What's New for Users in Network Insights 7.5.0
JSA Network Insights 7.5.0 provides users with more IBM X-Force Exchange integration and improvements to file type identification and application detection.
Modified process for identifying file types
Earlier versions of Network Insights used the Apache Tiki library to identify the file type, but only at the advanced inspection level.
JSA Network Insights 7.5.0 Update Pack 1 uses a different library to identify file types, and does the identification at all inspection levels as part of the main traffic inspection process.
With this change, fewer files are sent to the Apache Tika library for analysis, which might result in improved performance at the advanced inspection level. Individual performance improvements depend on the volume and type of files that are sent for analysis.
More integration with IBM X-Force
JSA Network Insights 7.5.0 introduces a new series of suspect content descriptions that are derived from IBM X-Force signatures. When a flow matches one or more of the X-Force signatures, the suspect content description is shown on the Network Activity tab.
Also introduced in this release, some properties on the Flow information window are directly integrated with IBM X-Force Exchange. With a single click, you can quickly determine whether the property value requires further investigation.
Improved application detection
JSA Network Insights 7.5.0 includes protocol parsing improvements and can now analyze the payload to identify 300 more applications.
After the upgrade is complete, view these files to see the complete list of applications that can be identified:
-
/opt/ibm/xforce/metadata/protocols.hdr (column headers)
-
/opt/ibm/xforce/metadata/protocols.csv (values)