FireMon has released Lumeta Enterprise Edition 3.3.5 for general availability! This software release provides three major new features and a variety of enhancements, which are highlighted on this page. This release is recommended for all Lumeta Enterprise Edition users.
|Lumeta Enterprise Edition 3.3.5|
|Upgrade Path||User Center Download||Upgrade Method||Upgrade Procedure|
TO release . . .
|About the Package & Validation Code||GUI|
Lumeta Enterprise Command Center 126.96.36.199 or 3.3.4
|Lumeta Enterprise |
Command Center 3.3.5
Available now on the Downloads page of the FireMon User Center
The spectre_update-188.8.131.52.30523-20200407.tgz package upgrades the Lumeta
This 3.3.5 package is compatible with
Lumeta Enterprise Scout
|Lumeta Enterprise |
Lumeta Enterprise Portal
|Lumeta Enterprise |
|Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev)|
|Full Deployment Only (no upgrade path)||Source||Deployment Platform||Deployment Procedure|
Free Community Edition Download
|Free Trial for FireMon Security Manager Customers||Enterprise Version||AWS|
|Lumeta AWS Cloud Scout||AMI||https://www.firemon.com/expose-your-networks-hidden-threats-and-secret-pathways/||Lumeta Cloud Scout ami-0da85150b9863f7fe|
Download from AWS Marketplace
|Lumeta Azure Cloud Scout||VHD|
Lumeta Cloud Scout cloudscout-image-1585471486
Request now from email@example.com
Available soon in the FireMon User Center > Downloads page
Also available soon in theAzure Marketplace: https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=Lumeta&page=1
Enterprise Scouts are not compatible with 3.3.5 Command Centers and must be upgraded to the 3.3.5 version.
Lumeta on Azure Cloud
This release opens up the world of Azure! Now, a single Lumeta Command Center can connect to both an AWS Cloud Scout and an Azure Cloud Scout, enabling your organization to understand its exposure to risk across a hybrid cloud environment that includes Azure and AWS cloud assets.
Azure Configuration Enhancements:
From the Settings > CloudVisibility > Configuration tab, you can opt for CloudVisibility––the capability to see and understand the assets and connectivity within a cloud-based network–– from AWS, Azure, or both.
From the CloudVisibility Configuration tab, you can connect your Lumeta Command Center to Cloud Scouts located in Microsoft Azure and Amazon AWS clouds.
The Credentials tab now accepts Azure credentials, in addition to the AWS credentials that were already supported in Lumeta release 184.108.40.206.
Dashboard Enhancements including Azure support:
The Lumeta CloudVisibility dashboards have been updated to showcase Lumeta advancements in cloud visibility and cloud risk management. Dashboard pages for AWS CloudVisibility, Azure CloudVisibility, and the two combined (i.e., CloudVisibility) have been added to your Lumeta system. Each provides the following information:
|Cloud Security Group Risk|
Displays the number of unique policy group violations in the Security Group Risk column. The total may represent one violation of multiple rules, or multiple violations of a single rule.
Additionally shows cloud instance identifiers––Provider, Account ID, Instance ID, Public IP Address, Public MAC Address, and DNS Name.
|Cloud Inbound Path|
The number of ingress paths from the internet to each cloud instance. If there are more paths present than what's allowed in your environment, remediation is in order.
|Cloud Outbound Path|
Shows the number of egress paths from each cloud instance to the internet.
|Outbound Paths by Device Type||Exit paths to the internet. The device type is often listed as "igw" for internet gateway. This is a logical connection between a VPC and the Internet.|
|Inbound Paths by Device Type||Entrance paths from the internet. The device type is often listed as "igw" for internet gateway.|
A complete set of cloud instance identifiers––Provider, Account ID, Instance ID, Public IP Address, Public MAC Address, and DNS Name. Also Region, VPC ID, VPC Name, Security Group Risk, Security Group ID. Finally, who to contact if there's a issue with the instance––the Owner, Purpose, and Contact
Vibrant new widgets showing inbound and outbound leak paths by instance.
For more, see the Azure CloudVisibility Dashboard page.
The Lumeta CloudVisibility map presents both Azure and AWS findings. These can be sorted by provider (AWS or AZURE), region, account, and VPC ID.
For the procedure to deploy a Lumeta Command Center or Cloud Scout to Azure, go to Azure Deployment.
With this release, Lumeta now has a certified integration with SplunkThe Lumeta application supports Splunk dashboards and visualizations by providing Lumeta-discovered network data via syslog and REST APIs. The integration is available for download in the Splunk marketplace.
Interested in pushing Lumeta data and syslog notifications to Splunk? Here is the process to set up this new integration:
Check out the results!
Configurable Browser Session Timeout
For those customers who have requested an adjustable session timeout for Lumeta, it's here!
To view and set session timeout in the Lumeta CLI, input the command:
system timeout [ minutes ]
Without an argument, the command displays the session timeout time in minutes. The default session timeout is 240 minutes (4 hours).
With a positive integer argument, the command sets a new timeout value.
Enhanced Custom Attributes
To learn about the custom attribute enhancements provided in this release, watch this demo.
For the best playback quality in YouTube, choose the "HD" option in quality playback (Settings > Quality > HD).
Summary of Custom Attribute Enhancements
You can add, edit, or delete custom attributes within Device Details in the new Attributes > Custom dropdown.
Or, from any list of devices, you can Select All or select a subset, then add, edit, or delete custom attributes as needed.
For more on system and custom attributes, refer to these pages . . .
- Device Attributes
- Adding & Managing Custom Attributes
- Overwriting vs. Appending Custom Attributes
- Adding & Managing Custom Attributes
Licensing Total Accounts
Licenses are limited by number-of-accounts and number-of-instances (Azure + AWS). The counts are cumulative across AWS and Azure (e.g., an 100 account maximum would be reached with 30 AWS accounts + 70 Azure accounts.
Lumeta license calculations include all unique cloud accounts including those associated with archived and disabled collectors. Users will not be able to apply a new license to an existing system when the account maximum specified in the license is less than the number of accounts already associated with the system.
Security Updates & STIG
Lumeta 3.3.5 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. A list of CVEs resolved in this 3.3.5 release is available here.
This Q1 2020 database schema shows a visual representation of the Lumeta database.
The SWADLed WADL is our swagger-styled WADL documentation viewer. It comes from an auto-generated WADL that has been converted into human-readable documentation. The 3.3.5 WADL will be made available on or around the date of Lumeta GA release. In the interim, this Lumeta 3.3.4 SWADLed WADL is still current.
Following is the list of issues fixed in preparation for this Lumeta Enterprise Edition 3.3.5 release.
LUM-66 - cloud scout - System is not prompting an error while changing the password of non existing user
LUM-275 - Delete on "certificatepath" violates foreign key constraint on "certificate"
LUM-571 - boot up syslog-ng errors on console, no such files or directory
LUM-668 - re-adding and existing WMI alias via UI fails with an error "Alias already in use. Please try another value."
LUM-687 - Bogus fields in JSON-encoded objects can break parsing
LUM-877 - Dashboard: Switching between chart and table loses selection
LUM-890 - Dynamic Edge Dashboard > Forwarders with Unknown routes widget > query
LUM-930 - Navigating from Report to Map for Azure/AWS devices does not show the message "The device you selected...." on the map
LUM-1171 - PathHunter can cause out of memory condition when handed large CIDRs
LUM-1261 - Active Directory authentication fails when groupmapped organization contains Space
LUM-1264 - AD-->Groupmapping-->Download--> downloaded CSV file is not showing the Superuser data
LUM-1274 - When AD enable fails with long netbios name the /usr/local/lumeta/.activedirectory file is not removed preventing non-AD user login.
LUM-1275 - Feed setting of 0 for Tenable caused Webapp to fail to start.
LUM-1276 - Enable AD failing at customer
LUM-1302 - CC GUI=>Status of Spectre Components: Page is not responding when selecting service as other than 'All Spectre Services' from drop-down.
LUM-1329 - AD-->groupmapping-->Append- append functionality failed on superuser column data
LUM-1335 - Query results shows "record s" instead of "records" when more than one row is returned
LUM-1336 - Some parent devices are getting associated with children certificates
LUM-1347 - AD-->groupmapping--> append--> failed with organization contains Space
LUM-1351 - Active Directory Configuration is failing at customer site
LUM-1356 - Maps doesn't come up on net-booted 'esi-current' box shows 500 (Server Error) in Console
LUM-1357 - The label 'Spectre' should be replaced with 'Lumeta' in all integration dashboard widgets.
LUM-1371 - CLI-Integrations - (1). 'Server' parameter is missing in Tenable/Rapid7 (2). 'User' parameter is missing in qualys list command results on Auto-netbooted systems (esi-current and esi-maintenance)
LUM-1379 - CC CLI=>Archive collector: Spelling error is displayed=> ERROR: Cannot re-acrhive an already archived collector.
LUM-1392 - Zone to network config mapping checkbox setting goes away from UI on reload if zone name has periods in name (e.g. 172.16.82)
LUM-1395 - We are writing java.lang.NullPointerException in lumeta-webapp.out logs if bluecat feed is enabled but zone network mapping is disabled
LUM-1398 - On disabling integration, page constantly shows processing icon until page is reloaded
LUM-1412 - Security Manager dashboard shows unmanaged devices in the bottom pane
LUM-1414 - Discovery agent didn't restart
LUM-1453 - Can't get list of custom attributes of a device from Real time Reports when device details of an IP of different zone is opened in Devices
LUM-1455 - Device search with custom attribute value containing spaces is considered as multiple searches, and ends in opening multiple tabs for search results
LUM-1456 - Support tools >> System export/import does not restore values of custom attributes
LUM-1461 - Cloud Visiblity using role based authentication shows null values in map
LUM-1471 - AD-->'client ipc signing' is not showing up in View config
LUM-1474 - Adding custom attribute from device details page >> Success message does not show IP address of device
LUM-1477 - Device Details: Interfaces is missing
LUM-1490 - Drilling to device details from Advanced Query result screen fails to preserve zone of device
LUM-1517 - Report "Forwarders with Unknown Routes" is not displayed correctly
LUM-1521 - discovery-agent fails to start at boot time
LUM-1531 - Search->Advanced Queries not displaying result for some nested data points
LUM-1540 - Refactor CloudVisibilty Config & Credentials to allow user to select a cloud provider (Azure)
LUM-1543 - WMI dashboards do not show option to add custom attributes
LUM-1554 - Custom Attributes--> Device Search--> Not all the columns are showing for custom attributes
LUM-1562 - Cloud provider (AWS/Azure) selection drop down UI improvements
LUM-1563 - Custom Attributes-->Reports--> Zombie Devices report --> IP's don't have options for adding and editing custom attributes
LUM-1568 - No indication that login is in progress
LUM-1597 - While deleting AWS basic credentials through api throws 500 error
LUM-1598 - If incorrect aws server name or password are provided 500 error is showing up in network tab
LUM-1599 - 'Allow IP Forwarding' field in device details of an Azure instance does not show correct value
LUM-1600 - 'Connection refused' text is shown twice in error message when connection is refused by cloud scout ip
LUM-1603 - Tenable only ingesting 50 records
LUM-1607 - Discovery agent fails to start in some environments
LUM-1608 - Instance summary report from Cloud Sdk does not include Azure instances created with custom disk or vhd files
LUM-1616 - Added AWS/Azure Credentials are showing when configuration is disabled / Switched Off
LUM-1622 - Risk Assessment dashboard's queries should be updated to use new cloud tables, right now showing error on dashboard as old cloud tables are removed
LUM-1623 - Dashboards >> Instance Inventory >> Securitygroupid field is empty
LUM-1624 - "Add AWS/Azure credentials" page is not properly displayed in IE 11 browser.
LUM-1625 - CC is not displaying data for inspectorhealth and inspectorfindings fields on dashboards and instance details
LUM-1626 - Not recording Leak results
LUM-1627 - CC is not getting audit logs from CloudSDK api, api is returning 403
LUM-1631 - Aws/Azure Risk Parameters screen, Image White List/Image Black List are not getting saved
LUM-1633 - Switching cloud provider from Risk parameters screen gives "Discard the work you started on the form below Y/N?" pop-up even though changes were saved
LUM-1642 - Help text for white/black list in risk parameters for azure should be changed as image id names are different in azure
LUM-1643 - Cloud Visibility >> Risk parameters page doesn't show error when one of the risk parameters is invalid
LUM-1645 - Instance summary data for Azure is empty from Cloud Scout (Cloud SDK performance issue)
LUM-1648 - Data is not coming in security tab for azure instances on instance details page
LUM-1651 - GUI: The "Tables" and "Queries" screens are no longer sortable by column header
LUM-1652 - SecurityGroupID needs to be re-formatted in Spectre Cloudvisiblity UI for Azure
LUM-1654 - Azure instance details do not show all security rules coming under same network security group, shows just the first rule
LUM-1655 - Label AWS and Azure dashboard widget to include provider
LUM-1658 - Azure - include subnetPolicies in security group queries
LUM-1660 - There is no provision to remove active report schedules when a user gets deleted
LUM-1663 - GUI Sessions never marked closed in database
LUM-1672 - Clear orphaned profiledata records as part of Upgrade
LUM-1677 - Unable to login via GUI in latest esi-current systems
LUM-1679 - CLI - 'support service api status' asks for confirmation implying a restart
LUM-1680 - Fix mismatch between netboot and upgrade for x15 ddls as well as Postgres db
LUM-1681 - Risk parameters tab is spinning and timing out sometimes
LUM-1706 - Instance inventory table shows multiple entries for an instance when instance has multiple security group ids
LUM-1707 - Cloud Visibility Config: all required fields should remain required even if the config is disabled
LUM-1708 - Integrations (Other Solutions)are not saved in IE browser.
LUM-1709 - Polling Interval is not configured properly for Open Source Feeds in integrations in IE browser..
LUM-1710 - Default value for Polling Interval is not shown for integrations in IE browser.
LUM-1712 - Add Source and Destination IPv6 columns in Security tab of instance details
LUM-1713 - Enhancement >> Risk Assessment dashboard, cloud tab should have Cloud Provider column like all other tables in Aws/Azure dashboards
LUM-1717 - Azure/AWS configuration, hyphen should be allowed in server name as dns name of cloud scout may have hyphen
LUM-1718 - Audit logs tab of a cloud instance displays oldest 100 events occurred in 30 days instead of most recent 100 events
LUM-1720 - Remove copyright from footer (Update Lumeta Footer to show 2020)
LUM-1723 - CLI - CC ->Manager user - Role list get empty when tried to add duplicate role for user
LUM-1725 - Browse real time reports, for custom reports, "Set as default dashboard" option doesn't show widget it only shows the widget name on homepage
LUM-1726 - Community License--> User is allowed to add more cloud visibility credentials than the license limit
LUM-1727 - Cloud Scanner--> Unable to delete cloud accounts which are having spaces in Cloud Alias
LUM-1732 - Self Signed Certificates Summary report widget record counts doesn't make details click through
LUM-1733 - lastobserved and maclastobserved are not updated for previously discovered layer2 mac addresses in snmpDetalls
LUM-1735 - Browse real time reports, Certificate related reports, Drill down in pie charts reports count mismatch
LUM-1744 - Remove option "Enable continuous queries on this table" from Table->Edit->Advanced options
LUM-1745 - CLI user superuser name ? shows text with privileges spelled incorrectly
LUM-1746 - tweak-route handles ipv6 only interface incorrectly
LUM-1747 - When we remove a CIDR from Zone Known List, the devices under that CIDR still come up as Known Devices
LUM-1752 - UI Tables/Reports there is a Settings/Search Limit that is not being honored
LUM-1753 - Remove device id and duplicate ip address column from tables on firemon management dashboards
LUM-1754 - Cannot configure McAfee DXL configuration it sits and spins, works in 334
LUM-1755 - Public internet inbound/outbound data points are coming empty from latest cloud scout(1.20200303.093345)
LUM-1756 - Viewer role is able to edit Users
LUM-1759 - Community Edition --> Report Schedule should not be accessible when CC is installed with community license from Marketplace & Firemon website
LUM-1760 - Correct the typo of "Lumeta CloudVisiblity" in dashboard menu
LUM-1767 - Unable to see "Asset Mapping by zone" option in Rapid7 Configuration screen.
LUM-1772 - Meraki Integration >> ui is not updating check boxes of mapped zones
LUM-1777 - Portal -CLI--->Inappropriate error message is displayed when created username with more than 40 characters
LUM-1790 - Unable to load Lumeta CloudVisibility map on 335 RC2(220.127.116.11.30217)
LUM-1794 - Device details of Azure device ip discovered by Cloud Scanner do not show cloud data when same device gets discovered by Cloud Visibility also
LUM-1800 - Spectre(local) super user cannot login via CLI when AD is enabled and system is under maintenance mode
LUM-1801 - Instance details doesn't show security group risks from all interfaces when instance has multiple interfaces
LUM-1803 - CLI-viewerUser - Throwing 'Internal Server Error' when running 'Zone list Zone1' command to view the properties of particular zone
LUM-1814 - Device Profile Patterns >> Existing custom device patterns are getting overwritten even on selecting replace no option on import
LUM-1815 - update_iface_db works incorrectly on v6 only interface
LUM-1817 - nessus scan of 3.3.5 RC2 show high level vulnerabilities
LUM-1822 - CC is not forwarding some types of CEF notifications to Splunk Server e.g. zone/collector updates
LUM-1823 - GUI allows user to upgrade/re-license after session timeout
LUM-1824 - BGP via IPv6 with password auth fails
LUM-1829 - X15 metada comparison fails in netboot and upgrade pp Build 335.30326
LUM-1841 - Can't switch to Default CA using command 'certificate ca remove' after installing custom CA
LUM-1846 - zookeeper occasionally doesn't start on boot up -- upgrade to 18.104.22.168.30379
LUM-1848 - Cloud Scanner is not able to fetch virtual machines from azure lumeta subscription ed69b797-ef18-49db-ac5b-d19ae3fa796f
LUM-1866 - Sacumen splunk plugin >> 'Cloud devices' widget is not displaying securitygroup id of cloud instances
LUM-1891 - BGP Failure processing MP_REACH_NLRI attribute
LUM-1908 - Investigate increase in processing time for hostDiscovery in 3.3.5 RC3
LUM-461 - SPIKE: Azure Support for CloudVisibility
LUM-479 - Customization of WF for /etc/syslog-ng/syslog-ng.conf needs to be preserved on upgrades
LUM-619 - Remove top level license install - CLI Two license install commands: 2 paths (1) system license install (2) certificate spectre install
LUM-628 - Remove columns from device_values that are not being used.
LUM-629 - Add dependency check support into the Upgrade framework
LUM-875 - Feature Request: Device Details tabs need "Zone" field
LUM-881 - Custom attribute listed twice on Group menu after a 24-hour soak
LUM-896 - Enable multi-selection and checkbox selection for table widgets that contain device results
LUM-897 - Dialog to add new custom attributes to selected device rows
LUM-898 - Add API call to add multiple custom attributes to a list of devices
LUM-899 - Dialog to edit/delete custom attributes from a single device
LUM-900 - Add API call to delete custom attributes from a device
LUM-901 - Device Details: split Attributes into System and Custom
LUM-903 - New saved queries to search for devices by custom attribute name/value
LUM-1016 - Multi-select device menu routing to device details
LUM-1018 - Multi-select device menu support on Alternate IPs and Wildcard Search Results
LUM-1045 - MAC Reject list (was NX-OS devices report 0:0:0:0:0:0 MAC addresses for non-existent IPs)
LUM-1095 - Device Details - internal refactoring for better behavior, performance and maintainability
LUM-1265 - Correct Mac OS X related patterns
LUM-1271 - zone.device_values not being populated with profile information
LUM-1358 - Improve security of WMI credentials via mount namespaces
LUM-1391 - Relicensing a community CC should remove telemetry RPM and cron job
LUM-1417 - Allow HttpScanner to use weaker ciphers (if possible)
LUM-1419 - Add CLI command to enable/disable 'client ipc signing' in samba for Active Directory authentication
LUM-1447 - Edit/Delete custom attributes' pop-up window shows "<IP> doesn't have any custom attributes".
LUM-1449 - Save IPC signing value in AD config file
LUM-1462 - Should not need to configure email to schedule report
LUM-1463 - Custom Attributes fit and finish: validation and IE CSS improvements
LUM-1464 - Customer Feature Request: Allow user option to Increase ESI/Spectre Session Timeout
LUM-1465 - Queries for few Real time reports should be modified to include device_id to enable custom attribute functionality
LUM-1469 - Device Details: Custom Attributes should show configured CIDR value
LUM-1476 - Add reload button to Device Details tab
LUM-1478 - Device Details: reload tab on re-drill
LUM-1483 - Create dashboard for AWS
LUM-1484 - Create dashboard for Azure
LUM-1488 - Refactor CloudVisibilty Config & Credentials to allow user to select a cloud provider (AWS)
LUM-1489 - Create dashboard for Unified Cloud Visibility
LUM-1493 - Add Azure and Unified CloudVisibility Assets to Map
LUM-1494 - Add CloudVisilbity Azure to system.feed
LUM-1507 - Migrate feed (integrations) configuration improvements to all screens
LUM-1510 - Modify APIs for get/set/delete Cloud Credentials
LUM-1511 - Add Azure Credential Configuration to Cloud Visibility
LUM-1522 - Add queries to support AWS dashboard
LUM-1542 - Meraki: We appear to be losing a large number of IP/mac pairs derived from api.clients call for L2 switches
LUM-1560 - Develop test scripts to test Add, edit, delete Custom Attributes from Reports Screen
LUM-1561 - Develop test scripts to test Add, edit, delete Custom Attributes from Device Details Screen
LUM-1569 - Modify AWS Audit Implementation With New Parameters
LUM-1570 - Device Details changes to support Azure
LUM-1601 - Use "i-" as a prefix for all instance wildcard searches, even Azure
LUM-1606 - Performance requirement for Cloud Visibility in 335
LUM-1612 - Develop test scripts to Add Custom Attributes to Multiple devices from UI
LUM-1613 - Develop test scripts to verify Custom attributes in Advanced Queries from UI
LUM-1614 - Develop test scripts to Add more than 50 Custom attributes to device from UI
LUM-1630 - Create queries for Sacumen integration
LUM-1632 - Reporting module hardcodes need for admin user
LUM-1665 - STIGS Q1 2020 - apache 2.4 V1R3 STIGs update has 9 STIGs changed.
LUM-1740 - Add more networking information to gather_diagnostics
LUM-1798 - Add feed table in x15 schema