Skip to content

Release 25.08

Release notes for 25.08.1

  • Release date: 29/Jul/2025
  • Type: Standard
  • Main changes: redborder-intrusion

This is the release notes for the patch 25.08.1 of redBorder NDR version 25.08.

This release includes major enhancements across the redborder platform. Key updates include Snort3 integration with SnortML for neural network-based exploit detection, improved CLI and bypass control mechanisms, and a new health check script. The manager now replaces MongoDB with a built-in alternative, while SNMP v3 support and improved incident linking have been added to the WebUI. Additional improvements enhance the dashboard, job scheduling, and incident grouping. Several bugs were also resolved, including namespace restrictions and sensor naming issues.

What's new

  • #22319 [redborder-intrusion] validate and compare metrics with snort2
  • #22211 [redborder-intrusion][snort3] - Integrate SnortML for Neural Network Based Exploit Detection
  • #22064 [redborder-intrusion] - Improve CLI Snort3 UI (add bp, bp support, fix rule count)
  • #22007 [redborder-intrusion] Control bypass bassed on Kernel AF_PACKET notifier (net/packet/af_packet.c#L4234)
  • #21774 [redborder-intrusion] Bypass Controlled by Snort and Software Bypass for LibDaq & Snort3
  • #22061 [redborder-intrusion] - Create watchdog health check script for snort3 (enable bp, restore snort...)
  • #22054 [snort3] - Add bulk mode for HTTP alert sending to the manager (FIFO queue)
  • #22218 [redborder-manager] Replace MongoDB with integrated alternative & refactor Logstash scanner plugin (mongocve)
  • #18850 [redborder-manager][...] Add internal virtual ips
  • #22019 [redborder-monitor][redborder-webui] Add snmp v3 support
  • #22136 [redborder-webui] Extract client_mac from Traffic Alarm then notify to vault so we can link incidents to assets
  • #21983 [redborder-webui][snort3] show reputation events in intrusion module
  • #21949 [redborder-webui] Add a menu to Queue Jobs to set run at on demand
  • #21734 [redborder-common] Add script to backup chef nodes and roles

Improvements

  • #22153 [redborder-intrusion] - Add segment to status dashboard and add ascii banner
  • #18458 [redborder-cookbooks] Remove +x permissions on cookbook templates
  • #21846 [rb-druid-indexer] Dimensions should be passed via config file written by cookbook-druid
  • #21520 [redborder-webui] Group Linked Incidents into Single Row in Incident List
  • #21313 [redborder-webui] In monitor indexing, show task lag

Resolved Issues

  • #22333 [cookbook-rb-ips][cookbook-rb-intrusion] Remove cookbook-cron from depend
  • #22299 [logstash-filter-druid-metrics] Sensor name is wrong in druid metrics
  • #22267 [redborder-webui] Disallow linking of incidents from different namespaces
  • #22252 [redborder-webui] Linked incidents in incident's view should show every incident in the linked incident chain
  • #22236 [cookbook-rb-scanner] scanner profile started in proxy, runs also in manager