ntopng 5.4 (July 2022)
Breakthroughs
- New search bar, with more results, information, links
- New listening ports page when collecting process information from nProbe (agent mode)
- New support for ELK version 8 and standardized ELK export format
- New packages for Ubuntu 22.04
- New Centrality Map in service map
- New Similarity Map
- Major performance improvements for periodic scripts
- New alert exclusion management (for checks and nDPI flow risks)
- Introduce Vue.js in the frontend
- Expose Chart Vue components for external websites
Improvements
- Add new alerts (DHCP Storm, DNS Fragmented, Scan Detection, ...)
- Add Top Dropdown menu (Top Clients, Top Servers, ...) to the alert explorer
- Add ability to set historical flow permission to users
- Rework and Improve Maps (Service/Periodicity/Host)
- Improve buttons look and feel using latest Bootstrap version
- Improve Historical Flow and Alerts information (add many new fields for better analysis)
- Improve IEC support (e.g. iec_invalid_transition)
- Add various mapping (DNS answers, DNS query types, ICMP answers, ...)
- Improve documentation, added all the available checks description
- Improve Exporter IP Flow Layout
- Improve ClickHouse queries performance with a better use of indexes
- Improve ZMQ flow idle timeout handling
- Updated ECS to 8.1 version
- Add various SNMP checks
- Add npm and Webpack support
- Add new alert exclusions fields (Domain and IssuerDN)
- Add DGA domain handling received via ZMQ
- Add Network matrix for view interfaces
- Add VLAN field support to alert exclusions
- Add Top Sites for flows collected from nProbe
- Add ELK dump frequency to Settings
- Implement Network/FQDN exclusion for alerts
- Add 'dpi' and 'guessed' badge to flow list and details
- Add support for L7 confidence
- Add ClickHouse search in JSON fields
- Add filters to Service/Periodicity maps
- Add --offline option to force offline mode in case of limited connectivity
- Add support for Active Monitoring selection in recipients
- Add copy button for all external link
- Allow download of PCAP in Historical Flows Explorer
- Add Flow Exporter to view interfaces
- Add ECS support to ELK flow dump
- Add MAC Address to View Interfaces
- Add Similarity check
Changes
- Remove Telemetry
- Move UDP unidirection to nDPI alerts
- Disable flow dump to syslog on MacOS due to broken openlog API on Sierra and later
- Rework MAC/IP Reassociation alert used to detect spoofind and MITM (Man In The Middle) Attacks
- Separate data retention into Flow/Alerts data retention and Timeseries/Top data retention
- Reduce number of (unnecessary) threads
nEdge
- Add alert when a Gateway is unreachable
- Improve the Captive Portal
Fix
- Fix cookie attributes to the user and password cookies on the 302 redirect response
- Fix various GUI incorrect/undefined names
- Fix datatables incorrect data visualization
- Fix RRD timeseries implementation
- Fix log spam in case of endpoint not working
- Fix modals not hiding
- Fix alert/historical page filters not working correctly
- Fix bugs with flows informations while using View Interface
- Fix time format, shown as local instead of server time in some pages
- Fix format validations not correctly working
- Fix nProbe template flow mapping
- Fix access to uninitialized obj leading to segfault
- Fix idle time too low
- Fix invalid risk set from nDPI to ntopng's Flow class
- Fix dns large packets alert incorrectly triggered
- Fix network discovery
- Fix CSV download
- Fix bug that prevented flows to be dumped on ClickHouse
- Fix external URLs not correctly working
- Fix database initialization
- Fix IEC continuous dissection
- Fix NetBIOS name should not be used for hostnames
- Fix various CSS bugs
- Fix filter operators
- Fix name lookup
- Fix for detecting ZMQ drops
- Fix Historical Filters lost when switching windows
- Fix traffic directions with mirrored traffic
- Fix various API not correctly working
- Fix range picker not correctly working
- Fix crash when using interfaces with no database
- Fix various nil description
- Fix SIGABRT on shutdown with Views
- Fix for SNMP bridge alerting
- Fix external links not working
- Fix flow drilldown not correctly working