Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

ElastiFlow v3.5.2
Compare
Choose a tag to compare
@robcowart robcowart released this 17 Dec 16:24
· 90 commits to master since this release
v3.5.2
22e2415

v3.5.2 is a minor release. No migration of data from v3.5.1 to v3.5.2 is required.

Breaking Changes

ElastiFlow v3.5.x provides support Elastic Stack 7.x. The support for document types has been completely removed in Elasticsearch 7.0.0. This has required changes to the index templates provided with ElastiFlow. You MUST first successfully upgrade to Elastic Stack 7.x PRIOR to using ElastiFlow v3.5.2.

New Features

  • Added normalization of WiFi-related Netflow v9 and IPFIX fields.
  • The hostname where Logstash is running is provided in the field logstash_host.
  • Added the ability to manually set flow sampling values for IPFIX.

Fixes

  • Fix Cisco vzFlow type for list fields.
  • Fix Procera IEs incorrectly defined as int.

Updates

  • Improved the display of rate values in Vega visualizations.
  • Added a lot of new Fortinet application IDs.
  • Update IP reputation dictionary and GeoIP DBs.
Assets 2
Loading