stitches client-server request-response flows, reporting bytes and packets server-to-client and client-to-server in separate fields. It also calculates and reports conversation metrics such as Duration (TCP session duration), State (Begin, Continue, End), Action (Accepted or Rejected), etc. The Network Conversations Module allows you to configure output fields, and to select dual destinations: UDP output and AWS S3

Customer Request/Ticket numbers: NFC-9797, NFC-9872, NFC-9873, NFC-9874, NFC-9953, NFC-9987, NFC-10041

Added JSON Output Type​

Now you can configure sending data in syslog format to one destination and at the same time send the same data in JSON format to another destination

Customer Request/Ticket numbers: NFC-9449

Added Clickhouse Output Type​

Now you can send your flow data to Clickhouse database:

Customer Request/Ticket numbers: NFC-9457

Added Output Messages Rate​

Now you can see the NFO real-time output rate in messages/sec

Customer Request/Ticket numbers: NFC-9843

Improved DNS Monitoring Modules​

Added dest_ip to DNS users message

Customer Request/Ticket numbers: NFC-10023

Improved Cisco AnyConnect Module​

This Module reports Cisco AnyConnect NVM Flow Logs. It supports nvzFlow v3 and nvzFlow v4.

Customer Request/Ticket numbers: NFC-9582, NFC-9640

Added support of AWS VPC Flow logs v3 and other AWS VPC Flow logs processing improvements​

Customer Request/Ticket numbers: NFC-9936, NFC-9943

Implemented Zeek Module (10061) (only available on request)​

This Module reports NetFlow, IPFIX, sFlow, Azure NSG Flow logs, AWS VPC Flow logs, and Google VPC Flow logs in Zeek conn.log format.

Customer Request/Ticket numbers: NFC-9595, NFC-9596, NFC-9597, NFC-9611

Added MAC address reporting​

Added source and destination MAC address to Top Traffic/Top Packets/Top Connections Modules.

Customer Request/Ticket numbers: NFC-9711

Added an option to ignore denied events in security Modules​

Added ability to enable or disable reporting security events for denied flows.

Customer Request/Ticket numbers: NFC-9614

Improved SNMP Polling Service and OIDs sets Module configuration​

Introduced β€œDevice Group” to improve management of OID sets. For example, Palo Alto Networks (PAN) polling requests are now sent only to PAN devices. Improves OID sets configuration. Allow to enable/disable SNMP polling by OID sets. Improved logging for troubleshooting

Customer Request/Ticket numbers: NFC-9817, NFC-9840, NFC-9841, NFC-9842, NFC-9844, NFC-9869, NFC-9870, NFC-9889

Improved FQDN (Reverse-DNS) Lookup Service​

Added ability to exclude certain subnets (e.g. private subnets) from DNS lookups. Implement priorities.

Customer Request/Ticket numbers: NFC-9598, NFC-9720, NFC-9746

Added support of Azure Services and Regions​

Resolve Azure Service name and Region based on source/destination IP addresses, both IPv4 and IPv6.

Customer Request/Ticket numbers: NFC-9609, NFC-9740

Added support for Azure IPv6 Ranges​

Customer Request/Ticket numbers: NFC-9740

Added support of bidirectional flows in flow-stitching Modules​

Use OUT_BYTES, OUT_PKTS, initiatorOctets, initiatorPackets fields if reported by bi-directional flow exporters.

Customer Request/Ticket numbers: NFC-9529

Improved external Data Feeder​

Optimized external Data Feeder GeoIP and VMware vCenter agents to feed data to multiple Modules. Added sampling support.

Customer Request/Ticket numbers: NFC-9660, NFC-9661, NFC-9690

Improved NFO Internal Logging​

Report read/write UDP buffer error counts. Report exporter IP address that sends flow records failing validation.

Customer Request/Ticket numbers: NFC-9583, NFC-9745

Various bug fixes, usability and stability improvements​

Customer Request/Ticket numbers: NFC-9747, NFC-9804, NFC-9777, NFC-9778, NFC-9101

Build - Security Update (May 13, 2021)​


Security update​

This release is to close known security vulnerabilities in Tomcat.

NFO is rebuilt with Tomcat 9.0.45.

To download this release please visit

Build - HotFix (March 11, 2021)​

This hotfix is to enable Repeater output filtering based on the list of exporter IPs and/or exporter IP subnets.

Customer Request/Ticket numbers: NFC-9928

To download this release please visit

What’s Been Fixed in this Release​


[Module 10062] Intermittent Incorrect Enrichment of src_vm_name​

Customer Request/Ticket numbers: NFC-10471

[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domains​

Customer Request/Ticket numbers: NFC-10485

[Module 10062] Fix Application Collector​

Application collector should ignore client ports.

Customer Request/Ticket numbers: NFC-11003


[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platform​

Customer Request/Ticket numbers: NFC-10398

[Module 10053] Truncated syslog and incorrect JSON produced​

Customer Request/Ticket numbers: NFC-10416

SNMP is not working if authPriv selected with SHA and AES​

Customer Request/Ticket numbers: NFC-10417


Security Modules do not process some types of NetFlow version 9​

Customer Request/Ticket numbers: NFC-10199

Intermittent Bug - incorrect avg_time​

Service Performance Monitor Module incorrectly calculates avg_time

Customer Request/Ticket numbers: NFC-9695

Bug in Network Conversations Deduplication​

Fixed deduplication logic, and state reporting

Customer Request/Ticket numbers: NFC-10090, NFC-10161

Bug in Network Conversations Sampling calculation​

Fixed bug in multiplying bytes and packets by sampling rate

Customer Request/Ticket numbers: NFC-10093

Bug in Network Conversations DCI reporting​

Fixed bug in reporting t_int value

Customer Request/Ticket numbers: NFC-10093


Bug in bytes/packets reporting in Cisco ASA NetFlow​

Customer Request/Ticket numbers: NFC-9622

Bug SNMP Custom OID Sets Monitor​

Module crashed when polling HP memory utilization OIDs

Customer Request/Ticket numbers: NFC-9896

Bug in Original Flow Data Conversion Service​

Issue with using Custom IPFIX Information Elements lookup

Customer Request/Ticket numbers: NFC-10055

Memory Leak when Module 10103 and Module 10067 Are Enabled​

Fix memory leak when both Modules are enabled

Customer Request/Ticket numbers: NFC-9923

Fixed Issues using Safari Browser​

Customer Request/Ticket numbers: NFC-10038


Intermittent Error in FQDN Service​

Affected Platforms: All

Description: FQDN service intermittently raises errors when Google VPC Flow Logs Module 10301 is enabled.

Customer Request/Ticket numbers: NFC-9486

Bug in DNS Monitor Module does handling NetFlow v5​

Affected Platforms: All

Description: DNS Monitor Module does not produce output for NetFlow v5. NetFlow v9, IPFIX, and other *flow formats are working correctly.

Customer Request/Ticket numbers: NFC-9249

AWS Top Traffic Monitor intermitently reports 0 observation time interval​

Affected Platforms: All

Description: This Module intermitently reports 0 observation time interval.

Customer Request/Ticket numbers: NFC-9486

Various minor bug fixes​


VMware vCenter integration: unable to add 10Gibit pNIC​

Affected Platforms: All

Description: The following message is displayed:


Customer Request/Ticket numbers: NFC-9177


Memory Leak after Known malicious hosts list has been updated​

Affected Platforms: All

Description: When known malicious hosts list is updated manually or via Updater, about 19MB of memory is not released.

Customer Request/Ticket numbers: NFC-7023

[Module 10103] Output produces separate syslog with non-table values when module is polling table data and scalar (non-table) data configured in the same OID set​

Affected Platforms: All

Customer Request/Ticket numbers: NFC-8466

[Module 10103] Intermittent problem sending Module output​

Affected Platforms: All

Customer Request/Ticket numbers: NFC-9120

Partial or complete lack of syslog output becuse of malformed KRON output​

The Windows Filtering Platform prevents NFO Controller from a bind to a local port at some point on Windows Server 2016 platform​

Affected Platforms: Windows 7/10, Windows Server 2012/2016

Description: When a block of a bind to a local port happens, NFO Controller warns on Status page that NFO Sever is unavailable and restarts it.

Customer Request/Ticket numbers: NFC-8505

Various bug fixes​

Known Issues​


[Module 20062] S3 output failed with "no access" error code​

Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:

Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt