Release notes 11/21/2022

Netography Fusion has more improvements for Labels and dashboard widgets in the portal. The color of Labels in flow tables now correspond to the type of label (custom, system, customized system). Labels for both src and dst now show in a Label context column (e.g. label.ip.context). The column selection of label fields in tables has now been collapsed for a cleaner UX. Labels from other contexts now appear in the dropdown when editing alternate contexts. Label character validation has also been added.

New Features

Portal

Dashboard widgets for multi-series charts now include the ability to choose from a color palette. If multiple charts are using the same palette, the series colors within the charts will be stating, meaning that series values (e.g. IP addresses) will remain the same color throughout multiple widgets. Refer to the below Color Palette for reference.

Context Integrations

We’ve added a new Crowdstrike Falcon Protect integration. Crowdstrike Falcon Protect pulls in User and Account information, such as MAC address, hostname, OS, etc. Once the information is pulled, it is presented as a system label in the portal. This integration uses the Falcon HOST API, as opposed to the Falcon DISCOVER API.

Enhancements

Portal

  • Widgets: Additional color functionality:
    • IP addresses maintain the same color across widgets (if the same color palette is used)
    • Field values such as countrycode or srcip have the same color line if it appears in multiple charts
  • Widgets: Previews are now shown when configuring settings.
  • IP Explorer: Now defaults showing the IP name (if available) in addition to IP address
  • IP Explorer: Default query now shows in Global Filters and can be modified.
  • Context Labels: List of labels are now shown from other contexts of the same name to avoid re-creating the same label for multiple IP addresses.
  • Labels: Character description added for confirming list of allowed characters, length and validation before submission
  • Context Integration: The Cloud Abbreviation field in the CrowdStrike integration is now a dropdown menu for choosing your regions.
  • Account Secret Keys are unretrievable
  • Checkbox has been added to bulk enable/disable Threat Detection Models (TDMs)
  • Polling enable/disable toggle now available in VPC endpoint
  • The integration name is now shown in the delete window when removing an integration
  • Dashboards: Metric hidden in GF instead of disable
  • Experimental: Flow status refresh page has been renamed to Flow Outage and now shows event windows for noflow events as compared with an aggregate flow graph
  • Bulk operations for enabling and disabling Detection Models has been introduced.

API Docs

CSV File Upload endpoints now added for our Labels API. For more information, see IP Labels File Upload and Port Labels File Upload.

Other bug fixes and improvements

Portal

  • Not handling extremely long, single line, flow source errors
  • VPC Error formatting not capturing newlines
  • Clicking above or below a modal doesn’t close it
  • IP Explorer: menu not redrawing on window resize
  • Account Settings: non-functional if alerter is down
  • Context Integration: AWS tags are not required
  • When using enable/disable in flow sources of Oracle VPC an error is reported
  • Labels: CSV files with trailing newline not being accepted
  • SOC2 Remediations