Release notes 10/8/2024

This release is focused on usability improvements to make Fusion more intuitive to configure and use.

Join the Netography Community on Discord

To chat directly with Netography employees and other Netography Fusion users, exchange tips, tricks, and scripts, and get informal help for your questions that do not require official support channels, join Netography's Discord Community: https://discord.gg/GuA4fHCZ

Usability Improvements

Global Filter

  • Global Filter (the NQL search bar, date/time selection, display Labels drop-down, and metric drop-down at the top of the Fusion Portal) has been improved
    • The date/time selection box now has presets for common relative time ranges (eg last 1 hour, 1 day, 1 week, etc).
    • The date/time selection box that opens when you click the date/time range now has a toggle to Auto Refresh Page. If enabled, text above the date/time range will say Auto-refresh is on, and the Portal will automatically refresh with real-time streaming network activity every minute. This replaces the play and pause button icons on the right-hand side.
    • The return icon (( ) on the right-hand side has been replaced with a button labeled UPDATE with a solid blue background when you have changed any global filter parameters but not yet applied those changes, and REFRESH if the current parameters are already applied. Clicking UPDATE will use the new settings. Clicking REFRESH will pull the latest data from the Fusion Portal.

Navigation Menu

  • The left-hand menu in the Fusion Portal has several updates to improve usability.
    • Investigate > Search page has been updated to simplify usage. The global filter is now used to control the search, replacing a second NQL search and date/time selection box that had to be separately set in the previous version of this page. In the new search page, an additional button Stream Live appears in the global filter, allowing you to view real-time network activity immediately.
    • Investigate > Real-Time Traffic has been merged into the Investigate > Search page and removed as a separate page. Using Search with the Stream Live button selected is the equivalent to the previous Real-Time Traffic page.
    • Detect and Respond on the left-hand menu has been changed to a new Events section that now contains the three different Events pages on the menu instead of as tabs in a single Events page. The new menu options in the Events section are:
      • Events by Asset (formerly the Asset Summary tab in Events)
      • Events by Detection (formerly the Detection Summary tab in Events)
      • Event List (formerly the Event List tab in Events)
    • Detection Models are now directly accessible as a button on the menu.
    • Tools section has been removed. The IP Intelligence page has moved to the Investigate section, and the CVE Lookup page has been removed.

Settings Pages

  • The Settings pages have several updates to improve usability.
    • Settings > Account > Audit Log page will automatically populate with the last 24 hours of audit logs.
    • Settings > My Profile > Personalization has removed the Websocket throttle setting and renamed Real-time By Default to Stream By Default
    • Settings > User Management > API Keys will now give you the option to copy the netosecret API key to the clipboard after creating an API key. It will no longer display the value on the screen directly, or provide you with a separate appkey value. If you are using an older API client that requires appkeyand sharedsecret fields instead of netosecret, see https://docs.netography.com/reference/netosecret to decode the netosecret.
    • Settings > Data Management > Traffic Sources has a new Show Advanced button that will add additional traffic source types that are not frequently used.
      • Azure NSG has been moved to the advanced section, as Microsoft has announced the EOL of NSG flow logs in favor of Azure VNet flow logs.
      • AWS Kinesis has been moved to the advanced section, as although Kinesis has benefits in delivery timing, it has a much higher cost than integrating to AWS via S3.
    • Settings > Detect & Response > NQL Presets is a new page to view, create, and manage all NQL Presets.

NQL Presets

  • NQL Presets have been expanded to give you additional examples of common NQL queries and an easier way to view and manage them.
    • You now use NQL Presets in the global filter by clicking the NQL text box and then clicking the Presets tab. A new search box appears under Presets (right above where it says My Presets) to allow you to quickly find the preset by typing a few letters of its name. This replaces the floppy disk icon () in the global filter.
    • After entering a new NQL query in the global filter, a new SAVE PRESET button appears on the right-hand side of the text box while it has focus. This allows you to save your NQL query as a preset more easily.
    • All NQL Presets are shared across all users in your Fusion account. When you create a NQL Preset, it is listed under My Presets. When anyone else at your company saves a NQL Preset, it is immediately listed under Company Presets. There are no actions to create a Company Preset separately, and you can not keep a NQL Preset private from other users in your Fusion account.
    • A new Settings > Detect & Response > NQL Presets page now allows you to view all NQL presets and create and manage them.

Homepage

  • Homepage for the Fusion Portal has changed for accounts with no active traffic sources (i.e., first-time users) to indicate the first steps to start using Fusion more clearly and to limit the options available in the menu to those related to the initial setup.
  • The Netography logo and favicon has been updated.

Documentation

  • Netography Documentation at https://docs.netography.com has been updated to simplify the structure and provide new Quickstart guides with updated step-by-step instructions and video walk-throughs.
  • The API documentation has been updated to clarify how to create DNS traffic sources. This can be done using the Create VPC API endpoint (https://docs.netography.com/reference/v1_vpc_post) and setting the traffictype field to dns (this option is available for AWS S3 and GCP Pub/Sub today).

NetoFuse

  • NetoFuse has been updated to v1.1.14, adding support for the new netosecret API key format.

Regex in NQL: Numeric Ranges now supported

Numeric ranges match numbers within a specific range, providing greater flexibility for queries involving numeric values.

RegexpMeaningDescription
<1-10>Any number between 1 and 10Matches any numeric value between the 2 numbers
<01-010>Any number between 1 and 10 with leading 0sMatches any numeric value between the 2 numbers, including leading zeros

Numeric range examples

query.name =~ /ip-(<0-255>-?){3}(<100-200>)\..*/
Matches ip-<0-255>.<100-200>.x.x.

query.name =~ foo<1-100>
Matches "foo1", "foo2", ..., "foo100".

Numeric range performance

Using numeric range matching can simplify queries for numerical intervals but may increase execution time if used with large ranges or complex regex patterns. As with other regex patterns, avoid starting expressions with * or ? when combining them with numeric ranges to prevent performance degradation.

Security-related Changes

  • The session timeout for the Fusion Portal has been reduced to 30 minutes.
    • This new session timeout value means that if the Fusion backend does not receive any interactions from your web browser, it will automatically log you out of the portal after 30 minutes. If your browser remains open, it will automatically interact with the backend to refresh, and this time-out will never occur.
  • Fixed a bug where SSO users could reset their password, turning an SSO-only user account into a static Fusion account. Users who log in via SSO can no longer perform this action. If you are using SSO with Fusion, it is good practice to review the static (non-SSO) users in Settings > User Management and ensure you only have a single administrator user that is not configured for SSO.

New Third Party Software

  • Netography has integrated two new third-party tools into Fusion. Chameleon.io is being used to deliver more contextual help in the product (tooltips, links to documentation on specific pages, video walkthroughs, and feature tours). LogRocket is being used to analyze how users interact with Fusion. Both solutions are SOC2 certified, and Netography has limited the data that is being shared with these tools. See https://www.chameleon.io/security and https://docs.logrocket.com/docs/security. These tools will replace Netography's use of Pendo, which will be removed in an upcoming release.