ntopng 6.0 (October 2023)
Breakthroughs
- New configurable Dashboard with new built-in templates
- New configurable Traffic Report
- New Vulnerability Scans & CVEs support
- Add support to Periodic Reports notified via Recipients (e.g. email)
- Add Inactive Hosts
- Add PagerDuty integration
- Add TheHive integration
- Add support to Modbus and Modbus alerts
- Add Server Ports Analysis page
- Enable multithreading in active measurements (more accurate)
- Migrate frontend chart timeseries library to Dygraph
- Add support for MAC Address based RADIUS accounting
- Improve OT, ICS, Scada support
- Trigger External Host alerts directly from Lua (also for inactive hosts)
- Add multicast forwarders
- Implement host blackhole
- Add support for LLDP id to MIB-II InterfaceId mapping
- Add support for bidirectional rules
- Add support for Enterprise XL bundle
Improvements
- Implement asynchronous VS scanning
- Implement Ms Teams call detection
- Optimize blacklist handling
- Improve Network Map charts physics
- Extend support to deliver notification to specific recipients
- Improve traffic recording settings
- Add support for Host Pools and Networks in Local Traffic Rules
- Add search map
- Add custom queries for Top Local/Remote hosts
- Add Top receiver/sender networks custom queries
- Add openvas support
- Add new Vulners vulnerability scanner
- Add ability to set probes aliases
- Add MDNS, NETBios, HTTP historical filters
- Improve FreeBSD clickhouse installation
- Implement
-L <path>for logging HTTP requests - Add -z for enabling timestamp reforge when reading pcap files
- Improve dark mode css
- Optimize ElasticSearch export (removed locks, increase export queue to 64K to handle spikes)
- Add Radius chap validation
- Add Radius auth protocol preference
- Automated commit of clang-format CI changes
- Add tool for creating nProbe topics in a kafka broker
- Implement host score in Host scripts
- Improvements for No-RX traffic analysis
- Improve nProbe time drift check
- Implement clickhouse retention
- Add new page with snmp device rules
- Add limit to discard clickhouse dump files
- Improve IP/MAC association in SNMP
Changes
- Support multilple -m options
- Rework nDPI stats
- Add support for multiple email recipients
- Add logic to enable generic checks if without a configuration
- Add malware host contacted check
- Use REST API to enable/disable checks
- Disabled the reset of the email notification modal upon failed edit submission
- Whitelisted locale page
- Add ability to reset blacklist stats
- Implement blacklist stats
- Add mining currency in flow info
- Add flag to use proxy in email settings
- Reduced in simulate vlans option, the number of vlans
- Restricted top flow chart for community version
- Add input with suggestions component
- Set capture direction for n2disk in zmq interfaces
- Add explicit flag to enable flow export when recording on zmq interfaces
- Add support for %NPROBE_INSTANCE_NAME
- Add Ellio blocklist configuration (disabled by default)
- Update to the latest nDPI risks
- Email endpoint improvements
- Improve notification message
- Add download/upload buttons
- Add possibility to send notification to recipients
- Add multicast broadcast filter
- Updated checks lists per license
- Add feedback of correctly host inserted or already present
- Take the score into account when computing the top alerted hosts
- Add backend autorefresh support
- Add flow exporter mapping to timeseries
- Update default aggregation criteria in Aggregated live flows.
- Add missing protocol mapping
- Exported IP country information when using -F syslog
- Change js formatting function for 'number' type, using thousands separator
- Disabled LDAP support for FreeBSD
- Add VLAN bidirectional traffic alert
- Handle JSON format for NXLOG in Kerberos plugin
nEdge
- Add dashboard templates for nedge pro and enterprise
- Enable CH support on nEdge Enterprise
- Enable throughput charts on nedge
- Make Multicast repeater configurable
- Add MDNS and multicast repeater
- Major cleanup of (deprecated) nedge host pools code
- Add support for custom informative captive portal
- Set multiple LAN addresses in case of multiple LAN interfaces
- Add inter-LANs policies
- Always redirect somewhere on captive success, instead of displaying an empty page
- nf_config API improvements
Fixes
- Fix edit rest in multicast forwarding
- Fix missing validation functions
- Fix traffic timeseries labels
- Fix RedHat OS-name detection
- Fix prototype pollution vulnerability
- Fix thread pool spawning on freebsd
- Fix Zoom handling
- Fix behavior alert not triggered
- Fix naming with timeseries
- Fix nDPI protocol id issues
- Fix RRD computation of sampled series with MAX as consolidated function
- Fix flow alert where clause in write mode
- Fix alert silencing not working
- Fix application protocol ID using minor and major protocol
- Fix UI spinner on loading
- Fix recursive problem in active monitoring
- Fix ts with vlans
- Fix shutting down doesn't insert alerts in CH
- Fix checks configuration initialization (default values) for new risks
- Fix traffic behavior total not working in charts
- Fix timeseries chart date format
- Fix SSH flow swap heuristic
- Fix avg empty value and added extra check for nan values in js
- Fix pcap dynamically loaded not triggering alert
- Fix ZMQ linking on Win
- Fix date format
- Fix blacklist counter stats
- Fix flow alert queries on SQLite
- Fix interface and local networks alerts not released
- Fix flow devices not working with view interface
- Fix flow exporters not seen with aggregated interfaces
- Fix js regexes
- Fix for validating correctly host and VLAN
- Fix segv with custom protocols
- Fix l7 metadata ingestion (e.g. dns query) when collecting from ZMQ
- Fix hostname resolving
- Fix ApexCharts formatter
- Fix heap-buffer-overflow in MDNS packet dissection
- Fix exclusion bitmap not correctly set
- Fix some errors and leaks found while fuzzing locally
- Fix Heap buffer overflow in IEC104Stats
- Fix for memory management in packet-mode