Page tree
Skip to end of metadata
Go to start of metadata

FireMon is preparing Lumeta Enterprise Edition 3.3.3.2 for general availability, a software release that will provide new features and enhancements, including those highlighted on this page. This release is recommended for all Lumeta Enterprise Edition users.

Lumeta Enterprise Edition 3.3.3.2
Upgrade PathUser Center DownloadUpgrade MethodUpgrade Procedure

FROM release

TO release . . .

About the Package & Validation CodeGUI

CLI


Lumeta Enterprise Command Center 3.3.3.0 or 3.3.3.1

Lumeta Enterprise Command Center 3.3.3.2

Lumeta 3.3.3.2 Upgrade Download

Available 8/14/2019 on the FireMon User Center > Downloads page

SHA256 checksum: (available at GA)

The Lumeta 3.3.3.2 upgrade package upgrades the Lumeta
Enterprise Command Center, Enterprise Scout, and Portal

(tick)(tick)


See Upgrading to Lumeta Enterprise Edition 3.3.3.2 for the procedure.

Lumeta Enterprise Scout
3.3.3.0 or 3.3.3.1

Lumeta Enterprise Scout
3.3.3.2
(tick)(tick)

Lumeta Enterprise Portal
3.3.3.0 or 3.3.3.1

Lumeta Enterprise Portal
3.3.3.2
(error)(tick)
Lumeta CloudVisibility Community Edition 3.3.3.2
Full DeploymentSource

Deployment MethodDeployment Procedure

Lumeta Component

Format

Request Download From

 FilenameVM

AWS

PDF


Lumeta CloudVisibility
Command Center

OVA



https://firemon.community




Lumeta-3.3.3.2-Community-Edition.ova(tick)(error)

QuickStart Deployment for Hybrid Visibility

AMILumeta Community Edition Command Center v3.3.3.2(error)(tick)
Lumeta CloudVisibility
Cloud Scout
AMILumeta Community Edition Cloud Scout v3.3.3.2(error)(tick)

QuickStart Deployment for Hybrid Visibility

Backward Compatibility

Lumeta Command Centers are generally compatible with the last two versions of the other component systems. Any departures from this are noted below. 

Lumeta Enterprise Edition Compatibility


Enterprise ScoutCloud ScoutPortal

3.3.3.1

3.3.33.3.3.1 (v13841.339)3.3.3.13.3.3
Command Center 3.3.3.2(tick)(tick)

(tick)

(tick)(tick)

New Features

  1. Rapid7 Integration
    This release provides the foundation of a full Rapid 7 integration. Lumeta Enterprise Edition 3.3.3.2 has the capability to ingest information about your network devices from Rapid 7 via API. See Rapid7 Integration for the configuration procedure and Rapid7 Management dashboard for more on results-reporting in the Lumeta. 

  2. About Cloud Scanner & CloudVisibility
    The Lumeta development team has minimized the overlap in capabilities between Cloud Discovery (aka Cloud Scanner) and the Cloud Scout. This page provides information and guidance on choosing the method that will work best with your deployment. 

New Documentation

Rapid7 Integration 

Rapid7 Management 

About Cloud Scanner & CloudVisibility

Upgrading to Lumeta Enterprise Edition 3.3.3.2 

QuickStart Deployment for Hybrid Visibility

Enhancements

This release includes the following enhancements:

Case IDDescription
PO-10346

CLI commands have been added that support allowing root-ssh to be powered on from a Cloud Scout CLI. For more, see Enabling ROOT-SSH Access to the Cloud Scout.

PO-10320

The CloudVisibility configuration page now reports operational status right on the Lumeta GUI: Is the Cloud Scout working? Does Lumeta have cloudvisibility? How recently? What's the most recent error? This type of information is provided.

PO-10365

A Command Center's name (e.g., 6hour is the system name) is now displayed in its browser tab.

PO-10319

Health of the CloudScout connection is now displayed on the GUI with a red/green indicator.

PO-10588

Map has been given a self-expanding search capability.  When one searches for a device, the correct map containing that device is not only launched but also deliberately expanded down to whatever level is required to expose the endpoint (and the endpoint also pulses). In previous releases, if you searched on a map where the target device was not currently expanded (visible) on the map canvas, the map remained stagnant and did not show the endpoint (despite a textual indication that the endpoint(s) were found.

PO-10002

The macvendor_id is now cleared when a mac address is cleared or expired from device table.  Immediately after a timeout, mac devices subject to the timeout have both their MAC and macvendor ids set to null. Also for those devices, their former macvendor attributes are not used in profiling.

PO-10500IPv4Range and IPv6Range columns have been added to Device Details: Cloud: Security <requested screencap on jira>
LUM-236IPv6 Troubleshooting Support Tools

Fixed Issues

The following issues reported by customers have been fixed: 

Case IDFixed Issue
LUM-305

Ensured that a Scout having multiple interfaces such as eth0 and eth1 does not send IPv6/128 packets to addresses from its non-configured interface..

LUM-6Not performing HTTP/HTTPS scanning of responsive IPv6 devices
LUM-7Not performing CIFS scanning of responsive ipv6 devices

Known Issues

We'll make you aware of any known issues and the work-arounds here.


Lumeta 3.3.3.2 Known Issues
1None as of 8/6/2019

Security Updates

Lumeta 3.3.3.2 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. A list of CVEs resolved in this 3.3.3.2 release will be made available soon. 

Database Schemas

View the PostgreSQL 9.6.6 database schema and properties for Lumeta Enterprise Edition:

Lumeta 3.3.4: http://lumeta-supportfiles.firemon.com/schema/schema-3.3.4/output-allschemas/ (October 29, 2019)

Lumeta 3.3.3.2http://lumeta-supportfiles.firemon.com/schema/schema-3.3.3.2/output-allschemas/ (July 22, 2019)

Lumeta 3.3.2:  http://lumeta-supportfiles.firemon.com/schema/schema-3.3.2/output-allschemas/ (September 24, 2018)

SWADLed WADL 3.3.3x

Change Log

Following are the changes made in preparation for this Lumeta 3.3.2.3 release. This information is from 8/6/19 and will be refreshed right before the GA release. 

Epic

LUM-389 - Security updates for 3.3.3.2

Bug

LUM-1 - Rapid7 Management dashboard: Rapid7 and Spectre Managed IPs Detail widget - Risk score information is missing.

LUM-3 - Integrations=>Other Solutions=>Rapid7 - Tab border is not consistent with others

LUM-4 - Settings=>Integrations=>Other Solutions: Lumeta footer and text are missing on integrations page after adding Rapid7 tab.

LUM-5 - SNMPv3 credentials not giving the expected results

LUM-6 - Not performing HTTP/HTTPS scanning of responsive ipv6 devices

LUM-7 - Not performing CIFS scanning of responsive ipv6 devices

LUM-10 - devicemodel_short SQL contains a typo

LUM-11 - Check in 4.16.3 version of x15 rpm

LUM-14 - Update libssh2 and dbus for security

LUM-16 - Device details:Column sorting is not working on FireMon CVEs tab

LUM-34 - Issue in /etc/sysconfig/network-scripts/route-eth0 file on a multiple interface system

LUM-35 - Upgrade ag-grid to latest version (from 9.1 to 20.2)

LUM-42 - upgrade doesn't check if it's already doing an upgrade (parallel)

LUM-43 - Reports-->RC7-->Widget is not showing in report after edit widget settings

LUM-53 - UI redirects to default dashboard after 403 logout/login

LUM-59 - DEV license should not restrict cloud accounts/instances

LUM-61 - system reinit fails to enable ipv6 networking in the interface config or global config

LUM-70 - Lumeta CloudVisibility is spelled "Lumeta CloudVisibility"

LUM-77 - Device details- All tabs: Column sorting is not working correctly.

LUM-83 - Cloud visibility config error messages are not passed up to GUI

LUM-91 - Drill down on Device details on a Public IP Address from the CV Dashboards, the cloud tab doesn't populate public IP or MAC

LUM-98 - GUI changes for authentication services (PKI & TFA) error messages

LUM-112 - When there are no risks , device details gives a message "Could not get Security data"

LUM-115 - CV-Community License--> Cloud Scanning--> New License required alert should show before license enforcing

LUM-117 - Infoblox feed is not getting ingested for 3.3.3.2

LUM-118 - Cloud Visibility GUI : Drill Down Instance Details from Cloud Visibility Dashboard doesn't display the details, sits and spins

LUM-120 - Search - results chart - cell border width not the same

LUM-121 - upgrade tries to stop instrumentation, no longer present

LUM-122 - Incorrect certificate could possibly be used for profiling

LUM-127 - upgrade didn't include the ddl file, then next time did

LUM-129 - Cloud Visibility GUI : Configuring a bad Risk parameter and later leaving it blank still gives the error msg

LUM-130 - TFA and Password Control enable/disable steps led to customer being locked out of SSH login

LUM-131 - System and Device Notifications: Able to remove the selected column (subscribed, name, event type, priority) just by dragging them out of tabular

LUM-132 - Profiling Results Sporadic for similar Device

LUM-133 - Cloud SDK Account license check can hang entire GUI/CLI

LUM-136 - Setting up defaultreponsder for OCSP does not reflect it in its configuration file

LUM-137 - Zones--> Cloud , uploading invalid file format (xml) throws error, it should show err msg : Badly formatted file on upgraded CC 3322 to 333 - RC1 build

LUM-138 - Cloud Credentials: grid headers are only partially visible after ag-grid upgrade

LUM-139 - Cloud Visibility: Instance Details-->Cloud tabs are not displaying the column headers

LUM-141 - Cloud Visibility GUI : Spectre GUI doesn't give any error msg when the connected Cloud Scout is down

LUM-145 - Report Page shows wrap around in cells after ag-grid upgrade

LUM-147 - Infoblox Dashboard IPs Unmanaged by Spectre Details is showing duplicate IPs

LUM-149 - CEF Configuration - SAVE button automatically enables the configuration (to green) though user not enabled it

LUM-150 - Modify GUI to Not Require Password in Feed

LUM-151 - CloudVisibility Device Details : Risks, Public IP and Public MAC address column not displaying the details when searched with the device details of the IP address associated with an Instance

LUM-152 - Triangle alert should show beside to Settings instead of overlapping on Username

LUM-154 - Infoblox integration timing out when setting up connection from Spectre UI

LUM-155 - CV-Community License--> No triangle alert is showing when system is in warning period of license violation

LUM-158 - Zones: Upload cloud credentials allows only txt file type, but "Download Sample" button provides a csv file and system doesn't allow

LUM-159 - Cloud Visibility : 3323 license is able to discover Cloud Visibility data when Upgraded to 333

LUM-161 - Cloud Visibility : When cloud Scanner is enabled, the Cloud Visibility data is not getting populated in the Dashboards (potential thread lock x15 not related to Cloud Scanner)

LUM-162 - collectd configuration typo

LUM-164 - CloudVisibility GUI: Editing an Instance with another Instance in searched instance tab in Device Details doesn't update the details without refreshing manually

LUM-167 - Spectre Systems - license expiration field always says "Never"

LUM-168 - Ag-grid upgrade:Dashboards/Reports: 'i' icon help text is overlapped with grid data on widgets.

LUM-171 - The UI should not proceed to the dashboard behind the first-login password-change dialog

LUM-174 - /usr/local/lumeta directory still exists on cloud scout

LUM-175 - ag-grid: resizing query results throws a JS error and has the wrong mouse cursor

LUM-176 - Reports: AWS Devices not populating with data when zone cloud scanner is enabled and gathering instances. Discovered AWS Device have no discovery type

LUM-177 - CC upgrade from 3.3.3 to 3.3.3.2 with cloud scanner enabled: Unable to launch CC GUI. Seeing license agreement page

LUM-178 - x15-backend rpm still says depends on jre

LUM-179 - Cloud Visibility GUI: Overlapped data displayed in all the columns in Cloudmon Instance and Security Group Risk Tables

LUM-180 - update python for security

LUM-181 - Report Schedule Times show AM/PM

LUM-184 - Customer with 108 zones unable to add any more zones. Unable to delete zones

LUM-187 - Ag-grid upgrade:Column resizing is broken in Tables grid

LUM-188 - Modify Feed Test To Not Require Password

LUM-190 - CC - PKI : Lumeta logo and copyright text is overlapped with the password field in the Manage System PKI page - Server Certs layer.

LUM-191 - Cloud Visibility Device Details: IP Attributes values are getting displayed when hovering over it.

LUM-192 - Ag-grid upgrade:Column resizing is broken in Advanced Queries grid

LUM-193 - Column resizing is broken in Search Devices/Device Detail grids after ag-grid upgrade

LUM-194 - PKI--> Able to enable TFA on PKI enabled box and vice versa

LUM-195 - update kernel for security

LUM-197 - Cloud visibility credentials tab lets user add more credentials than license limit

LUM-199 - ag-grid upgrade: sort headers on CloudVisibility are misaligned

LUM-200 - Cloud Visibility : After Configuring a Cloud Scout on GUI&Submitting, the password textbox text disappears and shows Blank

LUM-201 - FireMon Integration Dashboards:Unable to see data on widgets unless integration is turned off and turn back on - Post upgrade from 3322 to 333-RC8

LUM-244 - When you drill down using device details on a Public IP address or Public MAC from CV dashboards , the cloud tab is empty

LUM-245 - Error: License Expiration Imminent on System with no License Expiration

LUM-249 - Database Health Doc: stated CLI cmd is vacuum full analyze, command is support db command

LUM-250 - Discrepancy between GUI and CLI License expiration at Customer

LUM-267 - Ag-grid upgrade:Some filter conditions are displayed on Users grid and grid format is missing.

LUM-268 - Rapid7 configuration: Seeing "This product is not configured properly." message when navigating back to integration configuration page from dashboards.

LUM-271 - Browse-Historical: End date and time calendar controller is not properly aligned.

LUM-277 - Integrations - payload for POST expecting base64 for password and username is failing after a recent change.

LUM-291 - Spelling mistakes in Authentication services (PKI & TFA) error messages

LUM-334 - Upgrade slow due to orphan certificate cleanup

LUM-387 - lumeta-api.properties is not getting updated with 3.3.3.2 upgrade updt.tgts.insert=true

LUM-388 - x15 query timeout - Infoblox Integration: Unable to see data on dashboard widgets. "Error: Unable to fetch query results. undefined" is displayed.

LUM-392 - Device Details | FireMon | Assets | Interfaces is not formatted properly

LUM-399 - Tenable Security Center dashboard: Unable to see data on widgets as there is empty feed on tenable server.

LUM-401 - RC3 3.3.3.2 upgrade failed to update 23 pkgs

Story

LUM-22 - Normalize DeviceType, Model, OS, Version pattern attributes

LUM-30 - Push list of unmanaged devices to Rapid7

LUM-37 - Cloud Visibility:Instance details=>Security tab:Column sorting is not working

LUM-38 - upgrade can miss a few rpms, repo not localized

LUM-39 - Port IPv6 ping work to esi-3.3.3.2

LUM-45 - Add UI to configure pushing assets by zone

LUM-47 - Provide AWS Audit Logs in Lumeta

LUM-99 - Make changes to real time target processing

LUM-205 - Need a way to identify GIT changes along with SVN changes on System Information in Spectre

LUM-206 - Make all saved queries for Cloud Device Details consistent

LUM-208 - update openssl for security

LUM-211 - create/configure upgrade and autoupgrade to 3.3.3.2

LUM-212 - Improve formatting of tooltip on "Risks" column

LUM-214 - Reorganize and update User Management test Cases in Zephyr

LUM-216 - Improve Device Details: Cloud to use column names returned in the queries

LUM-219 - Understand and write tests for cloud visibility licensing , authentication and deployment

LUM-220 - update kernel and microcode_ctl for MDS CPU vulnerabilities

LUM-221 - Improve age_out_routes to expire routes per zone

LUM-222 - (CV) Add support root-ssh to CLI

LUM-223 - Allow to set super user flag for AD user by group mapping

LUM-224 - Cloud Scanner --Allow user to add/remove cloud credentials on the CLI command line

LUM-226 - Implement testFeedConfiguration function for Cloud Visibility

LUM-227 - We should clear macvendor_id when we clear/expire mac address from device table

is being searched

LUM-229 - Remove Rule Number

LUM-231 - 3.3.3 profile pattern anomaly (Model vs model)

LUM-232 - Cloud Visibility GUI : The Configuration tab text boxes should have validation checks

LUM-233 - Dashboard/Reports : Right click on Public IP should not allow user to go to device details or maps if we cannot display information

LUM-234 - CV - Add IP Range and Description

LUM-235 - Allow Cloud Scout scheme and port to be overridden for development

LUM-236 - IPV6 troubleshooting support tools

LUM-237 - Show feed status on the Cloud Visibility Configuration page

LUM-283 - Default polling interval for CloudVisibility should be shorter 


 

 

  • No labels