4.2 Stable
Breakthroughs
Flexible Alert Handling
Added recipients and endpoints to send alerts to different recipients on different channels, including email, Discord, Slack and Elasticsearch
Initial SCADA protocol support
Many internal components of ntopng have been rewritten in order to improve the overall ntopng performance, reduce system load, and capable of processing more data while reducing memory usage with respect to 4.0.
Cybersecurity extensions have been greatly enhanced by leveraging on the latest nDPI enhancements that enabled the creation of several user scripts able to supervise many security aspects of modern systems.
Behavioral traffic analysis and lateral traffic movement detection for finding cybersecurity threats in traffic noise.
Initial Scada support with native IEC 60870-5-104 support. We acknowledge switch.ch for having supported this development.
Consolidation of Suricata and external alerts integration to further open ntopng to the integration of commercial security devices.
SNMP support has been enhanced in terms of speed, SNMPv3 protocol support, and variety of supported devices.
New REST API that enabled the integration of ntopng with third party applications such as CheckMK.
New features
Traffic Behavioral Analysis
Periodic Traffic
Lateral Movements
TLS with self-signed certificates, issuerDN, subjectDN
Support for Industrial IOT and Scada with modbus, DNP3 and IEC60870
Support for attack mitigation via SNMP
Active monitoring
Support for ICMP v4/v6, HTTP, HTTPS and Speedtest
Ability to generate alerts upon unreachable or slow hosts or services
Detection of unexpected servers
DHCP, NTP, SMTP, DNS
Services map
nIndex direct to maximixe flows dump performance
MacOS package
Improvements
Implements per-category indicator of compromise score
Flexible configuration import/export/reset
Ability to import/export/reset all the ntopng configurations or parts of it
Increased nIndex dump throughput by a factor 10
Increased user scripts execution throughput
Massive cleanup/simplifications of plugins to ease community contributions
Improved cardinality estimation (e.g., number of contacted hosts, number of contacted ports) using Hyper-Log-Log
Added DSCP information
Reworked handling of dissected virtual hosts to improve speed and reduce memory
nEdge
Support for hardware bypass
Fixes
Fixed race conditions in view interfaces
Fixed crash when restoring serialized hosts in memory
Fixed conditions causing high CPU load
Fixes CSRF vulnerabilities when POSTing JSON
Fixes heap-use-after-free on HTTP dissected last_url
b493e7cd65