Releases: nzymedefense/nzyme
2.0.0-alpha.14
Release blog post: https://www.nzyme.org/blog/project/2024/08/16/release-v200-alpha-14
Note that the Ethernet and Bluetooth functionalities are still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- OUIs and GeoIP data is now delivered by nzyme Connect and no longer directly from IPinfo and IEEE APIs.
- There are new required configuration settings for
nzyme-tap
: - Follow the Ethernet and Bluetooth documentation pages to get started with those new subsystems
[protocols.udp]
pipeline_size = 16384
[protocols.dns]
pipeline_size = 4096
entropy_zscore_threshold = 3.0
[protocols.ssh]
pipeline_size = 1024
[protocols.socks]
pipeline_size = 1024
[protocols.arp]
pipeline_size = 1024
Other Important Notes and Changes
- We are automatically creating some additional database indices. The first start after the upgrade may take a few minutes if you have collected large amounts of Ethernet data in the past.
Please read the release blog post for a list of all new features and improvements.
v2.0.0-alpha.13
Release blog post: https://www.nzyme.org/blog/project/2024/05/02/release-v200-alpha-13
Note that the Ethernet functionality is still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- New required configuration for
nzyme-node
: (You can most likely keep the default setting at2
)
performance: {
# How many threads work on processing incoming tap reports.
report_processor_pool_size: 2
}
Other Important Changes
- We improved the 802.11/WiFi channel hopping mechanism and you may notice a difference in the number of recorded frames. You may have to re-tune your alerts if you alert on any threshold.
Please read the release blog post for a list of all new features and improvements.
v2.0.0-alpha.12
Release blog post: https://www.nzyme.org/blog/project/2024/04/08/release-v200-alpha-12
Note that the Ethernet functionality is still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- None
Other Important Changes
- None
Please read the release blog post for a list of all new features and improvements.
v2.0.0-alpha.10
Release blog post: https://www.nzyme.org/blog/project/2024/04/02/release-v200-alpha-10
Note that the Ethernet functionality is still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- The
nzyme-tap
configuration file requires the following additional configuration setting. You can leave the default settings as they are until TCP processing officially supported and you start using it.
[protocols.tcp]
pipeline_size = 16384
reassembly_buffer_size = 1048576
session_timeout_seconds = 60
Other Important Changes
- The first start of
nzyme-node
after the upgrade may take a little longer than usual because we added indices to some potentially large tables.
Please read the release blog post for a list of all new features and improvements.
v2.0.0-alpha.9
Release blog post: https://www.nzyme.org/blog/project/2024/01/10/release-v200-alpha-9
Note that the Ethernet functionality is still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- The WiFi SSID security suite string now includes information about protected management frame (PMF) status like
CCMP-CCMP/PSK+PMF_DISABLED
. You have to update the expected security suite strings in your monitored network configurations or a "Unexpected Security Suites" alert will be triggered.
Other Important Changes
- The disconnection anomaly monitor in monitored WiFi networks no longer has the "Disabled Anomaly Detection" algorithm option but follows the "enable/disable" procedure of other monitor alerts. A migration will automatically update your configuration to the new configuration method without any impact on operations.
Please read the release blog post for a list of all new features and improvements.
v2.0.0-alpha.6
The next v2.0.0 alpha release, alpha.6, was just published. It comes with a lot of important improvements as well as the brand-new Context functionality.
Release blog post: https://www.nzyme.org/blog/project/2023/12/08/release-v200-alpha-6
Note that the Ethernet functionality is still extremely limited!
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- None
v2.0.0-alpha.5
The nzyme v2.0.0 release train continues and version alpha.5 just arrived. It comes with a lot of new functionality around WiFi deauthentication/disassociation activity as well as several other improvements.
Release blog post: https://www.nzyme.org/blog/project/2023/11/04/release-v200-alpha-5
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- None
v2.0.0-alpha.4
This new alpha release of the v2.0.0 series adds support for WiFi 6E, Netlink improvements, custom WiFi bandits, deauthentication overview and configurable signal track detector parameters.
Release blog post: https://www.nzyme.org/blog/project/2023/09/28/release-v200-alpha-4
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- The
nzyme-tap
configuration file syntax for WiFi channels has changed. Please refer to the example configuration file or documentation. Channel arrays are now separated into 2.4 GHz, 5 GHz and 6 GHz bands to account for overlapping channel numbers in WiFi 6E.
v2.0.0-alpha.3
The second alpha release of the v2.0.0 series adds 802.11/WiFi monitoring, bandit detection and alerting. You can find the full release blog post including changelog here.
Upgrading
If you are upgrading from a previous version, you can simply run dpkg -i
on the new release packages and restart the nzyme
and nzyme-tap
services.
Breaking Changes
- Existing monitored WiFi networks will be deleted due to a change of permission architecture
- Two new required configuration settings for
nzyme-tap
:performance.wifi_broker_buffer_capacity
(default:65535
)performace.ethernet_broker_buffer_capacity
(default:65535
)- You can always find a current
nzyme-tap
example configuration file with all configuration settings file in/etc/nzyme
.
v2.0.0-alpha.2
Immediately superseded by v2.0.0-alpha.3
due to a critical bug.