01. 12. 2022
Downloads / Release Notes, NetEye, Unified Monitoring
01. 02. 2021
Thomas Forrer
Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.16 Release Notes
Welcome to version 4.16 of our NetEye v4 Unified Monitoring Solution.
A difficult and tough year for everyone has gone, leaving us with uncertainty, some thoughts, and lots of hope for the new year.
NetEye welcomes the new year and its new release with a snow-covered view of the Alpe di Siusi/Seiseralm, for a glimpse of serenity and peace in these grueling days.
General
Improvements
Voting Only Node
NetEye now supports out of the box an additional Voting Only Node, which acts as a tie-breaker in two-node (or any even number of nodes) cluster installations to avoid split brains, that can lead to data or service inconsistencies. For more info about the NetEye 4 Voting Only node you can read this article.
Furthermore, NGINX Elasticsearch load-balancing configuration is now aware of the presence of a voting-only node in the NetEye cluster.
Upgrade
In this release, we extended the NetEye automated upgrade procedure to support voting-only NetEye cluster nodes, thus reducing the manual steps required to upgrade this kind of node.
The neteye upgrade command now installs the RPMs of the new NetEye version also on voting-only nodes, and the NetEye agent and the NetEye health checks have been both extended to support voting-only nodes.
Detailed information is provided in the specific upgrade documentation from 4.15 to 4.16 in the User Guide > Upgrading and Updating [verify this location when releasing].
Module Updates
CentOS update to version 7.9.2009
We updated the NetEye base OS packages from CentOS minor version 7.8.2003 to 7.9.2009, which are now available for all NetEye 4 Versions.
Further information can be found at the following link: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009
Monitoring – Detection
Improvements
Command Orchestrator
Icinga2 packages that allow using all the functionalities of NetEye 4 (such as Command Orchestrator and Shutdown Manager) are now available not only in form of RPM but also for different operating systems, like Debian derivatives or Windows. These packages are available in the NetEye repositories.
More information on the installation of the packages can be found in the User Guide > Initial Configuration > Icinga2 packages.
Event Overview
We updated Icingaweb to version 2-2.8.2_neteye1.81.0-1. We have modified the default filter of event overview to ‘timestamp>=-7 days×tamp<=now’. This modification will filter the events list in the last 7 days.
ITOA – Telemetry
Improvements
Telegraf – Upgrade
We updated telegraf version 1.14.1 to 1.16.3. This update contains the most recent Telegraf Input, Output, Processor and Aggregator plugins as well the latest bug fixes and the new custom programmatic metric processing language Starlark (Full Changelog Here).
Visualization Improvements (Grafana)
ITOA based on Grafana is now shipped with a completely new theme based on Carbon Design System. The default ITOA theme for NetEye 4.16 will be the dark one. For an improved user experience, the ITOA module is now opening in a new tab, leading the user directly to a “wide screen” mode.
SIEM – Log Management
Module update
Elastic Stack upgrade to version 7.10
We upgrade Elastic Stack from 7.9.1 to 7.10.1, which brings:
- Elasticsearch performance improvements and space improvements up to 10% using a new stored field compression, and also functional and usability enhancements.
- Event Query Language (EQL) is included in Elasticsearch as a beta feature.
- Kibana Lens is now generally available.
- New connectors integration with Jira.
- Better integration between maps and dashboards.
Refer to the Elastic Stack Release notes for additional information:
Deprecation
The Snapshot and Restore functionalities provided by Elasticsearch and Kibana are the best options to manage SIEM backup. As a consequence the Elasticsearch backup scripts (User Guide > System Configuration > Elasticsearch backup) provided in NetEye are deprecated, and they will be removed in the next release.
Thomas Forrer
Team Leader Research & Development at Würth Phoenix
Hi folks!
I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie.
Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =)
I love everything that is connected to some network, especially in a security perspective.
My motto is:
"With motivation, nothing is impossibile. It only requires more time."
Author
Latest posts by Thomas Forrer
20. 09. 2021
ctf-writeups, SEC4U
RomHack CTF 2021: Table of Contents Writeup