BackendSide sFlow Analyzer

Changelog

Full release history and version notes for BackendSide sFlow Analyzer – Enterprise Network Traffic Analysis.

Version 3.0

Latest April 2026

Email Alert System

  • Email notifications on threat threshold breach — delivered in real time with severity colour-coded HTML messages
  • Three provider options: standard SMTP with authentication, Gmail App Password, and SendGrid SMTP relay
  • Per-severity cooldown timers (configurable for High and Critical) to prevent alert fatigue during sustained attacks
  • Send Test Email button validates SMTP credentials and connectivity without waiting for a live alert
  • All email settings persist in an INI file — survive database resets and application restarts

Expanded Threat Detection — 22 Rules

  • Flood attack detection: SYN, ICMP, UDP, ACK, RST, HTTP, and IP fragmentation floods
  • Amplification and reflection detection: Memcached, DNS, NTP, SSDP, LDAP UDP, SNMP, and CharGen — thresholds sized by real-world amplification factor
  • ARP attack detection: ARP scanning, ARP spoofing, ARP flooding, and MAC flapping
  • Behavioral anomaly detection: IP entropy analysis, baseline traffic spike detection, and Port 0 anomaly
  • Three severity tiers per rule (Medium / High / Critical) with independent email notification threshold per tier
  • Background polling thread evaluates all rules every 60 seconds without impacting collection performance

In-App Notification Bell

  • Live bell icon in the sidebar across every dashboard page — badge shows unread alert count
  • Bell turns red on Critical alerts, amber on High — with a shake animation on new arrivals
  • Click the bell to open an inline preview panel showing recent alerts with severity, type, agent, and relative timestamp
  • Poll interval auto-reduces from 30 s to 10 s while unread alerts are present
  • Mark individual or all alerts as read directly from the panel

Alert History Page

  • Full paginated alert log with filters for severity, alert type, agent IP, and read/unread status
  • Click any row to expand inline — shows alert metadata, detection detail key-value pairs, and raw JSON
  • Opening an unread row automatically marks it read and refreshes the bell badge
  • Per-page stats strip shows Critical / High / Medium / Info counts for the current result set
  • Mark All Read button clears the entire unread backlog in one action

Alert Settings UI

  • Three-tab settings page: Email Provider, Thresholds, and General — no application restart required after saving
  • Per-detection-type toggle, email notification level selector, and Medium / High / Critical threshold inputs
  • Reset individual rows or all thresholds to factory defaults with one click
  • Configurable poll interval, cooldown periods, digest mode, and alert retention window
  • Passwords stored obfuscated in the INI file — masked as *** in the UI after initial save

Version 1.0

January 2026

Initial Release

  • sFlow v5 datagram receiver — listens on configurable UDP port, processes samples in real time
  • 30+ traffic charts covering bandwidth, protocol distribution, top talkers, and error rates
  • Top talkers view — ranked by bytes sent/received per source and destination IP
  • Protocol breakdown — TCP, UDP, ICMP, and other protocol traffic share over time
  • DDoS detection — automatic alerting on abnormal packet rate spikes per source IP
  • VLAN traffic monitoring — per-VLAN bandwidth and packet count graphs
  • MAC address tracking — device identification by hardware address across the network
  • Interface utilisation graphs — inbound and outbound throughput per monitored interface
  • Flow export log — raw sFlow record export to CSV for offline analysis
  • Browser-based dashboard — all charts and tables accessible from any device on the local network
  • Fully on-premises — no cloud dependency, no data leaves the network
  • Supports Windows Server 2008 R2 and later, Windows 10 and 11

sFlow Analyzer

View Product & Download

Versions