NetFort Advertising

Release notes 14.4.1

This release introduces some changes and new features to help with compliance monitoring, including:

A new compliance section presents reports for monitoring technical security compliance with CIS CSC 20 and GDPR.

Use these reports as templates with report variables to build custom reports to demonstrate compliance, for example, to identify when outdated TLS/SSL versions are in use.

The following reports have been renamed in order to create these new report sections:

Old Name New Name Report ID
Top MS SQL Database SQL Databases 169
Top File Share Servers Windows File Share Servers 212
Top SSL Servers SSL Servers 474
Top DNS Servers DNS Servers 498
Network Events (New MAC Addresses) New Machines Detected on Network 119
Top Servers All Servers 103
Top Clients All Clients 45
Top Protocols Applications in Use 456
Network Events (IDS) Network Security Events (IDS) 87
Clients using the DNSChanger name servers Clients associated with DNSChanger name servers 426
Network Event (Conficker) Conficker 152
Top Proxy Sessions Users Accessing External Proxy 109
DNS Lookups Associated with Malware Domains Systems Accessing Malware Domains 39
Top Countries by Server Location Countries by Server Location 521
Top Countries by Client Location Countries by Client Location 520
Top Server Ports Ports, Services and Protocols 49
Protocols on non-standard ports Protocols on Non-standard Ports 497
Network Events (IDS) Network Security Events (IDS) 87
Top Protocols Network Traffic Protocols in Use on the Network 428
Protocols on non-standard ports Protocols on Non-standard Ports 497
Clients using the DNSChanger name servers Clients associated with DNSChanger name servers 426
Top Proxy Sessions Users Accessing External Proxy 109
Network Events (MS SQL) by User Users Accessing SQL Databases 182
Top Fileservers :: By User Users Accessing Windows File Shares 467
SMTP Events (Emails with Attachments) SMTP Emails Sent with Attachments 495
Top Protocols by User All Users and Their Activity 466

SMB fileshare alerts on failed attempts to map network shares, create or read files and folders. Use these alerts for early warning of potential lateral movement or data exfiltration attempts. See the “Network Events (SMB)” report.

Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used. Use the new “TLS/SSL:: Encryption Protocols in Use (TLS/SSL)” report to validate that servers are using up to date and secure protocols and ciphers.

New Server Port detection alert. Use the new “Network Events (New Sever Ports)” report to alert when a new server port is created and to track changes in server inventory.

New Applications in use black/whitelist. The new “Applications in Use” report (was “Top Protocols”) has a powerful new filter for Encryption Protocol to build approved applications blacklists and whitelists.