WANSIGHT Changelog

What's new in WANSIGHT 6.0

Jul 20, 2015
  • System
  • The software can be installed on new Linux distributions: Red Hat 7, CentOS 7, Debian 7, Ubuntu Server 14.
  • Automated software updates using DEB/RPM repositories.
  • The Console supports PHP 5.5 and PHP 5.6.
  • The Console no longer supports Wireshark versions lower than 1.8.3.
  • Graphs for iowait in Reports » Servers » Server Graphs.
  • Configuration » General Settings » Software Updates displays the latest software version and upgrading instructions.
  • Emails can be sent directly by the Console without requiring a local MTA. New Configuration » General Settings » Outgoing Email Settings, with configurable Sender Email.
  • Fixed sending emails to CC addresses.
  • Corrupted Console database can be repaired with "/opt/andrisoft/bin/WANmainenance repair".
  • 32-bit architectures are no longer supported.
  • Console
  • A new graphical slider for quick selection of custom time frames in Reports.
  • Reports and Configuration side regions can be set apart by user preference, e.g. one on the right and one on the left. New Ctrl→R keyboard shortcut toggles side regions.
  • Configuration » General Settings » Data Retention shows disk usage for newly created rrd files containing IP graph data.
  • Graphing IP sweeps can be enabled or disabled for IPv6 and/or IPv4 in Configuration » General Settings » Storage & Graphs.
  • Changed Conditional and Dynamic Parameters: {prefix}, {operation}, {sensor_type}, {domain}, {class}, {filter_*}, {filter_tcpdump_size}. The User Guide contains the new values.
  • New Dynamic Parameters: {from_year}, {from_month}, {from_day}, {from_dow}, {from_hour}, {from_minute}, {until_year}, {until_month}, {until_day}, {until_dow}, {until_hour}, {until_minute}, {direction_to_from}, {software_version}, {comparison}, {direction_receives_sends}, {duration_clock},{*_decoder_prefix} for {*_prefix}, {filter_type}, {filter}, {filter_id}, {response_actions}, {filtering_rule_log_size}, {filtering_rule_max_unit}, {filtering_rule_unit}.
  • Redesigned Response Configuration window. New email templates.
  • Redesigned IP Zone Configuration window.
  • New widgets: Flows List and Flows Tops.
  • Dashboards can be configured to have a unique time frame for all containing widgets.
  • Unprivileged users can open reports for IPs included in the allowed subnets.
  • Loading of IP Zones with thousands of IPs and subnets is 8 times faster.
  • Moved Configuration » General Settings » User Management » Authentication & Login to Configuration » General Settings » User Authentication.
  • Add Configuration » General Settings » User Authentication » Login Window Notification and Successful Login Notification.
  • Radius authentication fixed.
  • New statistics in by Reports » Components » Overall » Console.
  • Reports » Anomalies » Active Anomalies » Reverse DNS unchecked by default.
  • Reports » Anomalies » Active Anomalies shows a Flow Trace button for anomalies detected by Flow Sensors.
  • Visibility of items in Reports » Components and Reports » Servers can be toggled. Right-click opens their configuration.
  • Configuration » Components and Configuration » Schedulers items can be activated/inactivated with a single right click.
  • Various aesthetic improvements.
  • Sensor
  • Add a new SNMP Sensor, able to monitor networking devices supporting SNMP v1, v2c or v3.
  • The Sniffing Sensor renamed Packet Sensor.
  • The Virtual Sensor renamed Sensor Cluster.
  • New decoders: IP fragmented, TCP-NULL, TCP+RST, TCP+ACK, TCP+SYNACK, SSDP.
  • The BAD decoder matches IP NULL, SYN decoder doesn't match packets/flows with ACK flag set.
  • The Packet Sensor is compatible with PF_RING version 6 (Zero Copy, LibZero or DNA license not needed). PF_RING version 5 is not compatible anymore.
  • The Packet Sensor supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
  • The Sensor Cluster can aggregate IP graphs data.
  • Packet Sensors listening to the same interface (e.g. for multi-queue load balancing) do not require additional licenses.
  • The Packet Sensor has a new CPU affinity option.
  • A new "Manage Interfaces" button in the Flow Sensor Configuration window that provides a quick way to add multiple interfaces.
  • The Flow Sensor Configuration window has advanced SNMP options.
  • On Flow Sensor's Traffic Direction option. "Mixed" renamed "Auto", "Inbound" renamed "Upstream", "Outbound" renamed "Downstream".
  • BGP
  • Reports » Anomalies & Tools » BGP Prefixes renamed BGP Operations.
  • Added Reports » Anomalies & Tools » BGP Operations » Black Hole, Divert Traffic and Remove All.
  • BGP Connections can be configured to announce subnets with configurable masks for BGP peers that do not accept /32 prefixes for null-routing or cloud-based DDoS mitigation services.
  • All connections to remote quagga/bgpd services are initialized solely from the Console server.
  • Deleting BGP announcements manually works for delayed announcements.
  • BGP Announcements Archive displays BGP Connection Role.
  • Filter
  • The Filter renamed Packet Filter.
  • A new Flow Filter, able to detect attackers from flow data analyzed by a Flow Sensor.
  • A new Filter Cluster, able to cluster multiple Packet Filters and Flow Filters.
  • The Filters can use the hardware-based packet filter from Chelsio T4 and T5 10/40 gigabit adapters.
  • New Whitelists Templates, for sharing Whitelists between Filters. Add them in Configurations » Network & Policy » .
  • Support for adding IPv4 and IPv6 subnets in Whitelists and Whitelist Templates.
  • The Packet Filter supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
  • The Packet Filter has a new CPU affinity option.
  • The Packet Filter can block private IPs when using the Software Filtering Policy.
  • The Filter works for outgoing attacks.
  • The Packet Filter supports PF_RING 6.

New in WANSIGHT 5.2 (Nov 27, 2013)

  • Full IPv6 support for the Sensors.
  • The Packet Analyzer has been extended with auto-stop functions.
  • The Sniffing Sensor can use native PF_RING functions.
  • Graphing IP sweeps can be disabled.
  • New decoders have been added: Flows (Flow Sensor only), SSH, Youtube, NetFlix, and Hulu.