Skip to main content
Version: Next

Release Notes

What’s New in this Release​

Build 2.10.2.0.x (TBD)​

info

NFO Security Update​

This security update addresses the following vulnerabilities:

  • OpenJDK (CVE-...)

Performance Improvements: Network Conversation Module​

Customer Request/Ticket numbers: NFC-11318

Performance Improvements: AWS Output​

Customer Request/Ticket numbers: NFC-11337

Implemented "Catch All" Option in Repeater Filter Service​

Customer Request/Ticket numbers: NFC-11391

Added support for IPv6 in Security Threat Lists in Network Conversations Module​

Customer Request/Ticket numbers: NFC-11296

Build 2.10.1.0.x (September 30, 2023)​

info

NFO Security Update​

This security update addresses the following vulnerabilities:

  • OpenJDK (CVE-...)

Improved SNMP Polling Statistics​

Add SNMP polling requests queue length and the number of unresponsive devices to Status page.

Add unresponsive devices to NFO internal logs.

Customer Request/Ticket numbers: NFC-11362, NFC-10408

Improved Error Logging for AWS S3 Output​

Customer Request/Ticket numbers: NFC-11401

Improved Format for Original NetFlow Data Output​

Customer Request/Ticket numbers: NFC-11412

Improved Formating of Output Syslog and JSON Messages​

Customer Request/Ticket numbers: NFC-11374

Build 2.10.0.1.6 (July 24, 2023)​

info

NFO Security Update​

This security update addresses the following vulnerabilities:

  • OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN​
  • AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
  • Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
  • SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO​
  • OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
  • Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
  • Json-smart 2.4.10 (CVE-2023-1370)
Downloads:​

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.10.0.0.140 (June 30, 2023)​

info

NFO Security Update​

Updated Java, Tomcat, and other libraries to the latest available security release.

Customer Request/Ticket numbers: NFC-10xxx

Implemented Support for Full IPv6 Network​

Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.

Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278

Implemented Integration with Okta for User Identity Enrichment​

Customer Request/Ticket numbers: NFC-11007

Added NFO Output to Microsoft Azure Log Analytics Workspace​

Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)

Customer Request/Ticket numbers: NFC-11110

Added NFO Output to Microsoft Azure Blob Storage​

Implemented new NFO Output Type - Azure Blob Storage

Customer Request/Ticket numbers: NFC-11151

AWS OpenSearch Output Upgrade​

Upgrade OpenSearch library from 1.3 to 2.4

Customer Request/Ticket numbers: NFC-11181

Implemented NFO License Master​

Customer Request/Ticket numbers: NFC-11139, NFC-11240

Implemented NFO Additional NFO Troubleshooting Features​

Added NFv9/IPFIX templates logging

Customer Request/Ticket numbers: NFC-11183

Improved NFO Output Performance to AWS S3 Buckets​

Customer Request/Ticket numbers: NFC-11191

Improved Microsoft AD Integration​

Allow multiple user groups configuration

Customer Request/Ticket numbers: NFC-11292

Improved Integration with AlienVault (AT&T Cybersecurity)​

Implement an option to use Pulses with malicious domains

Customer Request/Ticket numbers: NFC-11304

Improved Security in NFO Clouds Input/Output Configuration​

Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205

Improved NFO Status Page Reporting​

Customer Request/Ticket numbers: NFC-11234

Improved Output Dictionary​

Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers

Customer Request/Ticket numbers: NFC-11142

Build 2.9.1.3.7 Hotfix (April 24, 2023)​

info

NFO Security Update​

This security update fixes the following vulnerabilities:

  • Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)

  • Apache Commons FileUpload (CVE-2023-24998)

  • Kafka client updated to 3.4.0 (CVE-2022-34917)

  • OpenSearch client updated to 2.6.0 (CVE-2023-23612)

  • HSQLDB (CVE-2022-41853)

  • FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

  • OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.9.1.2.3 Hotfix (November 14, 2022)​

info

NFO Security Update​

NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).

NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.

Bug fix in Network Conversations Module​

When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.

Customer Request/Ticket numbers: NFC-11127

Implement additional status values in Network Conversations Module​

Add Forwarding Status reported by Cisco routers:

  • action=U for forwardingStatus 00 (unknown)
  • action=F for forwardingStatus 01 (forwarded)
  • action=D for forwardingStatus 10 (dropped)
  • action=C for forwardingStatus 11 (consumed)

Customer Request/Ticket numbers: NFC-11122

Performance improvements​

Customer Request/Ticket numbers: NFC-11156

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.1.0.79 (August 9, 2022)​

info

NFO Security Update​

Updated Java, Tomcat, and other libraries to the latest available security release.

JRE: zulu11.58.15-ca-jre11.0.16

tomcat: 9.0.65

spring: 5.3.22

spring-security: 5.7.2

log4j: 2.18.0

Customer Request/Ticket numbers: NFC-11071

Added NFO Output to AWS S3 Buckets​

Implemented new NFO Output Type - AWS S3

Customer Request/Ticket numbers: NFC-10354

Added NFO Output to Kafka​

Implemented new NFO Output Type - Kafka

Customer Request/Ticket numbers: NFC-10461

Added NFO Output to OpenSearch​

Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)

Customer Request/Ticket numbers: NFC-10468

Added NFO Output to disk​

Implemented new NFO Output Type - Disk

Customer Request/Ticket numbers: NFC-10486

Implemented Integration with AT&T Cybersecurity​

Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm

Customer Request/Ticket numbers: NFC-11032

Improved Output Dictionary​

Added support for NFO Output dictionary in various Modules

Customer Request/Ticket numbers: NFC-10396

Improved Support for Multiple EDFNs Instalation​

Added ability to enable / disabled EDFN agents in NFO GUI

Customer Request/Ticket numbers: NFC-11076

Added New Features in Network Conversation Module​

  1. Added an option not to report state=E events to further reduce output volume
  2. Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
  3. Added integration with MaxMind to enrich data with Autonomous System Number
  4. Improved integration with Microsoft AD for user identity enrichment

Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072

Deprecate 'Known Threat Feeds hosts' in Security Module​

Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor

Customer Request/Ticket numbers: NFC-10997

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.0.1.2 (April 15, 2022)​

info

NFO Security Update​

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Customer Request/Ticket numbers: NFC-10476

Build 2.9.0.0.189 (March 25, 2022)​

info

NFO Security Update​

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10453

Added New Features in Network Conversation Module​

  1. Added support for additional Azure and Google Cloud fields
  2. Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
  3. Added Application enrichment
  4. Added Reputation enrichment
  5. Added option not to report denied flows
  6. Added integration with VMware vCenter
  7. Add TOS and AS fields
  8. Implemented Application collector
  9. Added GeoIP enrichment
  10. Added SNMP enrichment
  11. Added support for Cisco ACI (Bridge domains, Tenants)
  12. Improved output to AWS S3 destination
  13. Performance and usability improvments

Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.

Added NFO Output using Splunk HEC​

Added ability to configure NFO output using Splunk HEC

Customer Request/Ticket numbers: NFC-10250

Added NFO Output to Splunk Observability Cloud​

Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)

Customer Request/Ticket numbers: NFC-10299

Implemented Output Dictionary​

Added ability to override field names in syslog key=value or JSON data elements

Customer Request/Ticket numbers: NFC-10322

Implemented New sFlow formats​

Implemented new sFlow formats per https://sflow.org/developers/structures.php

Customer Request/Ticket numbers: NFC-10351

Improved SNMP Polling​

Implemented better handling of devices not replying to SNMP polling

Customer Request/Ticket numbers: NFC-10170, NFC-10321

Support Cisco ACI​

Implemented support for Cisco ACI fields

Customer Request/Ticket numbers: NFC-10406

Various Usability Improvments​

Various cosmetic changes and usability improvments

Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389

Build 2.8.1.0.75 (September 9, 2021)​

info

NFO Security Update​

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10175

Added New features in Network Conversation Module​

  1. Added input_snmp and output_snmp fields
  2. Added support of firewallEvent IPFIX field
  3. Improve output configuration
  4. Added list of local IPv6 subnets for direction identification for IPv6 traffic
  5. Minor bug fixes and cosmetic improvements

Customer Request/Ticket numbers: NFC-9873, NFC-10056, NFC-10105, NFC-10143, NFC-10148, NFC-10151

Improved SNMP polling​

  1. Implemented better handling of bulk requests and timeouts
  2. Implemented EDFN Agent to improve onboarding of new devices

Customer Request/Ticket numbers: NFC-9849, NFC-10065

Improved AWS VPC Flow logs support in Top Traffic Monitor Module (nfc_id=20067)​

Added interface-id field to output of this Module for AWS VPC Flow logs

Customer Request/Ticket numbers: NFC-9768

Improved DNS Traffic Monitoring​

Added an option to include or exclude blocked DNS traffic reporting

Customer Request/Ticket numbers: NFC-10029

Improved TCP Health Monitor​

Added exp_ip to TCP Health Module reporting TCP Resets

Customer Request/Ticket numbers: NFC-10069

What’s Been Fixed in this Release​

Build 2.10.0.0.140​

[Module 1006x] Report client port when it is disabled​

Customer Request/Ticket numbers: NFC-11132, NFC-11176

Build 2.9.1.0.79​

[Module 10062] Intermittent Incorrect Enrichment of src_vm_name​

Customer Request/Ticket numbers: NFC-10471

[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domains​

Customer Request/Ticket numbers: NFC-10485

[Module 10062] Fix Application Collector​

Application collector should ignore client ports.

Customer Request/Ticket numbers: NFC-11003

Build 2.9.0.0.189​

[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platform​

Customer Request/Ticket numbers: NFC-10398

[Module 10053] Truncated syslog and incorrect JSON produced​

Customer Request/Ticket numbers: NFC-10416

SNMP is not working if authPriv selected with SHA and AES​

Customer Request/Ticket numbers: NFC-10417

Build 2.8.1.0.75​

Security Modules do not process some types of NetFlow version 9​

Customer Request/Ticket numbers: NFC-10199

Intermittent Bug - incorrect avg_time​

Service Performance Monitor Module incorrectly calculates avg_time

Customer Request/Ticket numbers: NFC-9695

Bug in Network Conversations Deduplication​

Fixed deduplication logic, and state reporting

Customer Request/Ticket numbers: NFC-10090, NFC-10161

Bug in Network Conversations Sampling calculation​

Fixed bug in multiplying bytes and packets by sampling rate

Customer Request/Ticket numbers: NFC-10093

Bug in Network Conversations DCI reporting​

Fixed bug in reporting t_int value

Customer Request/Ticket numbers: NFC-10093

Known Issues​

Build 2.10.0.0.140​

[Module 20062] S3 output failed with "no access" error code​

Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:

Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt