10 hidden features in LANGuardian 14.3

  • 1
  • Idea
  • Updated 11 months ago
  • (Edited)
A couple of weeks ago, NetFort announced the latest version of LANGuardian 14.3. Hopefully at this stage, you’ve had some time to play
around and familiarize yourself with the significant feature and performance enhancements, and you have noticed the improvements in performance, usability, alerting and reporting.

Here are some of the best hidden features inside LANGuardian 14.3:

1. Remote sensor version information
By default all probes should be on the same version as the Central Manager. If not, then we display a message to indicate a probe version mismatch.
The sensor status page on /sensor/status.cgi allows you to verify the probe version.

2. Search by signature name
You can filter by Signature name and Signature ID. You can find the All Events :: Events by Signature report here https://x.x.x.x/netmon/view.cgi?rid=52
So one can run the above report, and for example, enter Ransomware in the Signature name field, and filter accordingly.

3. Addition of web clients, hostname and dhcp information to troubleshooting dashboard
When searching for an IP you will now see two new reports; one will show web client info and the second will show hostname and DHCP info associated with the address.

4. Addition of MAC address information to the sensors page
We have added the MAC address of the network interface associated with a sensor to the /sensor/status.cgi page. We now display the MAC address and you can use this info to check the ARP tables on switch to see what port the sensor is connected to.

5. Ability to add notes with marked signatures
It now has a note section mapped to each mark, to describe the reason behind marking them.

6. Port information now shown in IDS email alerts
The format of the IDS Alerts that you receive by email will now include the port the traffic is triggered on.

7. Capability added to separate expired from non-expired certs in Servers Running SSL Report
You can now create a report; that only lists all the certificates that have expired or those that are about to expire.

8. Netscan tuning
At the moment, we trigger Netscans if a client connects to 100+ systems in 25 seconds or less. As this was triggering a lot of false positives; we have changed this to 500 systems in 25 seconds for all sensors for the download version.

9. SMB1 marked signature
We shipped 14.2.3 with SMB1 marked signature. In 14.3 we limited the size of the emails and we added a link to marked.cgi so, there's no reason to remove the marked signature anymore.

10. Improved help
LANGuardian Help is continuously being updated, so check our Help section to get answers to your questions https://www.netfort.com/help/

Two last things before I wrap up:

I came across this Nmap Cheat Sheet which might interest those of you who like messing around with the network; you may find it useful if you want to check if ports are open, probing your own network and lots of other stuff. https://www.stationx.net/nmap-cheat-sheet/

This is my post of the week https://sensorstechforum.com/top-15-linux-security-questions/ - these Linux security tips and guides showcase only a small fraction of all the necessary adjustments that are needed to make a machine secure.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes

Posted 11 months ago

  • 1

Be the first to post a reply!