Release Notes for Cisco Cyber Vision Release 5.4.0
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Cisco Cyber Vision, Release 5.4.x....................................................................................... 3
Cisco Cyber Vision, Release 5.4.x
Cisco Cyber Vision Release 5.4.x delivers a range of new features and enhancements for both Center and Sensor components, focused on simplifying deployment, improving user access controls, enhancing communication and vulnerability analysis, and streamlining large-scale sensor onboarding. These updates provide more granular network visibility, better data quality monitoring, and support for IPv6 administration, helping organizations manage industrial networks with greater efficiency, security, and ease of use.
Center features
This section provides a brief description of the new software features introduced in Cisco Cyber Vision Center in this release.
Table 1. New software features for Cisco Cyber Vision Center, Release 5.4.x
| Product Impact |
Feature |
Description |
| Ease of Setup
|
Restrict users to a specific preset category
|
This feature enables precise data access control by assigning preset categories to Cyber Vision user roles, limiting users to the Explore menu with read-only permissions. |
| Ease of Use
|
Group by network functionality in communications
|
The communication map displays all communications between network groups and simplifies network interaction analysis. |
| Ease of Use
|
Synchronize custom properties from Cyber Vision to Cisco ISE assets
|
This feature enables you to automatically synchronize custom device properties defined in Cyber Vision with your Cisco ISE assets. It ensures that asset information remains consistent and up to date across both platforms. |
| Ease of Use
|
Communication maps and their filter enhancements
|
Easily spot communications between assets, including those outside your active view. Communication maps highlight assets outside your active view filter with dotted lines. |
| Ease of Use
|
Network-based organization hierarchy alert configuration
|
You can configure alerts at the organization hierarchy level with one additional entity type: Organization Hierarchy (Networks). |
| Ease of Use
|
MITRE mapping and additional details
|
You can view additional information such as MITRE ATT&CK Tactic and Technique Mapping within your vulnerability views, making it easier to investigate, mitigate, and respond to security vulnerabilities of Cyber Vision assets. |
| Ease of Use
|
Consistent Groups and Subgroups on the Zones and Conduits Map
|
Easily visualize network communications to ensure devices remain within their designated boundaries. The system now supports one level of sub-zones within existing zones and conduits. You can quickly identify devices that should not communicate outside their networks. |
| Ease of Use
|
Mute or unmute alert instances for prohibited vendor alert type
|
You can use the mute and unmute feature to control prohibited vendor alerts. Mark alert instances as reviewed and not urgent, so they remain in the system but are not active. Select the duration to mute an alert instance; after that period, the alert becomes active again. |
| Ease of Use
|
You can capture PCAP data directly from the Cyber Vision Center interface, in addition to sensor-based capture. |
|
| Ease of Use
|
View all communications between a selected asset and external entities. You can identify unexpected external communications that may expose your organization to attacks. |
|
| Upgrade
|
Basic IPv6 Day-0 Configuration Support
|
Cyber Vision supports both IPv4 and IPv6 for administration services. You can access the Cyber Vision web UI and integrate with third-party solutions (Syslog, Cisco ISE, LDAP) using either IPv4 or IPv6 on center eth0. |
Sensor features
This section provides a brief description of the new software features introduced in Cisco Cyber Vision Sensor in this release.
Table 2. New software features for Cisco Cyber Vision Sensor, Release 5.4.x
| Product Impact |
Feature |
Description |
| Ease of Use
|
Sensor collected data quality report
|
Easily monitor the quality of your sensor statistics with the Status Overview page. See real-time details for each sensor. Stay informed and ensure your data is always reliable.
|
| Ease of setup
|
Bulk host onboarding and sensor deployment in Cisco Cyber Vision lets you add multiple routers at once and deploy sensor applications to them using a guided, wizard-based workflow. It automates reachability and readiness checks, reduces manual effort, and accelerates large-scale rollouts. |
|
| Ease of Use
|
Send GPS data to Center for sensor geolocation
|
Sensors can now report GPS coordinates (latitude/longitude) to the Cyber Vision Center for accurate mapping and visualization of the physical location of the platform hosting the Cyber Vision sensor application. |
This section provides a brief description of the behavior changes introduced in this release.
Table 3. Behavior changes for Cyber Vision, Release Cyber Vision 5.4
| Description |
Behavior changes |
| Sensor communication changes. The system needs a port change for communication between sensors and center. |
· Previously, the system used two ports: Secure syslog (TCP 10514) and AMQP (TCP 5671). · In release 5.4.0, the system uses only one port: AMQP (TCP 5671). |
| Cyber Vision center version 5.4.0 is no longer an NTP server. |
Previously, the center acted as an NTP server for its sensors. In release 5.4.0, the center does not act as an NTP server for sensors. |
This table lists the resolved issues in this specific software release.
Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
Table 4. Resolved issues for Cyber Vision, Release Cyber Vision 5.4.x
| Bug ID |
Description |
| AssetGroup update is sent to Cisco ISE for omitted subnet. |
|
| Some assets do not have any associated sensor |
|
| Sensor Deployment: Unable to change the serial number of a replaced switch. |
|
| Decode error: Unknown EthernetCTP function type 49790. |
|
| Upgrading the Cyber Vision version has various effects on the KDB version. |
|
| The setup-center-CLI firewall command flushes everything. |
|
| Reaching the component limit does not generate an event. |
|
| Telnet DPI: Do not store all characters. |
|
| The Network Definition page in the new user interface is slow to render. |
|
| Device Inventory report failure. |
|
| License page displays no information when in pending state. |
|
| Cisco ISE pull does not work with a custom webapp certificate. |
|
| Functional Groups: Error when trying to re-run Asset Clustering. |
|
| Deleting multiple sensors can cause haproxy to stop. |
|
| pg_stat_statements remain large after upgrading to 5.4.0. |
|
| Center update event may be lost. |
|
| Cyber Vision Device list is unable to filter based on VLAN, group, or OS columns |
|
| The Security report's vulnerability list is not accurate |
|
| The SEA agent running in the Cyber Vision IOx application could, under specific circumstances, use CPU cycles even when idling |
This table lists the open issues in this specific software release.
Note: This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
Table 5. Open issues for Cyber Vision, Release Cyber Vision 5.4.x
| Bug ID |
Description |
| Security report failure due to device with a null IP address |
|
| XDR ribbon disappears when clicking Find observables |
|
| XDR observables return an error |
This table lists the limitations for this release. Click the bug ID to access the Cisco Bug Search Tool and see additional information
Table 6. Known issues for Cyber Vision, Release Cyber Vision 5.4.x
| Bug ID |
Description |
| NA |
After a Cyber Vision sensor self-update process is complete, if a platform is restarted within 5 minutes of the update, the sensor returns to the previous version. |
| NA |
Docker reserves the first address of a defined network. You must not assign the first address when you configure the DPI interface in an Encapsulated Remote Switched Port Analyzer (ERSPAN). |
Center compatibility
Table 7. Compatibility information for Cisco Cyber Vision Center, Release 5.4.x
| Product |
Supported Release |
| VMware ESXi |
6.x and later |
| Nutanix AOS (Acropolis OS) |
6.10 and later |
| Microsoft Windows Server Hyper-V |
2016 and later |
| Cyber Vision Center hardware appliance (Cisco UCS® C220 M5 Rack Server) |
CV-CNTR-M5S5: 16-core CPU, 64 GB RAM, 800 GB drives CV-CNTR-M5S3: 12-core CPU, 32 GB RAM, 480 GB drives |
| Cyber Vision Center hardware appliance (Cisco UCS® C225 M6 Rack Server) |
CV-CNTR-M6N: 24-core CPU, 128 GB RAM, two or four 1.6 TB NVMe drives |
Sensor compatibility
Table 8. Compatibility information for Cisco Cyber Vision sensors, Release 5.4.x
| Product |
Supported Release |
| Cisco IC3000 |
Minimum version: 1.5.2 Recommended versions: 1.5.2 |
| Cisco Catalyst IE3400 |
Minimum version: 17.6.x Recommended versions: 17.9.6a, 17.12.5, 17.15.3 and above |
| Cisco Catalyst IE3300 10G |
Minimum version: 17.6.x Recommended versions: 17.9.6a, 17.12.5, 17.15.3 |
| Cisco Catalyst IE3300 (with 4GB DRAM units starting with Version ID (VID) from -06) |
Minimum version: 17.12.x Recommended versions: 17.12.5, 17.15.3 |
| Cisco Catalyst IE3500 |
Minimum version: 17.18.x Recommended versions: 17.18.x |
| Cisco Catalyst IE9300 |
Minimum version: 17.12.x Recommended versions: 17.12.5, 17.15.3 |
| Cisco Catalyst IR1101 |
Minimum version: 17.6.x Recommended versions: 17.9.6, 17.12.4, 17.15.3 |
| Cisco Catalyst IR1800 |
Minimum version: 17.6.x Recommended versions: 17.9.6, 17.12.4, 17.15.3 |
| Cisco Catalyst IR1835 |
Minimum version: 17.15.1 Recommended versions: 17.9.6, 17.12.4, 17.15.3 |
| Cisco Catalyst IR8300 (running IOS-XE 17.15.x with a minimum 3 GB memory allocated to IOx applications) |
Minimum version: 17.9.x Recommended versions: 17.9.6, 17.12.4, 17.15.3 |
| Cisco Catalyst 9300
|
Minimum version: 17.6.x Recommended versions: 17.9.6a, 17.12.5, 17.15.3 |
| Cisco Catalyst 9400 |
Minimum versions: 17.6.x Recommended versions: 17.9.6a, 17.12.5, 17.15.3 |
| Ubuntu LTS |
Minimum version: 20 Recommended versions: 24.04 |
| Docker |
Minimum version: 27.0 Recommended versions: 27.x |
| VMware ESXi |
Minimum version: 6.x Recommended versions: 8.x |
| Rockwell Stratix 5800 Switch · 1783-MMS10EA · 1783-MMS10EAR · 1783-MMS10A · 1783-MMS10AR |
Minimum version: 17.12.x Recommended versions: 17.12.4, 17.15.4 |
Upgrade compatibility
If you are upgrading to Cisco Cyber Vision release 5.4.x from an earlier release, see the Cisco Cyber Vision Upgrade Guide.
Table 9. Upgrade paths to Cisco Cyber Vision Center Release 5.4.x
| Current software release |
Upgrade path to Release 5.4.x |
| 4.3.x, 4.4.x, 5.x.x |
Upgrade directly to 5.4.x |
| 4.1.x |
Upgrade first to 4.3.0, then to 5.4.x |
Cyber Vision Center hardware appliance performance
Table 10. Cisco Cyber Vision Center (Standalone/Local) hardware appliance scale
| Item |
CV-CNTR-M6N |
| Max components |
50,000 |
| Max number of sensors |
300 |
| Max number of flows stored |
16 million |
Table 11. Cisco Cyber Vision Global Center scale
| Item |
CV-CNTR-M6N |
| Max components synced |
150,000 |
| Max number of registered centers |
20 |
See Cisco Cyber Vision Data Sheet.
This section provides information about the release packages associated with Cisco Cyber Vision, Release 5.4.x.
Center software
Table 12. Software packages for Cisco Cyber Vision Center, Release 5.4.x
| Software Package |
Description |
Release |
| CiscoCyberVision-Center-5.4.x.ova |
Install Cisco Cyber Vision Center on a VMware ESXi virtual machine. |
5.4.x |
| CiscoCyberVision-center-5.4.x.qcow2 |
Install Cisco Cyber Vision Center on an Oracle-hosted virtual machine. |
5.4.x |
| CiscoCyberVision-5.4.x.vhdx |
Install Cisco Cyber Vision Center on a Hyper-V VHDX virtual machine. |
5.4.x |
| CiscoCyberVision-Center-with-DPI-5.4.x.ova |
Install Cisco Cyber Vision Center with DPI capabilities on a VMware ESXi virtual machine. |
5.4.x |
| CiscoCyberVision-reports-management-5.4.x.ext |
Install the extension in a Cisco Cyber Vision Center for reports management. |
5.4.x |
| CiscoCyberVision-sensor-management-5.4.x.ext |
Install the extension in a Cisco Cyber Vision Center for sensor management. The extension is not compatible with a FIPS-Compliant Center. |
5.4.x |
| CiscoCyberVision-update-center-fips-5.4.x.dat |
Manually update a Cisco Cyber Vision Center to a FIPS-compliant Center. |
5.4.x |
| CiscoCyberVision-fips-5.4.x.vhdx |
Install FIPS-compliant Cisco Cyber Vision Center on a Hyper-V VHDX virtual machine. |
5.4.x |
| CiscoCyberVision-center-5.4.x.qcow2 |
Install FIPS-compliant Cisco Cyber Vision Center on an Oracle-hosted virtual machine. |
5.4.x |
| CiscoCyberVision-Center-fips-5.4.x.ova |
Install FIPS-compliant Cisco Cyber Vision Center on a VMware ESXi virtual machine. |
5.4.x |
Sensor software
Table 13. Software packages for Cisco Cyber Vision sensors, Release 5.4.x
| Software Package |
Description |
Release |
| CiscoCyberVision-IOx-Active-Discovery-IC3000-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x with Active Discovery for Cisco IC3000 Industrial Compute Gateway. |
5.4.x |
| CiscoCyberVision-IOx-Active-Discovery-aarch64-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x with Active Discovery for Cisco Catalyst IE3300, IE3400, and IE9300 Rugged Series Switch. |
5.4.x |
| CiscoCyberVision-IOx-Active-Discovery-x86-64-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x with Active Discovery for Cisco Catalyst 9300, 9400 Series Switch and for Cisco Catalyst IR8340 Rugged Router. |
5.4.x |
| CiscoCyberVision-IOx-IC3000-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x for Cisco IC3000 Industrial Compute Gateway. |
5.4.x |
| CiscoCyberVision-IOx-aarch64-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x for Cisco Catalyst IE3300, IE3400, and IE9300 Rugged Series Switch and Cisco IR1101, IR1800 Integrated Services Router Rugged. |
5.4.x |
| CiscoCyberVision-IOx-x86-64-5.4.x.tar |
Not FIPS-compliant. Cisco Cyber Vision Sensor IOx Application 5.4.x for Cisco Catalyst 9300, 9400 Series Switch and for Cisco Catalyst IR8340 Rugged Router. |
5.4.x |
| CiscoCyberVision-IOx-Active-Discovery-fips-aarch64-5.4.x.tar |
FIPS-compliant. Cisco Cyber Vision Sensor FIPS IOx Application 5.4.x with Active Discovery for Cisco Catalyst IE3400 Rugged Series Switch and Cisco Catalyst IE9300 Rugged Series Switch. |
5.4.x |
| CiscoCyberVision-IOx-Active-Discovery-fips-x86-64-5.4.x.tar |
FIPS-compliant. Cisco Cyber Vision Sensor FIPS IOx Application 5.4.x with Active Discovery for Cisco Catalyst 9300, 9400 Series Switch and for Cisco Catalyst IR8340 Rugged Router. |
5.4.x |
| CiscoCyberVision-IOx-fips-aarch64-5.4.x.tar |
FIPS-compliant. Cisco Cyber Vision Sensor FIPS IOx Application 5.4.x for Cisco Catalyst IE3300, IE3400, and IE9300 Rugged Series Switch and Cisco IR1101, IR1800 Integrated Services Rugged Router. |
5.4.x |
| CiscoCyberVision-IOx-fips-x86-64-5.4.x.tar |
FIPS-compliant. Cisco Cyber Vision Sensor FIPS IOx Application 5.4.x for Cisco Catalyst 9300, 9400 Series Switch and for Cisco Catalyst IR8340 Rugged Router. |
5.4.x |
Collection page: Cisco Cyber Vision User Content
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.