Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

Releases: robcowart/elastiflow

ElastiFlow v3.3.0

16 Sep 17:24
@robcowart robcowart
v3.3.0
f66d3c4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.3.0

v3.3.0 is a minor release. No migration of data from v3.0.x or later to v3.3.0 is required.

This release includes the following changes:

New Features

  • Sample interval can be manually set if not sent by the device.
  • DNS resolution of IP addresses can be enabled for only exporters, endpoints or both.
  • Split docs into README.md and INSTALL.md.
  • Removed sflow.size_header.

Updates

  • Updated GeoLite2-City and GeoLite2-ASN DBs
  • Updated IP Reputation dictionary
  • Added field 99 to netflow.yml definitions
Assets 2
Loading

ElastiFlow v3.2.3

01 Sep 12:33
@robcowart robcowart
v3.2.3
3e37a5c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.2.3

v3.2.3 is a maintenance release. No migration of data from v3.0.x or later to v3.2.3 is required.

This release includes the following changes:

New Features

  • Support for Kibana 6.4.
  • Support for additional sFlow fields, including TCP Flags.
  • Added an IP reputation whitelist dictionary.
  • Added a CHANGELOG.md which documents all changes since v1.0.0.

Fixes

  • Minor dashboard tweaks.
  • Fixed document/index name version inconsistency.

Updates

  • Updated GeoLite2-ASN DB
  • Updated service name dictionary.
  • Updated IP Reputation dictionary.
Assets 2
Loading

ElastiFlow v3.2.2

22 Aug 09:14
@robcowart robcowart
v3.2.2
1ce14f5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.2.2

v3.2.2 is a maintenance release. No migration of data from v3.0.x or later to v3.2.2 is required.

This release includes the following changes:

Fixes

Minor changes to README.md.

Updates

Added additional Riverbed fields to netflow.yml.
Updated GeoLite2-ASN DB
Updated GeoLite2-City DB
Updated IP Reputation Dictionary

Assets 2
Loading

ElastiFlow v3.2.0

26 Jul 11:27
@robcowart robcowart
v3.2.0
1ce6892
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.2.0

v3.2.0 is a minor release. No migration of data from v3.0.x or v3.1.0 to v3.2.0 is required.

  1. Add a multi-server output option.
  2. Add support for RiverBed WAN Optimizers using a custom Netflow field definitions file.
  3. Cleanup of NBAR2 application IDs.
  4. Consider SYN-only TCP Flags when determining client/server.
  5. Provide the option to lookup interface names from a YAML dictionary.
  6. Add the ability to set the UDP receive buffer via an environment variable.
  7. Update GeoIP DBs.
  8. Update ASN DB.
Assets 2
Loading

ElastiFlow v3.2.1

26 Jul 17:31
@robcowart robcowart
v.3.2.1
d9b38c2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.2.1

v3.2.1 is a minor release. No migration of data from v3.0.x or later to v3.2.1 is required.

Well v3.2.0 was short lived! Found a bug related to the enrichment of Riverbed port numbers that I wanted to fix quickly.

Assets 2
Loading

ElastiFlow v3.1.0

24 Jun 23:58
@robcowart robcowart
v3.1.0
9df9168
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.1.0

v3.1.0 is a minor release. No migration of data from v3.0.x to v3.1.0 is required.

  1. Added country_code related fields.

  2. Normalized IPFIX NAT-related fields.

  3. Added a configurable default value of App ID source type.

  4. Added option for SSL connection to Elasticsearch.

  5. Added support for App IDs from v4.x of the Netflow codec. Compatibility with v3.x is maintained.

  6. Dashboards optimized for Kibana 6.3. (separate import file for 6.2 is also available)

Assets 2
Loading

ElastiFlow v3.0.3

20 May 10:29
@robcowart robcowart
v3.0.3
401b671
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.0.3

v3.0.3 is a maintenance release. No migration of data from v3.0.x to v3.0.3 is required.

This release includes the following changes:

New Features

  1. Added support for nDPI detected application names sent via Netflow from nProbe. A configuration file for nProbe, which works well with ElastiFlow™, is available HERE.
Assets 2
Loading

ElastiFlow v3.0.2

19 May 12:37
@robcowart robcowart
v3.0.2
b75043c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.0.2

v3.0.2 is a maintenance release. No migration of data from v3.0.0/v3.0.1 to v3.0.2 is required.

This release includes the following changes:

Updates

  1. Updated IP Reputation Dictionary - Reduced to focus on higher risk IPs. This also reduces the JVM heap requirements of Logstash.
Assets 2
Loading

ElastiFlow v3.0.1

18 May 08:56
@robcowart robcowart
v3.0.1
8217992
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
ElastiFlow v3.0.1

v3.0.1 is a maintenance release. No migration of data from v3.0.0 to v3.0.1 is required.

This release includes the following changes:

New Features

  1. Added field formatters to the Index Pattern to launch external URLs for IP addresses (www.talosintelligence.com/reputation_center/), Autonomous System Numbers (http://viewdns.info/asnlookup/) and Ports (http://www.adminsub.net/tcp-udp-port-finder/).
  2. Added recommended Kibana settings to README.md.

Fixes

  1. Fixed a few errors in README.md.
  2. Ignore application_id of 0:0.

Updates

  1. Updated GeoLite2-ASN DB
  2. Updated IP Reputation Dictionary
Assets 2
Loading

ElastiFlow v3.0.0

13 May 17:15
@robcowart robcowart
v3.0.0
18a6f11
Compare
Choose a tag to compare
ElastiFlow v3.0.0

  1. Dashboards have been rebuilt to leverage features added since the release of Kibana 6.x. This includes the addition of experimental dashboards which leverage the new Vega visualization.

  2. The schema was refactored to minimize the volume of data stored and increase the efficiency of processing. The result is a reduction of storage requirements by 20-30%, and better throughput.

  3. IP reputation tagging has been added to assist in the identification of suspect network traffic.

  4. Improved support for application identification data has been added for Cisco NBAR2 and Fortinet.

  5. Added support for simultaneous collection over IPv4 and IPv6 on separate interfaces.

  6. Versioning has been added for indices and index templates. This will make it possible in the future to create reindexing methods for the migration of historical data to newer versions.

  7. GeoIP and ASN lookups can now be enabled/disabled using an environment variable. Users who don't need these capabilities will be able to disable them, saving disk space and increasing processing efficiency.

  8. Index mappings were modified to more gracefully handle various vendor-specific flow field implementations.

  9. Fixed a regression related to the field type of various IPFIX date fields.

Assets 2
Loading