02. 04. 2024
Downloads / Release Notes, NetEye, Unified Monitoring
01. 12. 2020
Thomas Forrer
Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.15 Release Notes
Core
New Feature
JWT Authentication
We introduced a new authentication backend for NetEye, the JWT Authentication. Now it is possible to enable this method to log in from one or more external authentication providers that forward the information about the logged user to NetEye in a secure way via JSON Web Tokens (JWT).
Improvement
NetEye ISOs
From now on, all the NetEye ISO images can be verified with the signed sha256sum file and the public key available in the Downloads section of this blog [NetEye ➝ GPG public key ➝ public-gpg-key].
The procedure for verifying the ISO files can be found in the NetEye user guide in the Introduction ➝ Acquiring NetEye ISO Image.
Modules updates
DRDB utils upgrade to version 9.15.1
We upgraded DRBD userspace utilities from version 9.10.0 to version 9.15.1, which includes multiple bug fixes. The complete change log can be found here.
Monitoring
New Features
Command Orchestrator
The Command Orchestrator is provided by the additional feature module neteye-cmd in NetEye 4.15.
The scope of this module is to allow limited NetEye users, to execute well defined commands on hosts, without needing to access the targeted device.
Administrators can define the commands and their parameters and then allow selected NetEye users to execute them on a determined set of target hosts.
NetEye users can execute the commands from the NetEye GUI, while the administrators can define the commands via Command Line Interface.
Tornado – Complex Event Processing: Variable modifiers
Tornado modifiers (“Lowercase”, “Trim”, “ToNumber” and “ReplaceAll”) can now be applied to variables extracted from Events for normalization purpose required in Actions like Monitoring Executor.
For Expert Tornado users we added a “Regex” mode to the Find&Replace modifier, such that the full power of Regular expressions can be leveraged.
Tornado – Complex Event Processing: UI – Import of Test Events
JSON Events can now be comfortably imported into the Test Window and used to test all Tornado Rules
Tornado – Complex Event Processing: Json-less editor
Basic modifications of Rules and Filters no longer require writing JSON. Constraint and Action content can now be adapted from the simple editor window.
The new editor allows you to add, delete, and modify both constraints and actions in a simple way without writing a single line of JSON.
You can now normalize event data in Tornado using the new “Trim”, “Lowercase”, “To Numer” and “Find and Replace” modifiers for the With Constraint.
Improvements
Tornado – Complex Event Processing: UI
The sidebar in the Tornado UI has been replaced by a two column layout, where both parts remain accessible, taking advantage of the full screen width.
A new column “Continue” has been added to the RuleSet View, showing which Rules of the RuleSet will continue after a match, and which will stop.
Tornado – Complex Event Processing: Smart Monitoring Check Result
The new action combines setting passive check results on hosts and services, as well as creating the related monitoring objects if needed. The result is a lean, maintainable rule and avoids error prone complexity.
Pre-existing Actions will be migrated to the Smart Monitoring Check Result Action, the migration can be repeated at any time running the neteye_secure_install command.
Ntopng – Network Visibility UI
Network visibility module ntopng is now even more integrated in NetEye 4 thanks to a new UX, which is now more smooth and harmonized with the NetEye 4 UX
Modules updates
Icingaweb2 upgrade to version 2.8.2
The Icingaweb2 module has been updated from version 2.7.3 to version 2.8.2. What’s new in this release:
- Improved filters: it is now possible to properly filter for range values
- New setting for restricting access to contacts and contactgroups for specific roles
Icingaweb2 Module Business Process upgrade to version 2.3.0
We updated Icinga Business Process from 2.2.0 to 2.3.0, which includes new features such as compatible with PHP 7.4, Add new options for the CLI, show the display_name instead of the host or service name, and multiple bug fixes.
ntopng/nProbe upgrade to version 4.2.201118-11562 and 9.2.201118-6995
We updated ntopng/nProbe to the latest stable version (4.2.201118-11562 and 9.2.201118-6995, respectively), to provide all the latest features, bug fixes, and the Enterprise Licenses compatibility.
For the complete list of features, please refer to the official NTOP blog.
IT Operations Analytics – Telemetry
Module Update
Grafana upgrade to version 7.2
We updated Grafana to version 7.2, which brings:
- New date formatting options
- A new Group By transformation that allows you to group by multiple fields and add any number of aggregations for other fields
- A grab icon that allows you to drag and drop queries in a list to change their order
- Inspect queries in Explore
- Native support for the Influxdb Flux Language
- Sensitive alert channel settings are now encrypted
Please have a look at the new Grafana features.
SIEM – Log Management
Module update
Elastic Stack upgrade to version 7.9
We upgrade Elastic Stack from 7.6.2 to 7.9.1, which brings:
- A new Kibana architecture: now pages load really faster than ever.
- Simplification of the ingestion process, a new Unified agent called Elastic Agent.
- More than 200 rules for Detection based on MITRE Attack Central.
- Open and track security issues directly in Elastic and connect to external incident management system.
Refer to the Elastic Stack Release notes for additional information:
Thomas Forrer
Team Leader Research & Development at Würth Phoenix
Hi folks!
I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie.
Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =)
I love everything that is connected to some network, especially in a security perspective.
My motto is:
"With motivation, nothing is impossibile. It only requires more time."
Author
Latest posts by Thomas Forrer
20. 09. 2021
ctf-writeups, SEC4U
RomHack CTF 2021: Table of Contents Writeup