Skip to main content
Version: 7.0

Changelog

Release History

7.1.0

NetObserv Flow

Features

  • Download NetIntel dataset for air-gapped environments - A new cli tool to download the NetIntel dataset for use in air-gapped environments is available for download.
Updates
  • Logging - Improved log message for when a IPFIX or NetFlow9 template is not found.
Fixes
  • Fixed an issue where the same reference of a record could be mutated by multiple namespaced outputs.

NetObserv SNMP

Updates
  • Metrics - New Prometheus metrics provide deeper insight into internal collector processes (SNMP metrics).
New Features
  • Device File Encryption - Added support for encrypting SNMP device files. This will protect device file credentials using age encryption while offering a secure user-friendly interface for managing said files. For more information about configuring this, please see Device File Encryption.

7.0.2

NetObserv Flow

Fixes
  • Fixed an issue where the flow collector would not start if port 443 was blocked, even if the Amazon Firehose HTTP Endpoint was not enabled.

7.0.1

NetObserv Common

Security
  • Security Upgrade - Updated libc from 5.15.0-107.117 to 5.15.0-112.122 to patch "High" CVEs.

NetObserv Flow

New Features
  • AWS VPC Flow Logs via AWS Firehose - A new HTTP endpoint has been added to collect VPC flow logs directly from Amazon Firehose. For more information about configuring this, please see AWS Firehose Input.
Updates
  • Community License - The Community tier license now supports application identifies provided in the flow records from devices with such capabilities.

NetObserv SNMP

New Features
  • NetObserv SNMP Device Status - The availability of devices is evaluated based on the combination of ICMP and SNMP reachability. A new field, system.avail.state.name, has been added which indicates the result of this evaluation.
Fixes
  • The SNMP Definitions tar file is no longer truncated. This addresses the enum error occurring when EF_INPUT_SNMP_PERSIST_ENABLE is set to true.
  • A panic condition has been fixed, which occurred when devices had been removed from the configuration definitions and /snmp/apply-definitions was called.
  • A panic condition has been fixed, which occurred when devices reported an unsigned integer value instead of the expected signed integer for certain SNMP data types.

7.0.0

NetObserv Common

Breaking Changes

Click here for more information and all steps you need to take to upgrade from 6.x to 7.x

  • RiskIQ EOL - Since RiskIQ will reach its end-of-life on June 30th 2024, NetObserv v7 will no longer support threat enrichment through RiskIQ. NetIntel threat enrichment will replace RiskIQ and is enabled by default.
  • Licensing - The NetObserv Basic License now supports all 7400+ vendor specific flow fields (previously only supported 1020 fields). The Community License now supports 500 flow records/second per organization. If you are using a Community License and need a higher flow rate, please use this form to sign up for a free 1-year Basic License.
  • AWS VPC Flow logs - To set us up to deliver more flexible ways to retrieve flow logs (e.g. through Firehose) we needed to make some changes to the config fields for AWS VPC flow log enrichment. You need to change your configuration options to the new format to ensure you continue to receive VPC flow logs.
Updates
  • Product Naming - The ElastiFlow Unified Flow Collector is now called NetObserv Flow
  • Product Naming - The ElastiFlow Unified SNMP Collector is now called NetObserv SNMP
  • Product Naming - For anything that applies to both flow and snmp, we will simply refer to NetObserv

NetObserv Flow

New Features
  • NetIntel Threat Intelligence - NetObserv now uses ElastiFlow NetIntel for populating the information on the IP Reputation dashboard.
  • NetIntel Online Application and Cloud Service Identity - NetObserv now uses ElastiFlow NetIntel to enrich public IP addresses with online application and Cloud Service Identity information on the Top-N -> Apps dashboard.
  • AWS VPC Flow Logs - Added support for S3 buckets using data sent from Amazon Firehose, as well as custom log formats when using Firehose data. For more information about configuring this, please see AWS VPC Flow logs.
  • User-defined mapping for IPs used for SNMP polling - Allows users to poll SNMP info for a device on a different IP address than it sends flow records from.