CISCO Secure Network Analytics Flow Collector NetFlow

Specifications

• Product Name: Flow Collector NetFlow Update Patch for Cisco Secure Network Analytics (formerly Stealthwatch) v7.5.3
• Version: 7.5.3
• Patch Name: update-fcnf-ROLLUP20251106-7.5.3-v201.swu
• Patch Size: Increased file sizes, ensure available disk space

This document provides the patch description and installation procedure for the Cisco Secure Network Analytics Flow Collector NetFlow appliance v7.5.3.

There are no prerequisites for this patch, but make sure you read the Before You Begin section before you get started.

Patch Name and Size

• Name: We changed the patch name so that it starts with “update” instead of “patch.” The name for this rollup is update-fcnf-ROLLUP20251106-7.5.3-v2-01. swu.
• Size: We increased the size of the patch SWU files. The files may take a longer time to download. Also, follow the instructions in the Check the Available Disk Space section to confirm you have enough available disk space with the new file sizes.

Patch Description

This patch, update-fcnf-ROLLUP20251106-7.5.3-v2-01.swu, includes security fixes and fixes for the following issues:

CDETS	Description
CSCws12322	Converged Analytics (CA) rules from the NDR engine fail to trigger detections due to inconsistent field types
CSCwr48917	Flow Collector Virtual Edition engine crashes with SIGSEGV during SAL telemetry ingest processing
CSCws12324	Failing to process a single parquet file prevents loading the remaining parquet files in the loop
CSCws12325	The Flow Collector engine diagnostic pack contains duplicate log files for the NDR information

Previous fixes included in this patch are described in Previous Fixes.

Before You Begin

Make sure you have enough available space on the Manager for all appliance SWU files that you upload to Update Manager. Also, confirm you have enough available space on each individual appliance.

Check the Available Disk Space
Use these instructions to confirm you have enough available disk space:

1. Log in to the Appliance Admin interface.
2. Click Home.
3. Locate the Disk Usage section.
4. Review the Available (byte) column and confirm that you have the required disk space available on the /lancope/var/ partition.
   • Requirement: On each managed appliance, you need at least four times the size of the individual software update file (SWU) available. On the Manager, you need at least four times the size of all appliance SWU files that you upload to Update Manager.
   • Managed Appliances: For example, if the Flow Collector SWU file is 6 GB, you need at least 24 GB available on the Flow Collector (/lancope/var) partition (1 SWU file x 6 GB x 4 = 24 GB available).
   • Manager: For example, if you upload four SWU files to the Manager that are each 6 GB, you need at least 96 GB available on the /lancope/var partition (4 SWU files x 6 GB x 4 = 96 GB available).

The following table lists the new patch file size: 

Appliance	Patch File Size
Manager	6.07 GB
Flow Collector NetFlow	3.02 GB
Flow Collector sFlow	3.02 GB
Flow Collector Database	2.15 GB
Flow Sensor	3.13 GB
UDP Director	2.01 GB
Data Store	2.10 GB

Download and Installation

Starting with v7.5.1, the following two options are available for downloading software:

• Manual Download: Download software from Cisco Software Central and upload it to your Update Manager.
• Direct Software Downloads (Beta): Register with your cisco.com user ID (CCOID) and download software directly to your Update Manager.

Manual Download
To manually download the patch update file, complete the following steps:

1. Log in to Cisco Software Central, https://software.cisco.com.
2. In the Download and Upgrade area, choose Access downloads.
3. Type Secure Network Analytics in the Select a Product search box.
4. Choose the appliance model from the drop-down list, then press Enter.
5. Under Select a Software Type, choose Secure Network Analytics Patches.
6. Choose 7.5.3 from the Latest Releases area to locate the patch.
7. Download the patch update file, update-fcnf-ROLLUP20251106-7.5.3-v2-01. swu, and save it to your preferred location.

Direct Software Downloads (Beta)
To use this Beta integration and download software and patch update files directly to your Update Manager, complete the following steps:

You will need to register with your Cisco.com user ID (CCOID) before you can start using Direct Software Downloads. If you have already registered, you can skip to 3. View and Download Updates.

1. Open Update Manager
   1. Log in to the Manager.
   2. From the main menu, choose Configure > Global > Central Management.
   3. Click the Update Manager tab.
2. Register for Direct Software Downloads

If you have already registered, skip to 3. View and Download Updates.

1. Click the Direct Software Downloads link to open the registration page.
2. Click the Register button to begin the registration process.
3. Click the link that is provided.
4. You will be taken to the Activate Your Device page. Click Next to continue.
5. Log in with your cisco.com user ID (CCOID).
6. You will receive a “Device Activated” message once your activation is complete.
7. Go back to the Direct Software Downloads page on your Manager and click Continue.
8. Click the links for the EULA and K9 agreements to read and accept the terms. Once the terms are accepted, click Continue.

View and Download Updates

1. Click the Check for Updates button to check for any available updates.
2. Click the PREVIOUS RELEASES link to view and download previous patches and updates.
3. To download an update or patch click the Download All button. Once the download is complete, you will be given the option to return to the Update Manager to continue the update process. Click the Go to Update Manager button to continue the update process.

Installation
To install the patch update file, complete the following steps:

1. Log in to the Manager.
2. From the main menu, choose Configure > Global > Central Management.
3. Click the Update Manager tab.
4. On the Update Manager page, click Upload, and then open the saved patch update file, update-fcnf-ROLLUP20251106-7.5.3-v2-01.swu.
5. In the Actions column, click the**** (Ellipsis) icon for the appliance, then choose Install Update.

The patch restarts the appliance.

Previous Fixes
The following items are previous defect fixes included in this patch:

Rollup 20251013
CDETS	Description
CSCwq96150	Add debug_baseline Advanced Settings to Baselining functionality to analyze host and group baselines

CSCwr18487	ASA exported Flow Queries show the Flow Action as permitted_denied instead of permitted
CSCwo64455	NDR Engine: Suspicious Process Path Observation is triggered for the wrong source or false findings
CSCwq44395	System occasionally generates fewer Network Visibility Module (NVM ) or Zeek findings
CSCwq75211	The system occasionally fails to back up the Vertica database using the SMB or CIFS fileshare feature on a Non- Data Store Flow Collector.
CSCwq32799	Add max_sgt and bogus_sgts to the Flow Collector Advanced Settings to log information about unknown SGTs found in sw.log
CSCwq19286	The Flow Collector engine may drop unidirectional NetFlow exports containing bi-flow direction
CSCwp20626	Flow Collector shows inappropriate host-based security event algorithms due to reversed flow exports from ASA or FTD firewalls
CSCwm83959	Add SGT information to the logging function in the debug_ flow_stats Advanced Setting
CSCwq39497	The Flow Collector engine incorrectly maps its referenced_ host field to the Data Store database schema
CSCwq44398	Flow Collector Virtual Edition engine crashes with SIGSEGV when disk uses Network File Share (NFS) Data Store
CSCwr67942	Flow Collector engine may fail to parse startElement and endElement correctly due to libxml2 update

Contacting Support

If you need technical support, please do one of the following:

• Contact your local Cisco Partner
• Contact Cisco Support
• To open a case by web: http://www.cisco.com/c/en/us/support/index.html
• For phone support: 1-800-553-2447 (U.S.)
• For worldwide support numbers: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Copyright Information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

© 2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

FAQ

Q: Are there any prerequisites for installing this patch?

A: There are no prerequisites mentioned for this patch, but ensure to read the Before You Begin section before installation.

Q: What does the patch update include?

A: The patch includes security fixes and resolutions for specific issues listed in the manual.

Documents / Resources

CISCO Secure Network Analytics Flow Collector NetFlow [pdf] User Guide Secure Network Analytics Flow Collector NetFlow, Analytics Flow Collector NetFlow, Flow Collector NetFlow, Collector NetFlow, NetFlow

References

• User Manual