Skip to content

4.2 Stable
Compare
Choose a tag to compare
@lucaderi lucaderi released this 02 Nov 21:28
· 96 commits to 4.2-stable since this release
4.2
5e649a2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Breakthroughs

  • Flexible Alert Handling
  • Added recipients and endpoints to send alerts to different recipients on different channels, including email, Discord, Slack and Elasticsearch
  • Initial SCADA protocol support
  • Many internal components of ntopng have been rewritten in order to improve the overall ntopng performance, reduce system load, and capable of processing more data while reducing memory usage with respect to 4.0.
  • Cybersecurity extensions have been greatly enhanced by leveraging on the latest nDPI enhancements that enabled the creation of several user scripts able to supervise many security aspects of modern systems.
  • Behavioral traffic analysis and lateral traffic movement detection for finding cybersecurity threats in traffic noise.
  • Initial Scada support with native IEC 60870-5-104 support. We acknowledge switch.ch for having supported this development.
  • Consolidation of Suricata and external alerts integration to further open ntopng to the integration of commercial security devices.
  • SNMP support has been enhanced in terms of speed, SNMPv3 protocol support, and variety of supported devices.
  • New REST API that enabled the integration of ntopng with third party applications such as CheckMK.

New features

  • Traffic Behavioral Analysis
    • Periodic Traffic
    • Lateral Movements
    • TLS with self-signed certificates, issuerDN, subjectDN
  • Support for Industrial IOT and Scada with modbus, DNP3 and IEC60870
  • Support for attack mitigation via SNMP
  • Active monitoring
    • Support for ICMP v4/v6, HTTP, HTTPS and Speedtest
    • Ability to generate alerts upon unreachable or slow hosts or services
  • Detection of unexpected servers
    • DHCP, NTP, SMTP, DNS
  • Services map
  • nIndex direct to maximixe flows dump performance
  • MacOS package

Improvements

  • Implements per-category indicator of compromise score
  • Flexible configuration import/export/reset
    • Ability to import/export/reset all the ntopng configurations or parts of it
  • Increased nIndex dump throughput by a factor 10
  • Increased user scripts execution throughput
  • Massive cleanup/simplifications of plugins to ease community contributions
  • Improved cardinality estimation (e.g., number of contacted hosts, number of contacted ports) using Hyper-Log-Log
  • Added DSCP information
  • Reworked handling of dissected virtual hosts to improve speed and reduce memory

nEdge

  • Support for hardware bypass

Fixes

  • Fixed race conditions in view interfaces
  • Fixed crash when restoring serialized hosts in memory
  • Fixed conditions causing high CPU load
  • Fixes CSRF vulnerabilities when POSTing JSON
  • Fixes heap-use-after-free on HTTP dissected last_url
Assets 2