This section is updated with each release of FlowTraq.
Feature: Dashboard templates to assist setup and help find useful new ways to use FlowTraq
Feature: New widgets focusing on analysis of Exfiltration and Blacklist alerts
Feature: Added Introduction to FlowTraq workspace feed for new users (contact FlowTraq support for details)
Feature: Expanded RESTful API for retrieving data and configuring FlowTraq
Feature: Saved workspaces widget now has button for quick conversion of saved workspaces into workspace widget
Feature: Performance improvements to indexed data retrieval
Lateral: Text in session record popup window now selectable
Lateral: Compatibility updates to support PHP 5.3.3
Lateral: Cluster page's flow load alert no longer triggers at 25k per node
Lateral: Debug level can be set on Cluster page to assist support requests
Lateral: Server support for NetFlow v9 timestamps sent at non-spec sizes
Lateral: Clicking anywhere in Ranking widget opens Workspace (not just graph)
Bugfix: Fixed potential crash condition related to index file corruption
Bugfix: Fixed API bug that could cause overcounting of session records
Bugfix: Fixed time zone misreporting issue in session popup
Bugfix: Fixed dashboard loading issue for some users
Bugfix: Can now give QoS levels friendlynames
Bugfix: Time sorting in session popup corrected
NOTE: The 18.2 Virtual Appliance's security patches are up to date as of 27 February, 2018.
Feature: Improved database indexing for increased retrieval of IP-based filters from disk
Feature: Zoom out function on workspace, quickview, and alert page
Feature: Subscribed workspace widget to pull new and interesting things to investigate from a public or private feed
Feature: Improved and expanded RESTful API for retrieving data and configuring FlowTraq
Lateral: Can directly delete exporters on Data Sources page
Bugfix: Fixed filtering issue in session download
Bugfix: Report editing page no longer treats "=" as a reserved character
Bugfix: "Strobe" UI effect seen by some users on server shutdown fixed
Bugfix: PHP memory use issues for large traffic groups fixed
Bugfix: Fixed issue adding worker to a cluster with a large number of tracked interfaces
Bugfix: Fixed filtering display issue on alert page omitting possible filter elements
Bugfix: Can now properly filter on deleted traffic groups on alert page
Bugfix: Fixed issue when navigating to workspace from quickview top ASN view
Feature: Daily, Weekly, and Monthly emailed reports
Feature: Automatic Exporter clockskew correction
Feature: Save workspace to HTML
Feature: Integration with RadWare DefensePro
Lateral: Improved clarity in Policy page graphs
Lateral: Improved multi-Dashboard interface
Lateral: Improved response time on Policy and Alert pages
Lateral: Rejection of obviously-bad flow records
Lateral: Improved RAM usage on PHP backend for Policy page
Bugfix: Fixed issue affecting total sources count in some DDoS alerts
Bugfix: Fixed memory leak observed by some users on the Dashboard
Bugfix: Fixed line duplication in alert panel
Bugfix: Fixed server issue when exporting syslog to an unresolvable address
Feature: Flow deduplication for ISP and Telco
Feature: Tree-style quickview navigation
Feature: Alert summaries on quickview page
Feature: ASN/Peering analysis in quickviews
Feature: Country analysis for traffic groups in quickviews
Feature: DDoS bit-rate thresholds alongside packet-rate thresholds
Lateral: Speed improvements on policy and quickviews pageload
Lateral: Improved resilience to unclean shutdown
Bugfix: Session download filter issues fixed
Feature: Support for alert annotation by plugin scripts
Feature: Users can now have more than one dashboard
Feature: The option for a four-column layout has been added to the dashboard.
Feature: The workspace filter control now accepts raw query input
Feature: The workspace now reports performance metrics while disk or archive queries are in progress
Feature: The traffic group editor now has a a CIDR-aware search function, allowing quick verification of whether an IP or CIDR block is contained in a traffic group
Feature: Integration with mitigation devices, displayed in alert detail panel.
Feature: Ongoing DDoS alert widget added
Feature: Custom policy types can now be added through the user interface
Lateral: The y-axis on workspace and quickview graphs has been made easier to read with the top of the graph lining up with a tick
Lateral: Multicast sFlow interfaces marked as such by default
Lateral: Warnings on cluster page more context-aware
Lateral: Revised logic for instance editing and deletion on plugin page
Bugfix: Fixed an issue where user configuration might remain after a user is deleted (Cloud edition only)
Bugfix: Missing legend in policy graph fixed
Feature: Improved traffic group and blacklist import
Feature: Loading of large blacklists (>64k entries) is now much more efficient.
Feature: Troubleshooting output on cluster page
Feature: 'clear all' filter option on Workspace
Feature: Additional filtering options on Alert page
Feature: Regular users can read global blacklists (but not modify)
Feature: Support for the Juniper MX series sampled IPFIX exports
Feature: IPFIX export via ftsq
Feature: LDAPS is now supported via stunnel
Feature: Added the option to make "add to filter" automatically trigger a refresh
Lateral: Improved support for non-compliant OpenLDAP-based LDAP implementations
Lateral: Improved "last activity" display on the Users page
Lateral: Session Viewer timestamps are now shown in local time
Lateral: Improved Quickview breadcrumb navigation
Lateral: Improved compatibility for earlier PHP versions
Lateral: Entity name information provided to alert plugin scripts
Lateral: Improved handling of exfiltration alerts
Bugfix: Preventing invisible browser auto-fill on plugin config
Bugfix: Exfiltration detector now reports the correct volume for bytes exfiltrated.
Bugfix: Exfiltration detector now always triggers plugins correctly
Bugfix: Improved input validation of input port configuration on the Cluster page
Bugfix: Improved accuracy of Top-N accounting in Quickviews
Bugfix: Improved accuracy of "Open in Workspace" from Quickview page
Bugfix: Addressed an issue in the Java Client that could prevent a user from logging in
Feature: Printable alert summary reports for easy overview of network activity
Feature: Alert annotations and improved filtering
Feature: Greater control over alert actions, including delay for manual approval
Feature: Expanded reporting mechanisms, including direct links to alerts and reports
Feature: New and improved plugins, including support for null-routing addresses during DDoS
Feature: System-wide pserformance and usability improvements
Lateral: Policy page no longer requires reloading after new policy creation
Lateral: Plugin configuration test added as explicit option
Lateral: Revised file download mechanism to work on additional platforms
Bugfix: Attacker IPs listed in alerts where they were absent before
Feature: Quickviews for fast long-term trend analysis with easy access to full-fidelity data
Feature: Fully-redesigned alerting functionality for easy setup of common security and performance alerts
Feature: Fully-redesigned alert filtering and retrieval
Feature: Plugin infrastructure to trigger external scripts in response to alerting events
Feature: Dashboard widgets to show long-term trends and alert summaries
Feature: Integrated alerting no longer requires separate NBI component
Lateral: Simplified and relocated navigation bar
Lateral: Streamlined traffic group configuration
Lateral: Blacklist configuration/editing through user interface
Lateral: Improved user access control editing at the traffic group and multi-partition level
Bugfix: Fixed problems in parsing flows from multiple vendors
Bugfix: Fixed problem in displaying traffic group names in workspace filtering
Feature: Archive storage for longer-term or slower disk-backed flow retention
Feature: Workspace rows per page selector
Feature: View by new sessions vs. concurrent sessions
Feature: Local UI time zone can be overridden by user preference
Feature: Improved alert filtering
Feature: Automated logout when unattended
Feature: Workspace table saved in CSV
Feature: TACACS+ support
Lateral: Alert deduplication
Lateral: Short-duration detectors run more often
Bugfix: Fixed problem in changing cluster portal disk use
Bugfix: Fixed problem with setting very large thresholds
Bugfix: Fixed condition preventing graph legends from appearing
Bugfix: Fixed issue where blacklist detector lists could be overwritten
Bugfix: Improved NBI ability to detect and restart killed detector processes
Feature: Custom plugin framework and API for automated DDoS detection and mitigation
Feature: Cluster management through UI
Feature: Cluster failure monitoring through syslog
Feature: Improved fine-tuning of automated mitigations
Feature: Updated vApp install script can now build workers automatically
Lateral: Improved dashboard chart widgets
Lateral: Color scheme previews
Lateral: Further refinements to NBI operation
Bugfix: 'Other' row no longer omitted on some queries
Bugfix: Graph scales now fixed for bits
Bugfix: Performance issue with reloading workspaces and dashboards fixed
