- Update to version 5.0
Breakthroughs
* Advanced alerts engine with security features, including the
detection of attackers and victims.
+ Integration of 30+ nDPI security risks.
+ Generation of the score indicator of compromise for hosts,
interfaces and other network elements.
* Ability to collect flows from hundredths of routers by means of
observation points.
* Anomaly detection based on Double Exponential Smoothing (DES)
to uncover possibly suspicious behaviors in the traffic and in
the score.
* Encrypted Traffic Analysis (ETA) with special emphasis on the
TLS to uncover self-signed, expired, invalid certificates and
other issues.
New features
* Ability to configure alert exclusions for individual hosts to
mitigate false positives.
* Ability to see the TX/RX traffic breakdown both for physical
interfaces and when receiving traffic from nProbe.
* Add support for ECS when exporting to Syslog.
* Improved TCP analysis, including analysis of TCP flows with
zero window and low goodput.
* Ability to send alerts to Slack.
* Implementation of a token-based REST API access.
Improvements
* Reworked the execution of hosts and flows checks (formerly user
scripts), yielding a reduced CPU load of about 50% .
* Improved 100Kfps+ NetFlow/sFlow collection performance.
* Drilldown of nIndex historical flows much more flexible.