FlowBAT v1.5.3

This release includes updated installation script support for Ubuntu 16.04 along with updates to Meteor and various supporting packages.

FlowBAT v1.5.1

This release fixes an iron router issue caused by the most recent update to Chrome. If you experience an error where FlowBAT doesn't load content after upgrading Chrome, then you should immediately update to v1.5.1.

Flowbat v1.5.0

New Features

• Night Mode: You can now invert the colors of the FlowBAT interface for a darker theme. This should make those longs nights of analysis a lot easier on the eyes in low light conditions. You can toggle night mode on or off by using the button on the upper right of the screen.
• PCAP Integration: PCAP analysis can now be performed in FlowBAT by specifying the full path of the file at either the command line FlowBAT interface or the "Additional Options" tab. This will generate flow records from the provided PCAP and make them available for analysis in FlowBAT.
• Pop-Up Bubbles: Several of the fields have new help bubbles with additional information on how the field is used.
• Help Documentation: We’ve added real documentation to the help section.

FlowBAT v1.4.0

New Features:

• Specify RWF/RW Files: You can now specify individual RWF/RW files to search within the tool. This allows you to search and parse data files outside of your normal data directory, or files you’ve generated yourself from PCAPs.
• RWStats Pivoting: You can now pivot from RWStats results for quick IP/port lookups.
• SiLK Compression: New SiLK installs will have file compression turned on by default when installing from the silkinabox.sh script.

Feature Enhancements:

• Added multiple help popovers to upset and tuple pages.
• Updated SiLK, libfixbuf, and YAF to most recent versions in silkinabox.sh installed script.
• Removed uncessary verbosity from tar extraction in the SiLK installation.

Bug Fixes:

• Fixed issue where rwcount CSV files were not being returned when requested.
• Fixed navbar graphical issues that occurred as a result of iron-router changes.

FlowBAT v1.3.1

This minor bug fix release addresses an issue where users with the analyst role were unable to access the query builder page.

FlowBAT v1.3.0

FlowBAT v1.3.0

This update adds numerous features and changes the method in which FlowBAT functions by moving to execution via node directly instead of using meteor in dev mode. Existing users will need to do a backup of their current database if they wish to keep their current FlowBAT configurations, queries, dashboards, IP sets, tuple sets, and user account data. This does not affect the SiLK data that FlowBAT is querying.

Upgrade for Existing Users:

Create a database backup of your current deployment (migration instructions included on flowbat.com)
Run the new FlowBAT installation script
Remove the new FlowBAT DB that was created
Restore the old DB into the new FlowBAT installation.

New Users:

Follow Instructions on flowbat.com for the installation script. It is one line to run, with a single "yes" to answer at the beginning.

New Features

• Multi-user support
• Byte calculations in all tables
• Country Code translation
• Service commands to start, stop, restart, and check status added (sudo service flowbat [command])

Bug Fixes and Other Enhanceents

• Moved to Meteor 1.1.0.2
• Switched to using node directly.
• Default to installing country code pmap file which fixes country code bug
• Significant performance enhancement of FlowBAT
• Streamlined the install scripts for SiLK and FlowBAT (FlowBAT installs in half the time)
• Updated SiLK and libfixbuf version

FlowBAT v.1.2.0

New Features

• Tuple Search: Support has been added to be able to leverage searches based on specific 5-tuple values (Source/Dest IP, Source/Dest Port, and Protocol). Lists of tuples are managed in a similar way as IP Sets.
• User Configurable Temp Directory: A configuration option has been added to allow users to specify the directory used by FlowBAT for storing of temporary RWF, RWS, and Tuple files.
• Save Quick Queries: When creating queries through the quick query interface, an option is now present to save the query.

Improvements

• The navigation bar was modified to simplify the layout and increase screen real-estate.
• Previously, when switching between the quick query screen and query builder, an existing query would auto-execute. This functionality has been modified to prevent auto-execution to prevent interface slowness and wasted processing.
• A product version footer was added.
• Query builder fonts were modified to be more aesthetically pleasing.
• The installation script now asks questions at the beginning instead of during the install process.
• Additional output logging was added to the installation script.

Bug Fixes

• Fixed clipping on certain lookup source popovers.
• Fixed an initialization error with table.html.
• Fixed issues caused with displaying certain default values on Chosen fields in the query builder.

FlowBAT v1.1.0

FlowBAT v1.1.0

Features

• Interpreted protocol values. Instead of simply saying "6", protocols will say "TCP (6)".
• Interpreted application values. Instead of simply saying "80", application ports will be displayed as "HTTP (80)".
• Robtex IP lookups. Clicking on an IP address is returned data will allow you to perform a one click Robtex lookup of the IP.
• Port information lookups in returned data. Clicking on a port number in returned data will allow you to perform a one click port information lookup of the port from SANS.
• Added more help bubbles to provide greater context, especially when creating stats and charts.

Bug Fixes

• Stat keys are now strings and properly display charts.
• Misc bug fixes and performance enhancements

FlowBAT v1.0.1

This update contains a security fix from Meteor 1.0.1 You can read about this here: https://www.meteor.com/patch-1.0.1. It is recommended that users apply the update.

FlowBAT v1.0.0

Merge branch 'master' of https://github.com/chrissanders/FlowBAT