acnvmcollector-<version>.zip: Available in Linux only

This Network Visibility Module Collector 5.1.6.103 release includes the following new feature and its known limitations:

mDTLS for Network Visibility Module—Allows you to send data securely to the Network Visibility Module Collector. With mDTLS, the Collector can also verify the Network Visibility Module Client's identity before the connection is established and data is received. Refer to Network Visibility Module, Profile Editor for additional information. The new feature has the following known issues:

• CSCwm48552—NVM: Observed exporter is disabled and flows are not getting collected in mTLS setup

• CSCwm53109—mTLS/DTLS is not working when using CA signed intermediate certificates for collector

• CSCwm60665—mTLS connection fails when there is no matching criteria configured

There are no new features in this release.

This Network Visibility Module Collector 5.1.4.67 release includes the following new feature, and resolves the bugs listed in Network Visibility Module Collector, Release 5.1.4.67 Resolved Caveats :

• OSquery data configuration—Allows endpoints to configure options related to the Osquery Data Template. Network Visibility Module uses Osquery to run queries and send output in JSON format.

This Network Visibility Module Collector 5.1.1.32 release includes the following enhancements and support updates, and resolves the bug listed in Network Visibility Module Collector, Release 5.1.1.32 Resolved Caveats:

• Added HTTP Host as an additional Collection Parameter for HTTP 1.1 flows from Windows clients running Network Visibility Module.

• Extended the Collection Parameter Module Name List to include browser plugin information (name and version) for Chrome, Firefox, and MS Edge browser flows from Windows and macOS clients.

• Known Issue—CSCwi48979: The HTTP Host field for macOS is reported as empty instead of providing the proper destination host name for HTTP traffic.

  This issue was resolved with a new release of the agent in Cisco Secure Client, Version 5.1.2.42.

• Known Issue—CSCwi49003: Network Visibility Module is not reporting the Safari Browser plugins for macOS.

  This issue was resolved with a new release of the agent in Cisco Secure Client, Version 5.1.2.42.

This section identifies the management and endpoint requirements for this release. For endpoint operating system support and license requirements for each Cisco Secure Client feature, see the Cisco Secure Client Features, Licenses, and OSs.

Hardware and software requirements are as follows:

• AnyConnect Release 4.7 or later

• Cisco Secure Client NVM Profile Editor

• If using VPN: Cisco Secure Firewall ASA, Version 9.5.2 or later, and Cisco Adaptive Security Device Manager (ASDM), Version 7.5.1 or later

• Any device running a supported Linux operating system to use as the NVM Collector device (Collector can run on the same server as well)

If you run Network Visibility Module Collector on a separate Linux device, you should plan for 35-40K endpoints per device, using this general scaling:

• CPU/memory sizing can be reduced

• Disk input/output will not be applicable since logging is only being done for the Collector and Linux

• 50GB of disk space available to run the operating system and Collector components

Ubuntu (64-bit)

• 24.04

• 22.04

• 20.04

CentOS (64-bit)

• 7.9

The Cisco Bug Search Tool has detailed information about the following resolved caveats in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://Cisco.com.

Resolved Caveats

The Cisco Bug Search Tool has detailed information about the following open and resolved caveats in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://Cisco.com.

Resolved

For the latest end-user license agreement, see Cisco End User License Agreement, Cisco Secure Client.

For open source licensing acknowledgments, see Open Source in Cisco Products.

Cisco only provides fixes and enhancements based on the most recent 4.10.x version. TAC support is available to any customer with an active AnyConnect 4.10 (or later) term/contract running a released version. If you experience a problem with an out-of-date software version, you may be asked to validate whether the current maintenance release resolves your issue.

Refer to the following documentation for additional resources:

• Cisco Secure Client Administrator Guide, Release 5.x, Network Visibility Module chapter —a more detailed description of the Network Visibility Module and its associated profile editor and collection parameters

• Cisco Network Visibility Solution Community Page —a Splunk guide for those using Cisco Endpoint Security Analytics (CESA)

• CESA Built On Splunk Quickstart POV Kit and Deployment Guide— how users of Cisco Endpoint Security Analytics (CESA) can set up a proof of value or production deployment

• Cisco Endpoint Security Analytics (CESA) Dashboard Overview and FAQ—what CESA users need to interpret the dashboard