Product Updates for 25.5.0

Release Date: May 20, 2025

We’re excited to announce the immediate release of Forward Enterprise version 25.5.0. This update introduces new data import capabilities, enhancements to EoL and vulnerability analysis, improved authentication controls, and increased visibility into collector operations.

What’s New

Data Analysis – Importing Data Files

Forward Enterprise now supports uploading external Data Files (CSV, JSON, or unstructured text) as enrichment sources. These files can be used in NQE queries to provide context and enhance analysis results.

• Data files are uploaded at the organization level.

• They must be explicitly included on the Sources page for each network where they are needed.

• Only users with Network Admin or higher privileges can upload data files.

Structured content becomes part of the NQE data model and is queryable by field names, similar to other data sources. Files are snapshot-aware and are preserved during snapshot export and restore.

Data Analysis – Expanded End of Life (EoL) Coverage

The End of Life analysis, introduced in version 24.11, has been extended to include Palo Alto Networks hardware platforms, further helping teams manage lifecycle risk across more vendor environments.

Data Analysis – NQE Query Table Enhancements

Two key improvements enhance the usability of NQE query results:

• Glob filtering for both regular and enum-based columns.

• Information status formatting for individual query cells, providing clearer context.

For more details, see the NQE-specific release notes.

Collection – Collector Queue Visibility

Gain real-time insight into collector operations. Users can now view a queue of pending tasks, including:

• Who triggered each operation

• When it was triggered

• Operation type and queue position

• Runtime duration

Admins or job owners can also monitor progress and terminate operations directly from the UI.

Security – Vulnerability Detection for Dell OS9

This release adds enhanced configuration-based CVE detection for Dell devices running OS-9, expanding platform coverage in vulnerability management.

Authentication – API Token Management Enhancements

Org Admins now have improved visibility and control over API tokens assigned to users. New capabilities include:

• Viewing token creation time and last used timestamp

• Setting expiration durations (in days)

• Revoking tokens from the UI

Modeling Enhancements

• Checkpoint – Added support for collecting system configuration.

• Aruba (AOS-CX) – Added support for GRE, IPSec, and VXLAN tunnel types.

Additional Features

• Authentication – Option to tie login sessions to IP addresses to help prevent session hijacking.

• Collection – Smart auto-association of credentials improves efficiency in device access configuration.