The MetaFlows interface was updated last night with the following changes:
- Visual Grouping
Detailed records of an Historical query, when sorted by time, are visually time-grouped with a red or black border. - Escalation Reports
Escalation reports now include all detail record information instead of just listing the client/server ports/IP addresses. - Sensor Software Updates
- Parallel Snort Processes
Sensors now run parallel Snort processes to make event processing more efficient. - Snort VRT Rules
You can now use your existing Snort VRT Rules subscription. To add your existing Snort VRT Rules subscription to one of your sensors check the checkbox next to “SourceFire VRT Rules?” and fill in the Oinkcode, OS, and subscription type fields (they appear only after you check the “SourceFire VRT Rules?” checkbox). - Emerging Threats Pro Rules
All sensor subscriptions now include an Emerging Threats Pro Rules subscription. - WHOIS
Sensors now return enhanced host information.
- Parallel Snort Processes
- Bots on the Dashboard
The MetaFlows interface dashboard now lists all IP addresses that have a ranking greater than 0 and were part of events during the last 24 hours. Clicking on the IP address will take you to the historical interface and show all events from that IP address. - Pausing the Real Time Interface
Click on the Pause icon at the bottom of the Real Time Interface to halt the display (so you can inspect records). If you pause the display, data will still be collected and kept, but new flows will not be added to the display. Once you un-pause, all flows that came in while the interface was paused will be displayed. - Query for Historical records by ranking
A ranking option was added to the historical interface query options. If you turn on the “Ranking” option at the bottom of the Historical Interface before you click the “Reload” button to query for data matching the historical query options, only records with a ranking greater than 0 will be returned. This reduces the amount of records by several orders of magnitude. - Forums and Groups
Both Forums and Groups are new features to help you troubleshoot problems, analyze data gathered by your sensors, and receive assistance from the user community at large. - Ticketing
Tickets can be created from escalation reports and submitted to groups in which you are a member.