- Update to version 5.0
  Breakthroughs
  * Advanced alerts engine with security features, including the
    detection of attackers and victims.
    + Integration of 30+ nDPI security risks.
    + Generation of the score indicator of compromise for hosts,
      interfaces and other network elements.
  * Ability to collect flows from hundredths of routers by means of
    observation points.
  * Anomaly detection based on Double Exponential Smoothing (DES)
    to uncover possibly suspicious behaviors in the traffic and in
    the score.
  * Encrypted Traffic Analysis (ETA) with special emphasis on the
    TLS to uncover self-signed, expired, invalid certificates and
    other issues.
  New features
  * Ability to configure alert exclusions for individual hosts to
    mitigate false positives.
  * Ability to see the TX/RX traffic breakdown both for physical
    interfaces and when receiving traffic from nProbe.
  * Add support for ECS when exporting to Syslog.
  * Improved TCP analysis, including analysis of TCP flows with
    zero window and low goodput.
  * Ability to send alerts to Slack.
  * Implementation of a token-based REST API access.
  Improvements
  * Reworked the execution of hosts and flows checks (formerly user
    scripts), yielding a reduced CPU load of about 50% .
  * Improved 100Kfps+ NetFlow/sFlow collection performance.
  * Drilldown of nIndex historical flows much more flexible.

• Files Changed
• Browse Source