Powered by Zoomin Software. For more details please contactZoomin

Flowmon Anomaly Detection System (ADS) Release Notes

Table of Contents

Version 11.3

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 4 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Version 11.3.3

Date: 2021-09-08

Fixed issues:

  • 149463: IDS event detail now displays correctly in IDS browser.

Known issues:

  • Some of the method-specific attributes in Event Detail appear twice and are formatted differently. This issue affects several methods (submethods). For example:

    • DHCPANOM:ServerOverloadNetwork - Average=2500 and AvarageTraffic=2.44 KiB,

    • DICTATTACK:FTPProtocol - Average=3600 and AverageDuration=3s 600ms,

    • IPV6TUNNEL:TeredoTunnel - Description=[teredo.managemydedi.com] and Descriptions=teredo.managemydedi.com.

Version 11.3.2

Date: 2021-07-07

What's new:

  • Dashboard and Reports now include a preset for MITRE ATT&CK. This preset helps you create a complex MITRE ATT&CK report that includes a MITRE ATT&CK matrix chapter to provide a quick report on the condition of your infrastructure. It shows individual adversary tactics with a number/list of corresponding events below and includes chapters for each MITRE ATT&CK tactic. The tactic chapters contain a detailed list of detected events mapped to that specific tactic.

  • Flowmon ADS now uses a new color palette and logo aligned with other products and content offered by Kemp Technologies, Inc.

Fixed issues:

  • 147209: Event Evidence now correctly contains flows for TELNET events detected over port 23 (UDP) traffic.

  • ANOMALY method no longer shows large percentual increases when the 'Increase in percent' attribute is a negative number.

Known issues:

  • Some of the method-specific attributes in Event Detail appear twice and are formatted differently. This issue affects several methods (submethods). For example:

    • DHCPANOM:ServerOverloadNetwork - Average=2500 and AvarageTraffic=2.44 KiB,

    • DICTATTACK:FTPProtocol - Average=3600 and AverageDuration=3s 600ms,

    • IPV6TUNNEL:TeredoTunnel - Description=[teredo.managemydedi.com] and Descriptions=teredo.managemydedi.com.

Version 11.3.1

Date: 2021-06-23

What's new:

  • Filtering in Analysis and Events now enables you to use DS-Lite format of the IP address (for example, ::ffff:8.8.8.8).

  • Added user guide for Czech and Japanese languages.

  • Both cloud and built-in REST API documentation were updated to version ADS 11.3.

Fixed issues:

  • 7633791: You can now use the "less than" and "greater than" signs again in the name of method instance.

  • 144341: Performance of event processing was improved and does not lead to an additional delay in event processing anymore.

  • 146981, 147535: Event processing now stops correctly while upgrading ADS to prevent issues leading to failure of upgrade.

  • Removed an error that occurred when only one country was selected in the COUNTRY method for detection.

Known issues:

  • Some of the method-specific attributes in Event Detail appear twice and are formatted differently. This issue affects several methods (submethods). For example:

    • DHCPANOM:ServerOverloadNetwork - Average=2500 and AvarageTraffic=2.44 KiB,

    • DICTATTACK:FTPProtocol - Average=3600 and AverageDuration=3s 600ms,

    • IPV6TUNNEL:TeredoTunnel - Description=[teredo.managemydedi.com] and Descriptions=teredo.managemydedi.com.

Version 11.3.0

Date: 2021-05-17

What's new:

  • New features extend the ability to visualize, report, and analyze events using the MITRE ATT&CK framework.

    • Dashboard & Reports now include a MITRE ATT&CK widget to help you quickly assess the security situation.

      • Interactive widget shows the MITRE ATT&CK matrix with the count of events detected and mapped to corresponding tactics and techniques.

      • The widget allows visualization of the whole matrix (tactics and techniques) or tactics only.

      • You can drill down from the widget to a new 'By MITRE ATT&CK' event list for further analysis.

    • 'By MITRE ATT&CK' tab extends ADS > Events to provide a new view on detected events.

      • Detected events are aggregated per each MITRE ATT&CK tactic. You can expand each tactic to show a list of individual events.

      • The list shows a total number of techniques and detected events for each tactic. Tactics without any detected event do not appear.

    • Two new MITRE ATT&CK chapters are available in Reports.

      • 'MITRE ATT&CK matrix' chapter corresponds to the widget for the dashboard and can also be visualized as the whole matrix or as tactics only.

      • 'MITRE ATT&CK' chapter corresponds to the 'By MITRE ATT&CK' view for a tactic specified in the chapter configuration.

    • Filtering in ADS > Events now includes MITRE ATT&CK techniques to help with event analysis using this framework.

    • Predefined SecOps dashboard now includes MITRE ATT&CK widget.

      • Applies to newly created predefined SecOps dashboards only.

  • The new 'Detection time' parameter in the false-positive rule definition allows you to set specific days and certain times during which the false positive rule should apply. Events detected during this time interval will be marked as false positives. This only applies to events that were triggered during the time interval. Update events are not affected by this option. It replaces the old 'Event time' parameter which could not be used together with target filters or IP addresses.

  • Attributes in Event Detail now appear in a human-readable format. The attributes are split into common and method-specific attributes. Each attribute has a name, description, and formatted value. Full-text search is available for attributes with multiple values.

  • You can now use shadow profiles as input for Data feeds.

  • Loading speed of the IDS Event Browser has increased.

    • Aggregated events in IDS Event Browser now contain up to 500 IDS events. The event chart in IDS Event Browser still shows a total number of detected IDS events.

Fixed issues:

  • 7632536: MULTICAST detection method no longer detects every IP address that ends with .255 as broadcast traffic in /23 or larger networks.

  • 7635801: Fixed a rare issue that caused method names to cluster in the Aggregated view.

  • 7636482: Events detected by the HIGHTRANSFER method now show the correct amount of transferred data in the detail in all cases.

Known issues:

  • Some of the method-specific attributes in Event Detail appear twice and are formatted differently. This issue affects several methods (submethods). For example:

    • DHCPANOM:ServerOverloadNetwork - Average=2500 and AvarageTraffic=2.44 KiB,

    • DICTATTACK:FTPProtocol - Average=3600 and AverageDuration=3s 600ms,

    • IPV6TUNNEL:TeredoTunnel - Description=[teredo.managemydedi.com] and Descriptions=teredo.managemydedi.com.

  • The user guide for Czech and Japanese languages is currently unavailable.

TitleResults for “How to create a CRG?”Also Available inAlert