WANSIGHT Changelog
What's new in WANSIGHT 6.0
Jul 20, 2015- System
- The software can be installed on new Linux distributions: Red Hat 7, CentOS 7, Debian 7, Ubuntu Server 14.
- Automated software updates using DEB/RPM repositories.
- The Console supports PHP 5.5 and PHP 5.6.
- The Console no longer supports Wireshark versions lower than 1.8.3.
- Graphs for iowait in Reports » Servers » Server Graphs.
- Configuration » General Settings » Software Updates displays the latest software version and upgrading instructions.
- Emails can be sent directly by the Console without requiring a local MTA. New Configuration » General Settings » Outgoing Email Settings, with configurable Sender Email.
- Fixed sending emails to CC addresses.
- Corrupted Console database can be repaired with "/opt/andrisoft/bin/WANmainenance repair".
- 32-bit architectures are no longer supported.
- Console
- A new graphical slider for quick selection of custom time frames in Reports.
- Reports and Configuration side regions can be set apart by user preference, e.g. one on the right and one on the left. New Ctrl→R keyboard shortcut toggles side regions.
- Configuration » General Settings » Data Retention shows disk usage for newly created rrd files containing IP graph data.
- Graphing IP sweeps can be enabled or disabled for IPv6 and/or IPv4 in Configuration » General Settings » Storage & Graphs.
- Changed Conditional and Dynamic Parameters: {prefix}, {operation}, {sensor_type}, {domain}, {class}, {filter_*}, {filter_tcpdump_size}. The User Guide contains the new values.
- New Dynamic Parameters: {from_year}, {from_month}, {from_day}, {from_dow}, {from_hour}, {from_minute}, {until_year}, {until_month}, {until_day}, {until_dow}, {until_hour}, {until_minute}, {direction_to_from}, {software_version}, {comparison}, {direction_receives_sends}, {duration_clock},{*_decoder_prefix} for {*_prefix}, {filter_type}, {filter}, {filter_id}, {response_actions}, {filtering_rule_log_size}, {filtering_rule_max_unit}, {filtering_rule_unit}.
- Redesigned Response Configuration window. New email templates.
- Redesigned IP Zone Configuration window.
- New widgets: Flows List and Flows Tops.
- Dashboards can be configured to have a unique time frame for all containing widgets.
- Unprivileged users can open reports for IPs included in the allowed subnets.
- Loading of IP Zones with thousands of IPs and subnets is 8 times faster.
- Moved Configuration » General Settings » User Management » Authentication & Login to Configuration » General Settings » User Authentication.
- Add Configuration » General Settings » User Authentication » Login Window Notification and Successful Login Notification.
- Radius authentication fixed.
- New statistics in by Reports » Components » Overall » Console.
- Reports » Anomalies » Active Anomalies » Reverse DNS unchecked by default.
- Reports » Anomalies » Active Anomalies shows a Flow Trace button for anomalies detected by Flow Sensors.
- Visibility of items in Reports » Components and Reports » Servers can be toggled. Right-click opens their configuration.
- Configuration » Components and Configuration » Schedulers items can be activated/inactivated with a single right click.
- Various aesthetic improvements.
- Sensor
- Add a new SNMP Sensor, able to monitor networking devices supporting SNMP v1, v2c or v3.
- The Sniffing Sensor renamed Packet Sensor.
- The Virtual Sensor renamed Sensor Cluster.
- New decoders: IP fragmented, TCP-NULL, TCP+RST, TCP+ACK, TCP+SYNACK, SSDP.
- The BAD decoder matches IP NULL, SYN decoder doesn't match packets/flows with ACK flag set.
- The Packet Sensor is compatible with PF_RING version 6 (Zero Copy, LibZero or DNA license not needed). PF_RING version 5 is not compatible anymore.
- The Packet Sensor supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
- The Sensor Cluster can aggregate IP graphs data.
- Packet Sensors listening to the same interface (e.g. for multi-queue load balancing) do not require additional licenses.
- The Packet Sensor has a new CPU affinity option.
- A new "Manage Interfaces" button in the Flow Sensor Configuration window that provides a quick way to add multiple interfaces.
- The Flow Sensor Configuration window has advanced SNMP options.
- On Flow Sensor's Traffic Direction option. "Mixed" renamed "Auto", "Inbound" renamed "Upstream", "Outbound" renamed "Downstream".
- BGP
- Reports » Anomalies & Tools » BGP Prefixes renamed BGP Operations.
- Added Reports » Anomalies & Tools » BGP Operations » Black Hole, Divert Traffic and Remove All.
- BGP Connections can be configured to announce subnets with configurable masks for BGP peers that do not accept /32 prefixes for null-routing or cloud-based DDoS mitigation services.
- All connections to remote quagga/bgpd services are initialized solely from the Console server.
- Deleting BGP announcements manually works for delayed announcements.
- BGP Announcements Archive displays BGP Connection Role.
- Filter
- The Filter renamed Packet Filter.
- A new Flow Filter, able to detect attackers from flow data analyzed by a Flow Sensor.
- A new Filter Cluster, able to cluster multiple Packet Filters and Flow Filters.
- The Filters can use the hardware-based packet filter from Chelsio T4 and T5 10/40 gigabit adapters.
- New Whitelists Templates, for sharing Whitelists between Filters. Add them in Configurations » Network & Policy » .
- Support for adding IPv4 and IPv6 subnets in Whitelists and Whitelist Templates.
- The Packet Filter supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
- The Packet Filter has a new CPU affinity option.
- The Packet Filter can block private IPs when using the Software Filtering Policy.
- The Filter works for outgoing attacks.
- The Packet Filter supports PF_RING 6.
New in WANSIGHT 5.2 (Nov 27, 2013)
- Full IPv6 support for the Sensors.
- The Packet Analyzer has been extended with auto-stop functions.
- The Sniffing Sensor can use native PF_RING functions.
- Graphing IP sweeps can be disabled.
- New decoders have been added: Flows (Flow Sensor only), SSH, Youtube, NetFlix, and Hulu.