What’s New in Progress Flowmon ADS 12.5

Progress is pleased to announce that we have updated our industry-leading Flowmon Anomaly Detection System (ADS) to version 12.5. The latest update has these additions:

• AI-Powered Threat Briefings
• Expert-Level Recommendations
• New Look for Event Visualization
• Other Improvements

Let’s take a look.

AI-Powered Threat Briefings

The new AI-Powered Threat Briefings feature in Flowmon ADS 12.5 will help keep your team ahead of cyberthreats.

Threat Briefings are curated security intelligence updates designed to inform your team about emerging threats, vulnerabilities and attack campaigns that may impact your environment. Each Threat Briefing is created by our AI engine and then reviewed by Flowmon security experts before distribution. The detection is then carried out by THREATS detection method. These briefings are available directly from the Flowmon ADS sidebar, where security teams get access to a focused Threat Briefings panel highlighting the most critical threats and a scrollable history of recent briefings. They can click on any threat in this panel for detailed descriptions, mitigation advice and an immediate assessment of the potential exposure. See Image 1.

Image 1: The new AI-Powered Threat Briefings

Each briefing includes a detailed description of the threat, associated vulnerabilities, causes and recommended mitigation measures. Additionally, each Threat Briefing provides a list of Indicators of Compromise (IoCs), which are used to detect suspicious activities from the moment the briefing is available in Flowmon ADS. For retrospective analysis, the IoCs can be easily used to query data stored on the Flowmon Collector (in the Monitoring Center), allowing you to examine communications related to a specific Threat Briefing. Combined with real-time intelligence and actionable guidance, the AI-powered Threat Briefings turns reactive firefighting into proactive defense.

How To Enable:

New detection methods are not assigned to any perspectives to prevent unwanted configuration changes. So, while the THREATS method is active after the update, you need to assign the method to some of your perspectives to see related events. You will be informed about unassigned method in the Summary section as well. You can do so in Settings by selecting Processing and then Perspectives.

Key benefits include:

• Automatic detection of emerging threats
• Quick and easy retrospective analysis in just two mouse clicks
• Clear descriptions and mitigation steps right when you need them
• Live threat intelligence delivered directly to your console
• Reduced response times and minimized impact from attacks

Threat Briefings are distributed via the services portal. All our customers can experience this feature with the Flowmon ADS 12.5 release. From July 2026, this feature will be available only to customers with valid Flowmon Extended support.

Expert-Level Recommendations

Responding to security alerts in real time isn’t always straightforward, especially for network admins or less-experienced security engineers. Too often, junior analysts spend precious time trying to validate threats or figure out what to do next, which delays incident response and increases business risk.

Flowmon ADS 12.5 changes the game with Expert-Level Recommendations. It is a new feature designed to streamline incident investigation for teams of all skill levels. Instead of overwhelming users with raw data and vague alerts, Flowmon Expert-Level Recommendations offers clear, human-readable explanations of detected threats and provides step-by-step recommendations on how to respond.

From isolating compromised devices to analyzing traffic or fine-tuning security policies, everything is just a click away. Built-in quick links take users directly to relevant actions, making it easy to dig deeper and take corrective measures without wasting time. See Image 2.

Image 2: The new Expert-Level Recommendations screen

Mini Use Case: Bridging the Gap for Network Engineers

Consider a company where network engineers also now have security responsibilities, but they don’t have a formal cybersecurity background. That’s no easy task, but with Flowmon ADS 12.5, these skilled network professionals can use the new Flowmon ADS 12.5 Expert-Level Recommendations to guide them through alert investigations. As this feature translates complex threat intelligence into simple, actionable steps, it will help them handle incidents effectively and reduce the risk of dangerous delays that can severely impact business operations.

We will distribute Expert-Level Recommendations via the services portal, and all customers can experience this feature via the Flowmon ADS 12.5 release. From July 2026, this feature will be available only to customers with valid Flowmon Extended support.

Brand New Look for Event Visualization

Event Visualization

The Event Visualization feature is completely overhauled to provide a powerful tool for visualizing and analyzing communications between event sources, targets and other hosts. Using this feature, IT teams can easily investigate the relationships between affected hosts directly from the Event Detail and drill down into details like related events or flow analysis for each host in the visualization.

The visualization views show hosts as nodes and their communications as edges, as shown in Image 3. The color corresponds to the number of flows, and the width to the amount of data transferred. You can display the communications of individual hosts or their communications with other hosts in the following flow table. You can add more hosts to the visualization using the three-dot menu. These hosts might not be directly related to the event (being source or targets), but they are communication peers during the event duration. The IP three-dot menu can also be used to check related events or jump directly to the Monitoring Center to analyze flow data.

Image 3: The enhanced Event Visualization screen

Redesigned Event Detail

The Event Detail view has been enhanced to improve clarity and visual appeal while incorporating new features such as Recommendations and Event Visualization. Other notable changes include labels for events marked as false positives or with a probability lower than 100%, as well as the simplification of category management to make event labeling easier.

Improved Histogram in Event Evidence

The Histogram view in Event Evidence now provides the best insights for each event type without the need to reconfigure the parameters. Previously, the default parameters were the same for every event. Currently, for each detection method there is a different default set of parameters to provide the best visualization possible. For example, the High Volume of Transferred Data (HIGHTRANSF) method shows sum of transferred bytes for each destination IP address. Therefore, you will immediately see how much data was transferred as well as the ratios between individual IPs (e.g. one IP transferred much more than the other).

Mitigation from Event Detail

Response capabilities of Flowmon ADS were extended with a new functionality (button: Initiate Response) to trigger a custom script manually from Event Detail to provide better control over the mitigation workflows and processes. Also, there is now a link to the Flowmon platform-supported integrations in Custom Script settings.

Other Changes

A Configuration section was added to the Analysis Summary. It informs about active methods not assigned to any of the perspectives, which means that the associated events are not being shown. Once all active methods are assigned to a perspective, this notification disappears. It can also be turned off in the settings.

• The three-dot menu is now available for the IDS events to provide the most useful shortcuts and options.
  

• The “Open in FMC & add to filter” feature was added to the Events three-dot menu to quickly get to the Monitoring Center for subsequent flow analysis.
  

• Custom scripts have been extended with an event subtype and MITRE ATT&CK tactics info.
  

Find Out More

Visit the Flowmon platform page for details of the product and the Flowmon ADS page for further information on Flowmon Anomaly Detection System. To chat with an expert on how the Flowmon platform can help improve the security of your networks, contact us.

To learn how you can achieve actionable insights for your organization in minutes, sign up for a free Flowmon trial. Our support team can assist during your free trial testing. Use the contact page to start a conversation with the support team.