20 October 2012
Detailed Changelog for Wanguard 5.0
Console:
- A completely new Flow Collector interface. It allows easy navigation into flow data and provides powerful statistics and summaries
- A brand new Packet Analyzer. You can now capture packets using just a few clicks and then view the dumps in detail in a wireshark-like web interface
- A new Configuration Wizard
- A new License Manager available for Administrators. It's flexible, allows rebranding and customisations
- Users can change their passwords, Themes and Side Region position
- Combined Reports for IPs, IP Groups and Sensors
- Two new separate Dashboards for IP Reports and Sensor Reports
- Most Reports can be sent by Email
- Sensor graphs can be summed
- Added lots of new Sensor graphs: average packet size, CPU%, RAM, no. of IP graphs, no. of IP Accounting records etc.
- Easier IP Zone configuration that can be listed
- Dashboard permissions
- Dashboard widget hierarchy
- A new HTML widget for Dashboards
- Custom fields for Live Sensor Stats Widget
- ASN graph widget
- Unified panels in an intuitive manner
- Bookmarks lets you save frequently used, manually entered data
- A new "Quick Search" button with full Reports functionality
- Live & archived tops by "IP Group" and "IP version"
- Perpetual sessions
- Over 100 other smaller enhancements
Sensor:
- Supports configurable traffic decoders everywhere: stats, tops, graphs, accounting
- Flow engine rewrite. Now supports NetFlow v9, IPFIX and native sFlow
- Flows can be collected in an efficient binary format
- Flow Sensor consumes less RAM
- Flow Sensor supports "Mixed" traffic interfaces
- Flow Sensor supports multiple time-zones
- Flow Sensor restarts itself gracefully if it doesn't receive flows for a long time
- 32bit AS numbers support
- Sniffing Sensor adds a new Traffic Capturing framework. Supports full captures, file rotations and advanced sampling
- Protocols distribution generator takes into account the traffic's direction
- The number of top items is configurable
- Compatible with the new Server-based configuration
Filter:
- Compatible with the new thresholds system
- Compatible with the new Server-based configuration
WANGUARD-specific:
- Introducing A.T.L.A.S. - Andrisoft's Threat Level Analysis System that enables managed security services and remote NOC supervision
- Console shows live attacks in much more detail and includes additional actions: add a comment, withdraw BGP announcement, generate a Report
- Detailed Anomaly Reports. Can be sent automatically by email
- Decoder-based thresholds
- Prediction-based thresholds
- Percentage-based thresholds
- Minimum thresholds
- Non-inheritable thresholds
- Per subnet thresholds
- Each threshold rule can have it's own Response
- Anomalies Overview Report
- BGP announcements grouping by Router or IP/Mask
- Configurable BGP announcements timeouts
- Customisable Anomalies expiration time
- Added a link severity parameter
- Severity bar is coloured to indicate the link's severity