More Threat Intelligence improvements - noise filters now suppress alert notifications, and alerts are smarter about attack patterns and incident tracking. See v1.10.0 release notes for what's new in v1.10.0+
Threat Intelligence
- Noise filters suppress alerts - Noise filters previously only hid events from dashboard views. Now they also suppress alert notifications for matching patterns, attack chains, and high-severity events. Includes CIDR support for in-memory matching. If a filtered IP escalates while suppressed, the alert fires when the filter is removed.
- Attack pattern alert events - Detected attack patterns (brute force, DDoS, exploit campaigns) now publish to the alert bus, so they show up in Active Alerts and trigger email/webhook notifications.
- Incident status derived from alerts - Incidents now derive their status (active, acknowledged, resolved) from their constituent alerts rather than tracking status independently. Acknowledging or resolving all alerts in an incident updates the incident automatically.
- Stable dedup for attack patterns - DDoS and exploit campaign detectors re-analyze a sliding window each cycle, producing slightly different source IP lists. This caused duplicate alerts every few minutes for the same attack. Detectors now use a stable dedup key so ongoing attacks stay as a single alert.
- Filter patterns by Last Detected - The threat dashboard time filter now filters attack patterns on their last-seen time rather than first-detected time.
- Tighter port range grouping - Port ranges in Threat Intelligence tables now group ports within 10 of each other (previously 1), making scan patterns easier to read.
Alerts
- Alert rule UX improvements - Clearer help text for event type patterns, Add Rule button scrolls to the form, and three-stage responsive layout for the event type picker modal.
Fixes
- Mobile CSS fixes - Several responsive layouts (WiFi tabs, WAN speed test, event type modal) weren't applying on mobile. Also tighter card spacing.
HTTPS Reverse Proxy
New in v1.10.5 - automatic HTTPS with Let's Encrypt certificates. The Windows MSI includes an opt-in Traefik feature, and Docker users can use the companion NetworkOptimizer-Proxy repo. See the v1.10.5 release notes for details.
Installation
Windows: Download the MSI installer below
Docker:
docker compose pull && docker compose up -dmacOS (native, recommended for accurate speed tests vs Docker Desktop):
git clone https://github.com/Ozark-Connect/NetworkOptimizer.git && cd NetworkOptimizer && ./scripts/install-macos-native.sh
# or if you already have it cloned
cd NetworkOptimizer && git pull && ./scripts/install-macos-native.shProxmox:
bash -c "$(curl -fsSL https://raw.githubusercontent.com/Ozark-Connect/NetworkOptimizer/main/scripts/proxmox/install.sh)"For other platforms (Synology, QNAP, Unraid, native Linux), see the Deployment Guide.