NetFort Advertising

Release notes 14.4.4 – 13th December 2018

This maintenance release includes some essential updates and some new minor features.

Updated Inventory Classification Databases
The GeoIP database and Vendor MAC OUI databases have been updated giving more accurate country locations and end device manufacturer information.

Record VLAN tags
VLAN tags are now extracted from packet data and saved for each traffic flow. New reports to display and search for VLAN tags will be released in Version 14.5. If you require immediate access to VLAN tags, please contact the support team.

View SMB credentials
The Network Events (SMB) by user report has been enhanced by adding the user credentials used in the SMB transaction. Use this report to compare the Domain credentials of the logged on user to the credentials used to access SMB fileshares to highlight sharing of passwords, excessive use of Administrator rights etc.

Update Application Recognition
Continuous improvement of the LANGuardian Application Recognition to expand the list of recognized applications and to reduce false positives.





Release notes 14.4.3 – 6th October 2018

This maintenance release includes fixes for the following issues:

IDS signature database daily updates failing
A recent change to the Emerging Threats IDS signature database publishing mechanism has caused daily ET Open IDS updates on LANGuardian systems to fail. ET have confirmed that they will revert the change. LANGuardian 14.4.3 IDS signature updates will operate on both the old and new publishing formats. We advise any customers who require daily IDS signature database updates to upgrade to 14.4.3

Portscan detector improvements
LANGuardian supports in-built portscan detector. 14.4.3 contains improvement to the implementation of the detection algorithm that reduces false positives and improves performance, thereby improving overall accuracy.





Release Notes 14.4.2 – 22nd August 2018

This maintenance release includes fixes for the following issues:

NGR-2112 – Support disks > 2TB

NGR-2107 – Drilldowns in reports 49 and 450 are inconsistent

NGR-2105 – Enable DNS decoding by default

NGR-2091 – Report 203 fails due to size of total field

NGR-2084 – Include portscan target in email

NGR-2083 – Incorrect IP ranges in netscan alerts

NGR-2072 – Support unmount version 3 events on NFS reports





Release Notes 14.4.1 – 27th March 2018

This release introduces some changes and new features to help with compliance monitoring, including:

A new compliance section presents reports for monitoring technical security compliance with CIS CSC 20 and GDPR.

Use these reports as templates with report variables to build custom reports to demonstrate compliance, for example, to identify when outdated TLS/SSL versions are in use.

The following reports have been renamed in order to create these new report sections:

Old Name New Name Report ID
Top MS SQL Database SQL Databases 169
Top File Share Servers Windows File Share Servers 212
Top SSL Servers SSL Servers 474
Top DNS Servers DNS Servers 498
Network Events (New MAC Addresses) New Machines Detected on Network 119
Top Servers All Servers 103
Top Clients All Clients 45
Top Protocols Applications in Use 456
Network Events (IDS) Network Security Events (IDS) 87
Clients using the DNSChanger name servers Clients associated with DNSChanger name servers 426
Network Event (Conficker) Conficker 152
Top Proxy Sessions Users Accessing External Proxy 109
DNS Lookups Associated with Malware Domains Systems Accessing Malware Domains 39
Top Countries by Server Location Countries by Server Location 521
Top Countries by Client Location Countries by Client Location 520
Top Server Ports Ports, Services and Protocols 49
Protocols on non-standard ports Protocols on Non-standard Ports 497
Network Events (IDS) Network Security Events (IDS) 87
Top Protocols Network Traffic Protocols in Use on the Network 428
Protocols on non-standard ports Protocols on Non-standard Ports 497
Clients using the DNSChanger name servers Clients associated with DNSChanger name servers 426
Top Proxy Sessions Users Accessing External Proxy 109
Network Events (MS SQL) by User Users Accessing SQL Databases 182
Top Fileservers :: By User Users Accessing Windows File Shares 467
SMTP Events (Emails with Attachments) SMTP Emails Sent with Attachments 495
Top Protocols by User All Users and Their Activity 466

SMB fileshare alerts on failed attempts to map network shares, create or read files and folders. Use these alerts for early warning of potential lateral movement or data exfiltration attempts. See the “Network Events (SMB)” report.

Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used. Use the new “TLS/SSL:: Encryption Protocols in Use (TLS/SSL)” report to validate that servers are using up to date and secure protocols and ciphers.

New Server Port detection alert. Use the new “Network Events (New Sever Ports)” report to alert when a new server port is created and to track changes in server inventory.

New Applications in use black/whitelist. The new “Applications in Use” report (was “Top Protocols”) has a powerful new filter for Encryption Protocol to build approved applications blacklists and whitelists.





Release Notes 14.4 – 15th January 2018

NetFort are delighted to announce the availability of the latest major LANGuardian release, V14.4. It includes a number of major enhancements including GeoIP traffic reporting, improvements to the alerting engine and the ability to capture network traffic and generate a PCAP via any LANGuardian sensor on the network.
New GeoIP filtering and displays, enables you to report and alert on the countries where traffic and data on your network comes from and goes to. Use this for improving your network security or to meet data export compliance regulations, such as GDPR.

New MetaData alerting GUI and rules support, to alert on a wide range of conditions and events that LANGuardian monitors for, such as authorized applications, unknown DNS servers, inter-subnet access attempts and much more. Use this to implement network usage policy alerting for security and compliance. This is a upgrade on the previous version and further enhancements are planned in the next LANGuardian version.
New user credentials from SMB sessions.Identify sharing of credentials to comply with Identity and Access Management (IAM) for GDPR.

New Windows Services (DCERPC) decoder. Analyse what Microsoft traffic on port 445 and 139 is doing and passively build an accurate inventory of Windows systems and versions.
New full packet capture mechanism to save PCAPs from any LANGuardian sensor on your network from a centralized GUI. Leverage your LANGuardian installation to get complete coverage for troubleshooting or forensics. Improved accuracy of Google QUIC fingerprinting so you can identify, for example, YouTube traffic in Chrome. Understand how your bandwidth and network resources are being used. New PDF format option for scheduled reports. Keep up to date with network status and performance from your inbox.





Release Notes 14.3.2 – 12th October 2017

LANGuardian 14.3.2 is a maintenance release for LANGuardian version 14.3.

NGR-1686: Improved performance of BitTorrent decoder.

NGR-1674: Updated AD integration help

NGR-1671: Added support for Berkley Packet Filter (BPF) for PCAP file reader sensor types.

NGR-1635: Appended onto domain

NGR-1046: Improved Application Identification for Google QUIC network protocol.

NGR-1674: Updated help and documentation for Identity Module Active Directory configuration

NGR-1658: Fixed PDF export for reports with () in the name.





Release Notes 14.3.1 – 17th August 2017

LANGuardian 14.3.1 is a maintenance release for LANGuardian version 14.3.

HP Smart Array RAID controllers support

Fixed an issue with trends based on netflow data





Release Notes 14.3 – 26th July 2017

A significant release with in excess of 300 individual updates and modifications.

It is mostly under the covers work that users will benefit from, but there are some visible changes too.

Improved Performance of Data Acquisition and Reporting
LANGuardian has been rebased to CentOS 7, offering better peripheral support, improved performance and an up to date, more secure platform. NetFort applications including traffic analysis, traffic database, and reporting have had significant modifications to boost performance too. Traffic acquisition is now possible at full 10G rates, consult for configuration details.

We’ve added a GEO IP database to LANGuardian, with information presented via a country flag displayed with IP addresses.
This helps administrators to know the origin and destination of traffic and data flows in and out of the network. If this is useful, we’ll extend this in subsequent releases with query by country/region, let us know.

Improved Active Directory Integration
Active Directory integration for monitoring User Activity has enjoyed a refresh.
Changes include a more efficient and secure interrogation of Domain Controllers, with better informational and error messages to aid configuration. Some reconfiguration of your LANGuardian is required to benefit from this. Details on NetFort Forum or contact

Enhanced GUI and Usability
Continued improvements to the GUI in this release include new notification messages, new scrolling, new layouts in the Configuration and Settings menus, improved mobile version and new tool tips.

Improved Reporting and Alerting
GUI reporting has been improved with updated drill downs, improved PDF export (especially for ‘wide’ reports), updated MAC Vendor database, new filters for SSL inventory, fixed rendering of non-ASCII characters and more. Email reports and syslog alerts updated with better sorting and more information (e.g port numbers for IDS alerts, Bit Torrent info hash etc). To avoid sending excessively large emails when similar alerts go beyond a certain limit within the email interval, only the extra total is shown, rather than repeating the detail of each alert in the body of the email.

Continued Development of MetaData Alerting Engine
LANGuardian includes a metadata alerting engine, allowing Administrators to create rules that operate on LANGuardian metadata keywords.
Alert on access to specific websites, files or folder names, source or destination IP address etc.
While we’re developing the engine we’ve provided a rudimentary GUI interface.