This section is updated with each release of FlowTraq.
Feature: Support for SAML authentication
Feature: Sankey graphs on workspace for client and service endpoint rankings
Feature: New Brute Force detector on Policy page
Feature: Per-port New Server detection policies
Feature: Automated blacklist updates from central repository (contact FlowTraq Support for details)
Feature: IP and Exporter workspace filter boxes contain DNS lookup capabilities, for single- and multiple-IP resolutions
Feature: Host tracking at the Interface level in Quickview
Feature: Improved display and filtering for QoS/DiffServ workspaces
Lateral: New error and warning reporting on cluster page
Lateral: Additional flow plausibility scoring criteria for time-skewed flow records
Lateral: UI updates for look-and-feel
Lateral: Clock-skew correction enabled by default for new exporters
Lateral: Better instructions on cluster page for diagnosing short-conntrack conditions
Lateral: Support for biflow direction field in IPFIX
Bugfix: Fixed potential XSS vulnerabilities on login page
Bugfix: Fixed an issue preventing long name lists being retrieved on some systems
Bugfix: Blacklist alerts show all ports contacted, not just first
Bugfix: Multiple PHP 7.2 incompatibilities fixed
KNOWN ISSUE: Quickview page is slow to load on systems with over 1,000 interfaces, causing browser slowness and warnings.
KNOWN ISSUE: Downloading large raw sessions files from workspace may stall in some browsers; RESTful API not affected.
NOTE: With PHP 5.6 end of life on 31 December 2018, the last PHP 5 release has reached the end of its official security support. Therefore, FlowTraq Web UI is now standardized on PHP 7.2. Backward compatibility has been preserved through PHP 5.4 for the FlowTraq 18.2 release.
NOTE: The 18.12 Virtual Appliance's security patches are up to date as of 20 December, 2018.
Feature: Dashboard templates to assist setup and help find useful new ways to use FlowTraq
Feature: New widgets focusing on analysis of Exfiltration and Blacklist alerts
Feature: Added Introduction to FlowTraq workspace feed for new users (contact FlowTraq support for details)
Feature: Expanded RESTful API for retrieving data and configuring FlowTraq
Feature: Saved workspaces widget now has button for quick conversion of saved workspaces into workspace widget
Feature: Performance improvements to indexed data retrieval
Lateral: Text in session record popup window now selectable
Lateral: Compatibility updates to support PHP 5.3.3
Lateral: Cluster page's flow load alert no longer triggers at 25k per node
Lateral: Debug level can be set on Cluster page to assist support requests
Lateral: Server support for NetFlow v9 timestamps sent at non-spec sizes
Lateral: Clicking anywhere in Ranking widget opens Workspace (not just graph)
Bugfix: Fixed potential crash condition related to index file corruption
Bugfix: Fixed API bug that could cause overcounting of session records
Bugfix: Fixed time zone misreporting issue in session popup
Bugfix: Fixed dashboard loading issue for some users
Bugfix: Can now give QoS levels friendlynames
Bugfix: Time sorting in session popup corrected
NOTE: The 18.2 Virtual Appliance's security patches are up to date as of 27 February, 2018.
Feature: Improved database indexing for increased retrieval of IP-based filters from disk
Feature: Zoom out function on workspace, quickview, and alert page
Feature: Subscribed workspace widget to pull new and interesting things to investigate from a public or private feed
Feature: Improved and expanded RESTful API for retrieving data and configuring FlowTraq
Lateral: Can directly delete exporters on Data Sources page
Bugfix: Fixed filtering issue in session download
Bugfix: Report editing page no longer treats "=" as a reserved character
Bugfix: "Strobe" UI effect seen by some users on server shutdown fixed
Bugfix: PHP memory use issues for large traffic groups fixed
Bugfix: Fixed issue adding worker to a cluster with a large number of tracked interfaces
Bugfix: Fixed filtering display issue on alert page omitting possible filter elements
Bugfix: Can now properly filter on deleted traffic groups on alert page
Bugfix: Fixed issue when navigating to workspace from quickview top ASN view
Feature: Daily, Weekly, and Monthly emailed reports
Feature: Automatic Exporter clockskew correction
Feature: Save workspace to HTML
Feature: Integration with RadWare DefensePro
Lateral: Improved clarity in Policy page graphs
Lateral: Improved multi-Dashboard interface
Lateral: Improved response time on Policy and Alert pages
Lateral: Rejection of obviously-bad flow records
Lateral: Improved RAM usage on PHP backend for Policy page
Bugfix: Fixed issue affecting total sources count in some DDoS alerts
Bugfix: Fixed memory leak observed by some users on the Dashboard
Bugfix: Fixed line duplication in alert panel
Bugfix: Fixed server issue when exporting syslog to an unresolvable address
Feature: Flow deduplication for ISP and Telco
Feature: Tree-style quickview navigation
Feature: Alert summaries on quickview page
Feature: ASN/Peering analysis in quickviews
Feature: Country analysis for traffic groups in quickviews
Feature: DDoS bit-rate thresholds alongside packet-rate thresholds
Lateral: Speed improvements on policy and quickviews pageload
Lateral: Improved resilience to unclean shutdown
Bugfix: Session download filter issues fixed
Feature: Support for alert annotation by plugin scripts
Feature: Users can now have more than one dashboard
Feature: The option for a four-column layout has been added to the dashboard.
Feature: The workspace filter control now accepts raw query input
Feature: The workspace now reports performance metrics while disk or archive queries are in progress
Feature: The traffic group editor now has a a CIDR-aware search function, allowing quick verification of whether an IP or CIDR block is contained in a traffic group
Feature: Integration with mitigation devices, displayed in alert detail panel.
Feature: Ongoing DDoS alert widget added
Feature: Custom policy types can now be added through the user interface
Lateral: The y-axis on workspace and quickview graphs has been made easier to read with the top of the graph lining up with a tick
Lateral: Multicast sFlow interfaces marked as such by default
Lateral: Warnings on cluster page more context-aware
Lateral: Revised logic for instance editing and deletion on plugin page
Bugfix: Fixed an issue where user configuration might remain after a user is deleted (Cloud edition only)
Bugfix: Missing legend in policy graph fixed
Feature: Improved traffic group and blacklist import
Feature: Loading of large blacklists (>64k entries) is now much more efficient.
Feature: Troubleshooting output on cluster page
Feature: 'clear all' filter option on Workspace
Feature: Additional filtering options on Alert page
Feature: Regular users can read global blacklists (but not modify)
Feature: Support for the Juniper MX series sampled IPFIX exports
Feature: IPFIX export via ftsq
Feature: LDAPS is now supported via stunnel
Feature: Added the option to make "add to filter" automatically trigger a refresh
Lateral: Improved support for non-compliant OpenLDAP-based LDAP implementations
Lateral: Improved "last activity" display on the Users page
Lateral: Session Viewer timestamps are now shown in local time
Lateral: Improved Quickview breadcrumb navigation
Lateral: Improved compatibility for earlier PHP versions
Lateral: Entity name information provided to alert plugin scripts
Lateral: Improved handling of exfiltration alerts
Bugfix: Preventing invisible browser auto-fill on plugin config
Bugfix: Exfiltration detector now reports the correct volume for bytes exfiltrated.
Bugfix: Exfiltration detector now always triggers plugins correctly
Bugfix: Improved input validation of input port configuration on the Cluster page
Bugfix: Improved accuracy of Top-N accounting in Quickviews
Bugfix: Improved accuracy of "Open in Workspace" from Quickview page
Bugfix: Addressed an issue in the Java Client that could prevent a user from logging in
Feature: Printable alert summary reports for easy overview of network activity
Feature: Alert annotations and improved filtering
Feature: Greater control over alert actions, including delay for manual approval
Feature: Expanded reporting mechanisms, including direct links to alerts and reports
Feature: New and improved plugins, including support for null-routing addresses during DDoS
Feature: System-wide pserformance and usability improvements
Lateral: Policy page no longer requires reloading after new policy creation
Lateral: Plugin configuration test added as explicit option
Lateral: Revised file download mechanism to work on additional platforms
Bugfix: Attacker IPs listed in alerts where they were absent before
Feature: Quickviews for fast long-term trend analysis with easy access to full-fidelity data
Feature: Fully-redesigned alerting functionality for easy setup of common security and performance alerts
Feature: Fully-redesigned alert filtering and retrieval
Feature: Plugin infrastructure to trigger external scripts in response to alerting events
Feature: Dashboard widgets to show long-term trends and alert summaries
Feature: Integrated alerting no longer requires separate NBI component
Lateral: Simplified and relocated navigation bar
Lateral: Streamlined traffic group configuration
Lateral: Blacklist configuration/editing through user interface
Lateral: Improved user access control editing at the traffic group and multi-partition level
Bugfix: Fixed problems in parsing flows from multiple vendors
Bugfix: Fixed problem in displaying traffic group names in workspace filtering
Feature: Archive storage for longer-term or slower disk-backed flow retention
Feature: Workspace rows per page selector
Feature: View by new sessions vs. concurrent sessions
Feature: Local UI time zone can be overridden by user preference
Feature: Improved alert filtering
Feature: Automated logout when unattended
Feature: Workspace table saved in CSV
Feature: TACACS+ support
Lateral: Alert deduplication
Lateral: Short-duration detectors run more often
Bugfix: Fixed problem in changing cluster portal disk use
Bugfix: Fixed problem with setting very large thresholds
Bugfix: Fixed condition preventing graph legends from appearing
Bugfix: Fixed issue where blacklist detector lists could be overwritten
Bugfix: Improved NBI ability to detect and restart killed detector processes
