Skip to main content
Version: 7.0

Upgrading to 7.0

Upgrading to 7.0

Upgrading to 7.0 should be straightforward for most users as the breaking changes are limited to a few specific features.

Here's a high level overview of when you need to make any changes:

  • If you are using AWS VPC Flogs logs, you will need to rename some config options (see below).
  • If you are using RiskIQ for threat enrichment, we will automatically move you over to NetIntel threat enrichment (see below for steps and requirements).
  • If you are using our community version, you might want to consider switching over to a free basic license to continue to collect up to 4000 flow records per organization.
  • If you are upgrading from 5.x, please make sure to follow the 6.x upgrade steps first.

Naming Changes

In order to align our new product offerings, we have established new product names with the release of 7.0:

Previous nameNew name
Unified Flow CollectorNetObserv Flow
Unified SNMP CollectorNetObserv SNMP

We will refer to NetObserv when talking about both Flow & SNMP.

Licensing Options

LicenseField6.xNotes for 7.0
BasicSupported flow fields1020All (7400+)
CommunitySupported flow records per second4000500

RiskIQ is reaching end of life on June 30th 2024

In NetObserv 7.0 RiskIQ is no longer supported for threat enrichment. Instead, ElastiFlow NetIntel is enabled by default in 7.0 to provide threat enrichment for the Threats dashboards. No configuration changes are required when upgrading to 7.0. Click here for more information on how to set up NetIntel enrichment. The following table shows all configuration options added/removed as part of this change. The RiskIQ related options can be safely removed from your flowcoll.yml config file. They are ignored in 7.0.

6.x OptionStatusNotes for 7.0

AWS VPC Flow log configuration

In order to support more options to retrieve AWS VPC Flow logs and Transit Gateway logs, we made the following naming changes to the configuration options related to VPC Flow logs:

6.x OptionStatusNotes for 7.0

Configuration Changes

To keep our configuration options uniform and organized, we changed one config option that was not following our naming schema:

6.x OptionStatusNotes for 7.0