NetFlow Threat Hunting app roadmap

This is our app's roadmap. You can see what we are working on and what will be added to our app in the future. Please help us better understand what you are looking for by voting on an interesting feature.

Feature Request
  • Complete
    Support public IP with subnet mask different then /32# 20
    Whitelist blacklist management# 16
    Change Status for Alert# 14
    Blacklisting IP# 13
    Whitelisting IP# 12
    View More
  • Progress
    Netflow application reputation# 31
    Netflow URL reputation# 30
    Netflow DNS domain reputation# 29
    Netflow web domain reputation# 28
    BGP community peering# 27
    View More
  • Backlog
    AnyConnect NVM support# 38
    Endpoint Agent for Linux# 37
    Endpoint Agent for MacOS# 36
    Endpoint Agent for Windows# 35
    Top3 alarms weekly via UI# 34
    View More
  • BGP community peering# 27

    allowing customer\'s border router to receive prefixes via BGP and block communication to malicious (blacklisted) IP address on the edge of network

  • Whitelisting IP# 12

    Allows whitelisting an IP when IP is NOT malicious. There will be no alarms generated for that IP anymore.

  • Blacklisting IP# 13

    Opposite to whitelisting, allows the alarms to be generated for that IP.

  • Netflow DNS domain reputation# 29

    support checking of DNS domain reputation (domain sent in netflow records)

  • Whitelist blacklist management# 16

    manage your own custom whitelists and blacklists

  • Host role mapping# 25

    analyses the traffic generated by host and assigned a role

  • Support of analytics of AWS VPC flow logs# 23

    ability to perform analytics of AWS generated traffic

  • Host risk mapping# 26

    analyses the risk based on the malicious communication to/from host

  • Netflow web domain reputation# 28

    support checking of web domain reputation (domain sent in netflow records)

  • Netflow URL reputation# 30

    support checking of URL reputation (URL sent in netflow records, for plain text http or in case traffic is decrypted and reencrypted for inspection purpose)

  • Netflow application reputation# 31

    support checking of application reputation (application name sent in netflow records)

  • Critical alarms per network segment# 32

    Allows to see critical alarms grouped per network segment.

  • Top3 alarms weekly via UI# 34

    Allows to see top3 alarms generated within last week.

  • Endpoint Agent for Windows# 35

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for MacOS# 36

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for Linux# 37

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • AnyConnect NVM support# 38

    Allows to send NetFlow telemetry directly from the client using Cisco AnyConnect Network Visibility Module.

  • Host map view# 24

    shows all the hosts active for a tenant

  • Save alerts as PDF# 8

    Allows to export alert list as a PDF and send it over the email.

  • Incident creation# 22

    support incidents which are a set of alarms combined together using simple rules

  • Support large customers with 10G flows daily# 21

    ability to ingest up to 10G flows daily per tenant

  • Support public IP with subnet mask different then /32# 20

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • Support multiple public IP addresses# 19

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • RBACL for users/admins phase 1 # 18

    create different users roles to manage your deployment

  • ServicenNow integration phase 1# 17

    create incidents in ServiceNow once new alarm is detected

  • Push notifications on new alerts# 15

    mobile app/phone will get a notification every time new alarm is received (with configurable daily limit)

  • Change Status for Alert# 14

    allows to change status for alerts so that an analyst is able to mark alerts as false positives.

  • Investigation Panel# 11

    Allows to start investigation with 3rd party sites like Cisco Talos or Virus Total

  • Alert details screen# 10

    Allows to see details of an alert with additional information such as SRC_IP, DST_IP, SPort, DPort, and Protocol.

  • Mark alerts as Resolved# 9

    After successful threat mitigation or False Positive verification, it allows to mark an alert as resolved, so that it will be stored in the archive.

  • AnyConnect NVM support# 38

    Allows to send NetFlow telemetry directly from the client using Cisco AnyConnect Network Visibility Module.

  • Endpoint Agent for Linux# 37

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for MacOS# 36

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for Windows# 35

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Top3 alarms weekly via UI# 34

    Allows to see top3 alarms generated within last week.

  • Critical alarms per network segment# 32

    Allows to see critical alarms grouped per network segment.

  • Netflow application reputation# 31

    support checking of application reputation (application name sent in netflow records)

  • Netflow URL reputation# 30

    support checking of URL reputation (URL sent in netflow records, for plain text http or in case traffic is decrypted and reencrypted for inspection purpose)

  • Netflow DNS domain reputation# 29

    support checking of DNS domain reputation (domain sent in netflow records)

  • Netflow web domain reputation# 28

    support checking of web domain reputation (domain sent in netflow records)

  • BGP community peering# 27

    allowing customer\'s border router to receive prefixes via BGP and block communication to malicious (blacklisted) IP address on the edge of network

  • Host risk mapping# 26

    analyses the risk based on the malicious communication to/from host

  • Host role mapping# 25

    analyses the traffic generated by host and assigned a role

  • Host map view# 24

    shows all the hosts active for a tenant

  • Support of analytics of AWS VPC flow logs# 23

    ability to perform analytics of AWS generated traffic

  • Incident creation# 22

    support incidents which are a set of alarms combined together using simple rules

  • Support large customers with 10G flows daily# 21

    ability to ingest up to 10G flows daily per tenant

  • Support public IP with subnet mask different then /32# 20

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • Support multiple public IP addresses# 19

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • RBACL for users/admins phase 1 # 18

    create different users roles to manage your deployment

  • ServicenNow integration phase 1# 17

    create incidents in ServiceNow once new alarm is detected

  • Whitelist blacklist management# 16

    manage your own custom whitelists and blacklists

  • Push notifications on new alerts# 15

    mobile app/phone will get a notification every time new alarm is received (with configurable daily limit)

  • Change Status for Alert# 14

    allows to change status for alerts so that an analyst is able to mark alerts as false positives.

  • Blacklisting IP# 13

    Opposite to whitelisting, allows the alarms to be generated for that IP.

  • Whitelisting IP# 12

    Allows whitelisting an IP when IP is NOT malicious. There will be no alarms generated for that IP anymore.

  • Investigation Panel# 11

    Allows to start investigation with 3rd party sites like Cisco Talos or Virus Total

  • Alert details screen# 10

    Allows to see details of an alert with additional information such as SRC_IP, DST_IP, SPort, DPort, and Protocol.

  • Mark alerts as Resolved# 9

    After successful threat mitigation or False Positive verification, it allows to mark an alert as resolved, so that it will be stored in the archive.

  • Save alerts as PDF# 8

    Allows to export alert list as a PDF and send it over the email.

Top