Welcome to ntopng 6.0: new Dashboard, Vulnerability Scan, Cloud [beta], Periodic Reports, Threshold-based Alerts

Posted · Add Comment

This is to announce ntopng 6.0 a new major release that includes many new features and improvements:

  • ntopng is no longer just a real-time traffic monitoring application: it can now track assets when offline and enable better investigations leveraging on improved historical traffic analysis.
  • Implemented vulnerability reports that can scan hosts, ports, and look for CVEs. Even if other tools sport similar features, ntopng is unique in merging traffic analysis with vulnerability assessment. This means that you can position your CVEs with respect to real traffic (i.e. a severe vulnerability is not too problematic if nobody access the service) or discover open host ports never used in traffic (i.e. you better close them).
  • The user interface has been greatly redesigned: we have implemented a flexible template-based reporting system and a new dashboard. In the next release ww’ll release an editor for customising it.
  • OT/Scada support has been enhanced with new ModBus support and behavioural alerts.
  • We have implemented basic features, currently in beta, for running ntopng/nProbe in cloud (you can read more here). This is just the beginning of a long journey for making ntop tools cloud-aware and in the following months we plan to finalise the development.

The list of features is very long and we will schedule a webinar within the next couple of weeks (we’ll send an announce on this blog) where we will walk through all the changes of this new release.

Below you can read a list of the main changes of this new release:

  • New configurable Dashboard with new built-in templates.
  • New configurable Traffic Report that can be delivered via email.
  • New Vulnerability Scans & CVEs support.
  • Introduced basic features for supporting ntop cloud [beta].
  • Add support to Periodic Reports notified via Recipients (e.g. email).
  • Add Inactive Hosts: track assets even when no longer online.
  • Add PagerDuty and TheHive integration.
  • Add Server Ports Analysis page.
  • Enable multithreading in active measurements (more accurate).
  • Migrate frontend chart timeseries library to Dygraph.
  • Add support for MAC Address based RADIUS accounting.
  • Improve OT, ICS, Scada support as well introduced support for Modbus protocol and alerts.
  • Trigger External Host alerts directly from Lua (also for inactive hosts).
  • Add support for LLDP id to MIB-II InterfaceId mapping.
  • Add support for bidirectional rules.
  • Add support for Enterprise XL bundle license.

You can read the Changelog for all details.

Enjoy !