v5.3 [8 Jun 2017]
Qradar LEEF Format Support:
- KFSensor can be configured to forward events to IBM Qradar in LEEF format. This streamlines and simplifies the integration of KFSensor with the IBM Qradar.
- Log Event Extended Format (LEEF) is a log format designed for entering data onto the Qradar system.
- Setting up KFSensor to integrate with Qradar is simply a matter of opening the SysLog Alerts menu option and entering the Qradar server IP address and selecting Qradar LEEF as the altert format.
- For many years KFSensor has made use of the industry standard WinPCap network packet capturing library. Unfortunately WinPCap is no longer being maintained. It is reliable for older versions of Windows, but can be difficult to install on versions of Windows 10.
- KFSensor now supports Npcap. This is based on WinPCap, with an updated codebase to support the latest Windows APIs. It is recommend for use on Windows 10.
- Both WinPCap and Npcap can be installed on the same machine. If both are installed on the same machine then KFSensor will pick Npcap in preference to WinPCap.
- If WinPCap is working on an existing KFSensor host then there is no need to install Npcap. Future versions will take advantage of additional features of Npcap. So it is recommended to choose Npcap for new installations unless KFSensor is being used on an older Windows version.
Improved Sensor Synchronization:
- The event synchronization between KFSensor collator and remote sensors has been improved to cope better with errors that can arise from sensor re-installations and other issues. This results in automatic correction of problems that previously needed a manual reconfiguration.
v2.0 [31 Oct 2003]
Windows networking emulation and custom scripts