Updates in upcoming releases

Important changes in future releases that might require additional steps or planning during upgrade.

Consolidation of data concerning MITRE ATT&CK®

Nozomi Networks Operating System (N2OS) exposes MITRE ATT&CK® related information in the alert properties mitre_attack_for_ics and mitre_attack_enterprise. The same information is also included in the legacy alert fields mitre_attack_techniques and mitre_attack_tactics, and in the legacy alert property mitre_attack/techniques. These legacy fields and properties are now deprecated and will be removed in a future version of N2OS.

Deprecation warning for ESXi versions lower than 8.0

The last version of N2OS released in 2024 and all versions after that will not support ESXi versions lower than 8.0. No deployments of Nozomi Networks virtual machines will be eligible for support unless they use the correct ESXi and Nozomi Networks version combination as listed below. This is regardless of whether they are new deployments, or upgrades of existing deployments:
  • N2OS v25.x, Host ESXi v8.0, and virtual hardware version 20, or higher
  • Penultimate version of N2OS v24.x released in 2024, Host ESXi v7.0, and virtual hardware version 17
Additional information:
  • The last minor release of N2OS in 2024 will include an internal component version that will not be officially supported by VMWare virtual machine hardware version < 20.
  • Official support for the internal component's current version ends January 2026. We are then forced to upgrade it by the end of 2024 to be able to provide our customers with one year of fixes - without falling out of vendor's support.
  • Support for ESXi 7 will be dropped and migration to ESXi 8 is required by the end of 2024. We urge customers to prepare for implementing all required measures to run N2OS on ESXi 8 by the end of 2024.

Deprecation warning for /data UFS Filesystem support

Starting from N2OS v25.0.0, N2OS will no longer support the use of the UFS filesystem for /data. The only supported filesystem for /data will be ZFS. Therefore, upgrades attempts to upgrade sensors using the UFS filesystem for /data to N2OS v25.x will be blocked.

To facilitate N2OS upgrades, it is necessary to:
  1. Upgrade the sensor to the latest N2OS v24.x version.
  2. Do a full backup.
  3. Execute the n2os-datafactoryreset
  4. Proceed with the restoration process.

Refer to this documentation for more information regarding the backup, restore, and n2os-datafactoryreset procedures. Ensure a backup is downloaded from the sensor and saved on safe storage.

For virtual machine sensors: the Add a secondary disk to a virtual machine procedure can be used to move /data from the UFS filesystem to the ZFS. Do a full backup from a shell console and ensure a backup is downloaded from the sensor and saved on safe storage. Make sure that the needed space is available on the destination disk. The procedure may take a long time depending on the virtual infrastructure hardware, its speed, and the size of the /data folder. Interrupting the procedure can cause damage to the virtual machine and data loss.

Customers must refrain from performing the above procedures on sensors that are not within the supported versions and must always upgrade the sensors following the supported update path.

Schema changes for node_points and node_points_last

In a future version of N2OS, the following deprecated fields will be removed from the node_points and node_points_last query sources: value (use content instead), start_time (use time instead), last_inserted_point (use id instead) and sp_node_execution_id.