The next v2.0.0 alpha release, alpha.6
, was just published. It comes with a lot of important improvements as well as
the brand-new Context functionality.
Let’s take a look at what’s new!
Changelog
- New Context features, implemented for WiFi/802.11 MAC addresses
- Ability to configure session and MFA timeouts
- MFA form usability improvements
- Improved initial tap creation process
- Option to disable the tap WiFi/802.11 channel hopper (Contributed by Alex Rad - Thank you!)
- Tap selector now disabled on pages that don’t require a tap selection
- Bugfixes and smaller improvements
New Feature: Context
A system like nzyme will often present information from the lower OSI layers, sometimes without connection to any other
layers in the same transaction or view. This means that some information will not always immediately make sense to the
user. A MAC address 88:CB:AF:D5:CD:8B
requesting an IP address lease via DHCP from 172.16.1.1
does not tell you
very much if you have more than just a few machines in your network.
You could go and look up that MAC and IP address in your DHCP lease table, but that often requires finding the correct DHCP server and logging in to see the leases. That is a lot of work if you just want to know what that connection was about.
The new Context functionality of nzyme enriches information like MAC addresses, IP addresses, domain names, etc. with additional information. MAC address context has been implemented in this initial release.
Currently, the enrichment is manual, meaning that you enter context information yourself. However, the underlying context engine is built to enrich context from other sources as well. For example, it could pull information about internal IP addresses from your AWS APIs and enrich them with the EC2 instance type and ID. Another type of enrichment could be threat intelligence feeds, domain reputation or GeoIP information.
The goal is to immediately make as much information about any entity visible to the user as quickly as possible, without cluttering the interface.
Let us know what kind of enrichment you would like to see in the future!
New Feature: Ability to configure session and MFA timeouts
You can now configure session and MFA timeouts for administrators as well as for each of your tenants. There are three types of timeouts:
- Session timeout: After this time has passed, any session ends and the user has to log in again.
- Inactivity timeout: If no browser tab with the session active was open for this long, the session ends.
- MFA timeout: The amount of time a user has to pass their MFA challenge before they have to log in again and pass a new challenge.
The nzyme defaults are fairly aggressive, and you can now change them if you wish. The previous default values remain unchanged.
MFA form usability improvements
The multi-factor TOTP challenge form now comes with improved keyboard support:
- Copy & Paste works
- Backspace properly selects previous number entry box for fast editing
- Moving with cursor keys properly selects previous or next number entry box for fast editing
- Submitting form with Enter key works
Improved initial tap creation process
Many users got stuck for a while when they tried to create their first tap because you had to leave the taps page and navigate all they way into the tenant settings to add the tap. There is now a shortcut button on top of the taps table that navigates you to the tap creation form of the tenant you select.
Option to disable the tap WiFi/802.11 channel hopper
The nzyme taps are automatically and periodically tuning the underlying WiFi adapter to monitored channels. This is a process we call channel hopping.
In some circumstances, a user may have an outside process perform the channel hopping. In this case, you can now disable
channel hopping by setting the disable_hopper
variable of any nzyme WiFi interface configuration to true
.
This feature was contributed by Alex Rad - Thank you!
Tap selector now disabled on pages that don’t require a tap selection
The tap selector in the top navigation bar is a powerful tool to quickly change scope of the data nzyme is looking at on the current page.
However, only pages that analyze and display data recorded by taps really need the tap selector. Some other page may be related to taps, but changing the tap selection has no effect.
This was confusing and has been fixed: The tap selector is only enabled on pages that respect the tap selection.
Download & Upgrading
All packages are available for download on the downloads page. Upgrading is easy. Please follow the release notes on the downloads page.
New installations should follow the installation documentation.
How can I help?
You are some of the first users to try out nzyme v2.0.0, and we are looking for any kind of feedback:
- What didn’t work, what bugs did you experience?
- What was confusing or seemingly unnecessarily complex?
- What is missing?
- What do you think should be changed?
Again, this is an early release and no feelings will be hurt.
You can file issues on GitHub, join the nzyme Discord or post in the discussion forums to provide your feedback or ask questions.