Skip to main content
Version: 2.11.0

Release Notes

What’s New in this Release

Build 2.11.0.0.95 (September 30, 2024 - EOL: September, 2026)

Implemented automatic device discovery using SNMP polling, streamlining network monitoring setup

Customer Request/Ticket numbers: NFC-11588

Implemented NFO output filtering based on Module id (nfc_id)

Customer Request/Ticket numbers: NFC-11703

Okta SSO

Customer Request/Ticket numbers: NFC-11700

Implement EDFN agent for OpenCTI

Customer Request/Ticket numbers: NFC-10641

Implement EDFN agent for Cisco ACI Bridge Domain enrichment

Customer Request/Ticket numbers: NFC-10434

Added support for username reported by Palo Alto Networks, Cisco AVC, and IPFIX element 371

Customer Request/Ticket numbers: NFC-11707

Added Support for nexthop, allowing for detailed visualization of network traffic routing paths

Customer Request/Ticket numbers: NFC-11630

Added Support for NetScaler IPFIX elements: AppName, RTT, and TCP retransmits

Customer Request/Ticket numbers: NFC-11167

Improved Kafka output configuration

Customer Request/Ticket numbers: NFC-11213

Implemented "Catch all" in Repeater filters

Customer Request/Ticket numbers: NFC-11391

Performance improvement

Customer Request/Ticket numbers: NFC-11668

Build 2.10.2.0.88 (April 24, 2024 - EOL: April 24, 2026)

info

NFO Security Update

This security update includes the following:

  • Apache Tomcat 9.0.88
  • JRE 11.0.23

Added Support for Oracle Cloud Infrastructure (OCI)

Customer Request/Ticket numbers: NFC-11422, NFC-11449

Added support for IPv6 in Security Threat Lists in Network Conversations Module

Customer Request/Ticket numbers: NFC-11296

Implemented Azure Logs Ingestion API (as Data Collector API will be deprecated)

Customer Request/Ticket numbers: NFC-11448

Added support for Original Flow Data and NetFlow Recorder to AWS S3 output

Customer Request/Ticket numbers: NFC-11197

Improved EDFN Agento to support AWS/Azure/GCP/OCI public IP ranges

Customer Request/Ticket numbers: NFC-11461

Added support for IPv6 in SNMP Polling and Traps

Customer Request/Ticket numbers: NFC-11481

Added support of SNMP Polling Configuration via YAML Packages

Customer Request/Ticket numbers: NFC-11554

Added ifHighSpeed OID to SNMP Polling

Customer Request/Ticket numbers: NFC-11486

Added new SNMP OIDs to interface_mon Set

Customer Request/Ticket numbers: NFC-11491

Performance Improvements

Customer Request/Ticket numbers: NFC-11318, NFC-11543

Various Usability Improvments

Customer Request/Ticket numbers: NFC-11469, NFC-11478, NFC-11480, NFC-11544, NFC-11575, NFC-11611

Build 2.10.1.3.2 Hotfix (February 9, 2024)

info

NFO Security Update

This security update addresses the following vulnerabilities:

  • Apache Tomcat 9.0.85 (CVE-2023-46589, CVE-2023-42795, CVE-2023-44487)
  • JRE 11.0.22 (the latest version)
Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.10.1.0.23 (September 30, 2023 - EOL: September 30, 2025)

info

NFO Security Update

This security update addresses the following vulnerabilities:

  • Apache Tomcat 9.0.80 (CVE-2023-41080, CVE-2023-34981)

Improved SNMP Polling Statistics

Add SNMP polling requests queue length and the number of unresponsive devices to Status page.

Add unresponsive devices to NFO internal logs (nfo_audit.log).

Customer Request/Ticket numbers: NFC-11362, NFC-10408

Improved Error Logging for AWS S3 Output

Customer Request/Ticket numbers: NFC-11401

Improved Format for Original NetFlow Data Output

Customer Request/Ticket numbers: NFC-11412

Improved Formatting of Output Syslog and JSON Messages

Add an option to include nfo_hostname as key-value pair to Syslog output.

Customer Request/Ticket numbers: NFC-11374

Build 2.10.0.1.6 Security update (July 24, 2023)

info

NFO Security Update

This security update addresses the following vulnerabilities:

  • OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN
  • AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
  • Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
  • SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO
  • OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
  • Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
  • Json-smart 2.4.10 (CVE-2023-1370)
Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.10.0.0.140 (June 30, 2023 - EOL: June 30, 2025)

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

Customer Request/Ticket numbers: NFC-10xxx

Implemented Support for Full IPv6 Network

Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.

Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278

Implemented Integration with Okta for User Identity Enrichment

Customer Request/Ticket numbers: NFC-11007

Added NFO Output to Microsoft Azure Log Analytics Workspace

Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)

Customer Request/Ticket numbers: NFC-11110

Added NFO Output to Microsoft Azure Blob Storage

Implemented new NFO Output Type - Azure Blob Storage

Customer Request/Ticket numbers: NFC-11151

AWS OpenSearch Output Upgrade

Upgrade OpenSearch library from 1.3 to 2.4

Customer Request/Ticket numbers: NFC-11181

Implemented NFO License Master

Customer Request/Ticket numbers: NFC-11139, NFC-11240

Implemented NFO Additional NFO Troubleshooting Features

Added NFv9/IPFIX templates logging

Customer Request/Ticket numbers: NFC-11183

Improved NFO Output Performance to AWS S3 Buckets

Customer Request/Ticket numbers: NFC-11191

Improved Microsoft AD Integration

Allow multiple user groups configuration

Customer Request/Ticket numbers: NFC-11292

Improved Integration with AlienVault (AT&T Cybersecurity)

Implement an option to use Pulses with malicious domains

Customer Request/Ticket numbers: NFC-11304

Improved Security in NFO Clouds Input/Output Configuration

Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205

Improved NFO Status Page Reporting

Customer Request/Ticket numbers: NFC-11234

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers

Customer Request/Ticket numbers: NFC-11142

Build 2.9.1.3.7 Security update (April 24, 2023)

info

NFO Security Update

This security update fixes the following vulnerabilities:

  • Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)

  • Apache Commons FileUpload (CVE-2023-24998)

  • Kafka client updated to 3.4.0 (CVE-2022-34917)

  • OpenSearch client updated to 2.6.0 (CVE-2023-23612)

  • HSQLDB (CVE-2022-41853)

  • FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)

  • OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .rpm

EDFN Linux .tar.gz

EDFN Windows

Build 2.9.1.2.3 Hotfix (November 14, 2022)

info

NFO Security Update

NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).

NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.

Bug fix in Network Conversations Module

When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.

Customer Request/Ticket numbers: NFC-11127

Implement additional status values in Network Conversations Module

Add Forwarding Status reported by Cisco routers:

  • action=U for forwardingStatus 00 (unknown)
  • action=F for forwardingStatus 01 (forwarded)
  • action=D for forwardingStatus 10 (dropped)
  • action=C for forwardingStatus 11 (consumed)

Customer Request/Ticket numbers: NFC-11122

Performance improvements

Customer Request/Ticket numbers: NFC-11156

Downloads:

NFO Linux .rpm

NFO Linux .tar.gz

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.1.0.79 (August 9, 2022 - EOL: August 9, 2024)

info

NFO Security Update

Updated Java, Tomcat, and other libraries to the latest available security release.

JRE: zulu11.58.15-ca-jre11.0.16

tomcat: 9.0.65

spring: 5.3.22

spring-security: 5.7.2

log4j: 2.18.0

Customer Request/Ticket numbers: NFC-11071

Added NFO Output to AWS S3 Buckets

Implemented new NFO Output Type - AWS S3

Customer Request/Ticket numbers: NFC-10354

Added NFO Output to Kafka

Implemented new NFO Output Type - Kafka

Customer Request/Ticket numbers: NFC-10461

Added NFO Output to OpenSearch

Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)

Customer Request/Ticket numbers: NFC-10468

Added NFO Output to disk

Implemented new NFO Output Type - Disk

Customer Request/Ticket numbers: NFC-10486

Implemented Integration with AT&T Cybersecurity

Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm

Customer Request/Ticket numbers: NFC-11032

Improved Output Dictionary

Added support for NFO Output dictionary in various Modules

Customer Request/Ticket numbers: NFC-10396

Improved Support for Multiple EDFNs Instalation

Added ability to enable / disabled EDFN agents in NFO GUI

Customer Request/Ticket numbers: NFC-11076

Added New Features in Network Conversation Module

  1. Added an option not to report state=E events to further reduce output volume
  2. Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
  3. Added integration with MaxMind to enrich data with Autonomous System Number
  4. Improved integration with Microsoft AD for user identity enrichment

Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072

Deprecate 'Known Threat Feeds hosts' in Security Module

Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor

Customer Request/Ticket numbers: NFC-10997

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Build 2.9.0.1.2 Security update (April 15, 2022)

info

NFO Security Update

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.

Downloads:

NFO Linux .tar.gz

NFO Linux .rpm

NFO Windows

EDFN Linux .tar.gz

EDFN Linux .rpm

EDFN Windows

Customer Request/Ticket numbers: NFC-10476

Build 2.9.0.0.189 (March 25, 2022 - EOL: March 25, 2024)

info

NFO Security Update

Updated Java and Tomcat to the latest available security release.

Customer Request/Ticket numbers: NFC-10453

Added New Features in Network Conversation Module

  1. Added support for additional Azure and Google Cloud fields
  2. Added User Identity (integrations with Microsoft AD, Azure AD, Login/Logout via syslog)
  3. Added Application enrichment
  4. Added Reputation enrichment
  5. Added option not to report denied flows
  6. Added integration with VMware vCenter
  7. Add TOS and AS fields
  8. Implemented Application collector
  9. Added GeoIP enrichment
  10. Added SNMP enrichment
  11. Added support for Cisco ACI (Bridge domains, Tenants)
  12. Improved output to AWS S3 destination
  13. Performance and usability improvments

Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.

Added NFO Output using Splunk HEC

Added ability to configure NFO output using Splunk HEC

Customer Request/Ticket numbers: NFC-10250

Added NFO Output to Splunk Observability Cloud

Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)

Customer Request/Ticket numbers: NFC-10299

Implemented Output Dictionary

Added ability to override field names in syslog key=value or JSON data elements

Customer Request/Ticket numbers: NFC-10322

Implemented New sFlow formats

Implemented new sFlow formats per https://sflow.org/developers/structures.php

Customer Request/Ticket numbers: NFC-10351

Improved SNMP Polling

Implemented better handling of devices not replying to SNMP polling

Customer Request/Ticket numbers: NFC-10170, NFC-10321

Support Cisco ACI

Implemented support for Cisco ACI fields

Customer Request/Ticket numbers: NFC-10406

Various Usability Improvments

Various cosmetic changes and usability improvments

Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389

What’s Been Fixed in this Release

Build 2.11.0.0.95

vCenter agent generates records with duplicate MAC addresses and zero IP addresses

Customer Request/Ticket numbers: NFC-11780

AWS S3 output: Some Syslog generated files missing the header row

Customer Request/Ticket numbers: NFC-11725

Build 2.10.0.0.140

[Module 1006x] Report client port when it is disabled

Customer Request/Ticket numbers: NFC-11132, NFC-11176

Build 2.9.1.0.79

[Module 10062] Intermittent Incorrect Enrichment of src_vm_name

Customer Request/Ticket numbers: NFC-10471

[Module 10062] Intermittent Incorrect Enrichment for Cisco ACI Bridge Domains

Customer Request/Ticket numbers: NFC-10485

[Module 10062] Fix Application Collector

Application collector should ignore client ports.

Customer Request/Ticket numbers: NFC-11003

Build 2.9.0.0.189

[Module 10003] SNMP v3 request fails with 'USM encryption error' on Windows platform

Customer Request/Ticket numbers: NFC-10398

[Module 10053] Truncated syslog and incorrect JSON produced

Customer Request/Ticket numbers: NFC-10416

SNMP is not working if authPriv selected with SHA and AES

Customer Request/Ticket numbers: NFC-10417

Known Issues

Build 2.10.0.0.140

[Module 20062] S3 output failed with "no access" error code

Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:

Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)

sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt