NetFlow Threat Hunting app roadmap

This is our app's roadmap. You can see what we are working on and what will be added to our app in the future. Please help us better understand what you are looking for by voting on an interesting feature.

  • Road map
  • Most voted
  • Newest
Feature Request
  • Complete
    Mark alerts as Resolved# 9
    Alert details screen# 10
    Investigation Panel# 11
    Whitelisting IP# 12
    Blacklisting IP# 13
    View More
  • Progress
    Save alerts as PDF# 8
    Support multiple public IP addresses# 19
    Host map view# 24
    BGP community peering# 27
    Netflow web domain reputation# 28
    View More
  • Backlog
    Push notifications on new alerts# 15
    ServicenNow integration phase 1# 17
    RBACL for users/admins phase 1 # 18
    Support large customers with 10G flows daily# 21
    Incident creation# 22
    View More

  • Whitelisting IP# 12

    Allows whitelisting an IP when IP is NOT malicious. There will be no alarms generated for that IP anymore.

  • Blacklisting IP# 13

    Opposite to whitelisting, allows the alarms to be generated for that IP.

  • Whitelist blacklist management# 16

    manage your own custom whitelists and blacklists

  • BGP community peering# 27

    allowing customer\'s border router to receive prefixes via BGP and block communication to malicious (blacklisted) IP address on the edge of network

  • Netflow DNS domain reputation# 29

    support checking of DNS domain reputation (domain sent in netflow records)

  • Save alerts as PDF# 8

    Allows to export alert list as a PDF and send it over the email.

  • Mark alerts as Resolved# 9

    After successful threat mitigation or False Positive verification, it allows to mark an alert as resolved, so that it will be stored in the archive.

  • Alert details screen# 10

    Allows to see details of an alert with additional information such as SRC_IP, DST_IP, SPort, DPort, and Protocol.

  • Investigation Panel# 11

    Allows to start investigation with 3rd party sites like Cisco Talos or Virus Total

  • Change Status for Alert# 14

    allows to change status for alerts so that an analyst is able to mark alerts as false positives.

  • Push notifications on new alerts# 15

    mobile app/phone will get a notification every time new alarm is received (with configurable daily limit)

  • ServicenNow integration phase 1# 17

    create incidents in ServiceNow once new alarm is detected

  • RBACL for users/admins phase 1 # 18

    create different users roles to manage your deployment

  • Support multiple public IP addresses# 19

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • Support public IP with subnet mask different then /32# 20

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • Support large customers with 10G flows daily# 21

    ability to ingest up to 10G flows daily per tenant

  • Incident creation# 22

    support incidents which are a set of alarms combined together using simple rules

  • Support of analytics of AWS VPC flow logs# 23

    ability to perform analytics of AWS generated traffic

  • Host map view# 24

    shows all the hosts active for a tenant

  • Host role mapping# 25

    analyses the traffic generated by host and assigned a role

  • Host risk mapping# 26

    analyses the risk based on the malicious communication to/from host

  • Netflow web domain reputation# 28

    support checking of web domain reputation (domain sent in netflow records)

  • Netflow URL reputation# 30

    support checking of URL reputation (URL sent in netflow records, for plain text http or in case traffic is decrypted and reencrypted for inspection purpose)

  • Netflow application reputation# 31

    support checking of application reputation (application name sent in netflow records)

  • Critical alarms per network segment# 32

    Allows to see critical alarms grouped per network segment.

  • Top3 alarms weekly via UI# 34

    Allows to see top3 alarms generated within last week.

  • Endpoint Agent for Windows# 35

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for MacOS# 36

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for Linux# 37

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • AnyConnect NVM support# 38

    Allows to send NetFlow telemetry directly from the client using Cisco AnyConnect Network Visibility Module.

  • AnyConnect NVM support# 38

    Allows to send NetFlow telemetry directly from the client using Cisco AnyConnect Network Visibility Module.

  • Endpoint Agent for Linux# 37

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for MacOS# 36

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Endpoint Agent for Windows# 35

    Allows to send NetFlow telemetry directly from the client OS to our cloud.

  • Top3 alarms weekly via UI# 34

    Allows to see top3 alarms generated within last week.

  • Critical alarms per network segment# 32

    Allows to see critical alarms grouped per network segment.

  • Netflow application reputation# 31

    support checking of application reputation (application name sent in netflow records)

  • Netflow URL reputation# 30

    support checking of URL reputation (URL sent in netflow records, for plain text http or in case traffic is decrypted and reencrypted for inspection purpose)

  • Netflow DNS domain reputation# 29

    support checking of DNS domain reputation (domain sent in netflow records)

  • Netflow web domain reputation# 28

    support checking of web domain reputation (domain sent in netflow records)

  • BGP community peering# 27

    allowing customer\'s border router to receive prefixes via BGP and block communication to malicious (blacklisted) IP address on the edge of network

  • Host risk mapping# 26

    analyses the risk based on the malicious communication to/from host

  • Host role mapping# 25

    analyses the traffic generated by host and assigned a role

  • Host map view# 24

    shows all the hosts active for a tenant

  • Support of analytics of AWS VPC flow logs# 23

    ability to perform analytics of AWS generated traffic

  • Incident creation# 22

    support incidents which are a set of alarms combined together using simple rules

  • Support large customers with 10G flows daily# 21

    ability to ingest up to 10G flows daily per tenant

  • Support public IP with subnet mask different then /32# 20

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • Support multiple public IP addresses# 19

    able to consume NetFlow from multiple different public IP addresses for the single tenant

  • RBACL for users/admins phase 1 # 18

    create different users roles to manage your deployment

  • ServicenNow integration phase 1# 17

    create incidents in ServiceNow once new alarm is detected

  • Whitelist blacklist management# 16

    manage your own custom whitelists and blacklists

  • Push notifications on new alerts# 15

    mobile app/phone will get a notification every time new alarm is received (with configurable daily limit)

  • Change Status for Alert# 14

    allows to change status for alerts so that an analyst is able to mark alerts as false positives.

  • Blacklisting IP# 13

    Opposite to whitelisting, allows the alarms to be generated for that IP.

  • Whitelisting IP# 12

    Allows whitelisting an IP when IP is NOT malicious. There will be no alarms generated for that IP anymore.

  • Investigation Panel# 11

    Allows to start investigation with 3rd party sites like Cisco Talos or Virus Total

  • Alert details screen# 10

    Allows to see details of an alert with additional information such as SRC_IP, DST_IP, SPort, DPort, and Protocol.

  • Mark alerts as Resolved# 9

    After successful threat mitigation or False Positive verification, it allows to mark an alert as resolved, so that it will be stored in the archive.

  • Save alerts as PDF# 8

    Allows to export alert list as a PDF and send it over the email.

Top