Page tree
Skip to end of metadata
Go to start of metadata

FireMon has released Lumeta Enterprise Edition 3.3.5 for general availability! This software release provides three major new features and a variety of enhancements, which are highlighted on this page. This release is recommended for all Lumeta Enterprise Edition users.

Lumeta Enterprise Edition 3.3.5
Upgrade PathUser Center DownloadUpgrade MethodUpgrade Procedure

FROM release

TO release . . .

About the Package & Validation CodeGUI


Lumeta Enterprise Command Center or 3.3.4

Lumeta Enterprise
Command Center 3.3.5

Available now on the Downloads page of the FireMon User Center

The spectre_update- package upgrades the Lumeta
Enterprise Command Center, Enterprise Scout, and Portal. FireMon recommends upgrading all of these to version 3.3.5

This 3.3.5 package is compatible with
Lumeta Cloud Scout 1.1 for AWS and Azure


See Upgrading to Lumeta Enterprise Edition 3.3.5 for the procedure.

Lumeta Enterprise Scout or 3.3.4

Lumeta Enterprise

Lumeta Enterprise Portal or 3.3.4

Lumeta Enterprise
Portal 3.3.5

Lumeta Cloud Scout 1.1   (release
Full Deployment Only (no upgrade path)SourceDeployment PlatformDeployment Procedure

Lumeta Component


Free Community Edition Download

Free Trial for FireMon Security Manager CustomersEnterprise VersionAWS


Lumeta AWS Cloud ScoutAMI Cloud Scout ami-0da85150b9863f7fe

Download from AWS Marketplace


QuickStart for Hybrid Visibility

Lumeta Azure Cloud ScoutVHD

Lumeta Cloud Scout cloudscout-image-1585471486

Request now from

Available soon in the FireMon User Center > Downloads page

Also available soon in theAzure Marketplace:


Azure Deployment

Backward Compatibility

Older Enterprise Scouts are not compatible with 3.3.5 Command Centers and must be upgraded to the 3.3.5 version. 

Lumeta on Azure Cloud

This release opens up the world of Azure! Now, a single Lumeta Command Center can connect to both an AWS Cloud Scout and an Azure Cloud Scout, enabling your organization to understand its exposure to risk across a hybrid cloud environment that includes Azure and AWS cloud assets.

Azure Configuration Enhancements:

From the Settings > CloudVisibility > Configuration tab, you can opt for CloudVisibility––the capability to see and understand the assets and connectivity within a cloud-based network–– from AWS, Azure, or both.

From the CloudVisibility Configuration tab, you can connect your Lumeta Command Center to Cloud Scouts located in Microsoft Azure and Amazon AWS clouds. 

The Credentials tab now accepts Azure credentials, in addition to the AWS credentials that were already supported in Lumeta release 

Dashboard Enhancements including Azure support:

The Lumeta CloudVisibility dashboards have been updated to showcase Lumeta advancements in cloud visibility and cloud risk management. Dashboard pages for AWS CloudVisibility, Azure CloudVisibility, and the two combined (i.e., CloudVisibility) have been added to your Lumeta system. Each provides the following information:   

Widget NameDescription
Cloud Security Group Risk

Displays the number of unique policy group violations in the Security Group Risk column. The total may represent one violation of multiple rules, or multiple violations of a single rule.

Additionally shows cloud instance identifiers––Provider, Account ID, Instance ID, Public IP Address, Public MAC Address, and DNS Name.

Cloud Inbound Path

The number of ingress paths from the internet to each cloud instance. If there are more paths present than what's allowed in your environment, remediation is in order.

Cloud Outbound Path

Shows the number of egress paths from each cloud instance to the internet.

Outbound Paths by Device TypeExit paths to the internet. The device type is often listed as "igw" for internet gateway. This is a logical connection between a VPC and the Internet.
Inbound Paths by Device TypeEntrance paths from the internet. The device type is often listed as "igw" for internet gateway.
Instance Inventory

A complete set of cloud instance identifiers––Provider, Account ID, Instance ID, Public IP Address, Public MAC Address, and DNS Name. Also Region, VPC ID, VPC Name, Security Group Risk, Security Group ID. Finally, who to contact if there's a issue with the instance––the Owner, Purpose, and Contact

Vibrant new widgets showing inbound and outbound leak paths by instance.

For more, see the Azure CloudVisibility Dashboard page.

Map Enhancements

The Lumeta CloudVisibility map presents both Azure and AWS findings. These can be sorted by provider (AWS or AZURE), region, account, and VPC ID. 

For the procedure to deploy a Lumeta Command Center or Cloud Scout to Azure, go to Azure Deployment.

Splunk Integration

With this release, Lumeta now has a certified integration with SplunkThe Lumeta application supports Splunk dashboards and visualizations by providing Lumeta-discovered network data via syslog and REST APIs. The integration is available for download in the Splunk marketplace

Interested in pushing Lumeta data and syslog notifications to Splunk? Here is the process to set up this new integration:

  1. Set up Splunk on your Lumeta Command Center
  2. Install a connector on your Splunk server

Check out the results!

  1. Search Results in Splunk
  2. Lumeta Dashboards in Splunk

Configurable Browser Session Timeout

For those customers who have requested an adjustable session timeout for Lumeta, it's here!  

To view and set session timeout in the Lumeta CLI, input the command:

system timeout [ minutes ]

Without an argument, the command displays the session timeout time in minutes. The default session timeout is 240 minutes (4 hours).
With a positive integer argument, the command sets a new timeout value.

Enhanced Custom Attributes

To learn about the custom attribute enhancements provided in this release, watch this demo.


For the best playback quality in YouTube, choose the "HD" option in quality playback (Settings > Quality > HD).

Summary of Custom Attribute Enhancements

You can add, edit, or delete custom attributes within Device Details in the new Attributes > Custom dropdown. 

Or, from any list of devices, you can Select All or select a subset, then add, edit, or delete custom attributes as needed. 

For more on system and custom attributes, refer to these pages . . .

  1. Device Attributes
  2. Adding & Managing Custom Attributes
  3. Overwriting vs. Appending Custom Attributes
  4. Adding & Managing Custom Attributes

Technical Notes

Case IDDescription

Licensing Total Accounts

Licenses are limited by number-of-accounts and number-of-instances (Azure + AWS). The counts are cumulative across AWS and Azure (e.g., an 100 account maximum would be reached with 30 AWS accounts + 70 Azure accounts. 

Lumeta license calculations include all unique cloud accounts including those associated with archived and disabled collectors. Users will not be able to apply a new license to an existing system when the account maximum specified in the license is less than the number of accounts already associated with the system.

Security Updates & STIG 

Lumeta 3.3.5 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. A list of CVEs resolved in this 3.3.5 release is available here.

Database Schema

This Q1 2020 database schema shows a visual representation of the Lumeta database.

WADL Viewer

The SWADLed WADL is our swagger-styled WADL documentation viewer. It comes from an auto-generated WADL that has been converted into human-readable documentation. The 3.3.5 WADL will be made available on or around the date of Lumeta GA release. In the interim, this Lumeta 3.3.4 SWADLed WADL is still current. 

Change Log

Following is the list of issues fixed in preparation for this Lumeta Enterprise Edition 3.3.5 release.


LUM-66 - cloud scout - System is not prompting an error while changing the password of non existing user

LUM-275 - Delete on "certificatepath" violates foreign key constraint on "certificate"

LUM-571 - boot up syslog-ng errors on console, no such files or directory

LUM-668 - re-adding and existing WMI alias via UI fails with an error "Alias already in use. Please try another value."

LUM-687 - Bogus fields in JSON-encoded objects can break parsing

LUM-877 - Dashboard: Switching between chart and table loses selection

LUM-890 - Dynamic Edge Dashboard > Forwarders with Unknown routes widget > query 

LUM-930 - Navigating from Report to Map for Azure/AWS devices does not show the message "The device you selected...." on the map

LUM-1171 - PathHunter can cause out of memory condition when handed large CIDRs

LUM-1261 - Active Directory authentication fails when groupmapped organization contains Space

LUM-1264 - AD-->Groupmapping-->Download--> downloaded CSV file is not showing the Superuser data

LUM-1274 - When AD enable fails with long netbios name the /usr/local/lumeta/.activedirectory file is not removed preventing non-AD user login.

LUM-1275 - Feed setting of 0 for Tenable caused Webapp to fail to start.

LUM-1276 - Enable AD failing at customer

LUM-1302 - CC GUI=>Status of Spectre Components: Page is not responding when selecting service as other than 'All Spectre Services' from drop-down.

LUM-1329 - AD-->groupmapping-->Append- append functionality failed on superuser column data

LUM-1335 - Query results shows "record s" instead of "records" when more than one row is returned

LUM-1336 - Some parent devices are getting associated with children certificates

LUM-1347 - AD-->groupmapping--> append--> failed with organization contains Space

LUM-1351 - Active Directory Configuration is failing at customer site

LUM-1356 - Maps doesn't come up on net-booted 'esi-current' box shows 500 (Server Error) in Console

LUM-1357 - The label 'Spectre' should be replaced with 'Lumeta' in all integration dashboard widgets.

LUM-1371 - CLI-Integrations - (1). 'Server' parameter is missing in Tenable/Rapid7 (2). 'User' parameter is missing in qualys list command results on Auto-netbooted systems (esi-current and esi-maintenance)

LUM-1379 - CC CLI=>Archive collector: Spelling error is displayed=> ERROR: Cannot re-acrhive an already archived collector.

LUM-1392 - Zone to network config mapping checkbox setting goes away from UI on reload if zone name has periods in name (e.g. 172.16.82)

LUM-1395 - We are writing java.lang.NullPointerException in lumeta-webapp.out logs if bluecat feed is enabled but zone network mapping is disabled

LUM-1398 - On disabling integration, page constantly shows processing icon until page is reloaded

LUM-1412 - Security Manager dashboard shows unmanaged devices in the bottom pane

LUM-1414 - Discovery agent didn't restart

LUM-1453 - Can't get list of custom attributes of a device from Real time Reports when device details of an IP of different zone is opened in Devices

LUM-1455 - Device search with custom attribute value containing spaces is considered as multiple searches, and ends in opening multiple tabs for search results

LUM-1456 - Support tools >> System export/import does not restore values of custom attributes

LUM-1461 - Cloud Visiblity using role based authentication shows null values in map

LUM-1471 - AD-->'client ipc signing' is not showing up in View config

LUM-1474 - Adding custom attribute from device details page >> Success message does not show IP address of device

LUM-1477 - Device Details: Interfaces is missing

LUM-1490 - Drilling to device details from Advanced Query result screen fails to preserve zone of device

LUM-1517 - Report "Forwarders with Unknown Routes" is not displayed correctly

LUM-1521 - discovery-agent fails to start at boot time

LUM-1531 - Search->Advanced Queries not displaying result for some nested data points

LUM-1540 - Refactor CloudVisibilty Config & Credentials to allow user to select a cloud provider (Azure)

LUM-1543 - WMI dashboards do not show option to add custom attributes

LUM-1554 - Custom Attributes--> Device Search--> Not all the columns are showing for custom attributes

LUM-1562 - Cloud provider (AWS/Azure) selection drop down UI improvements

LUM-1563 - Custom Attributes-->Reports--> Zombie Devices report --> IP's don't have options for adding and editing custom attributes

LUM-1568 - No indication that login is in progress

LUM-1597 - While deleting AWS basic credentials through api throws 500 error

LUM-1598 - If incorrect aws server name or password are provided 500 error is showing up in network tab

LUM-1599 - 'Allow IP Forwarding' field in device details of an Azure instance does not show correct value

LUM-1600 - 'Connection refused' text is shown twice in error message when connection is refused by cloud scout ip

LUM-1603 - Tenable only ingesting 50 records

LUM-1607 - Discovery agent fails to start in some environments

LUM-1608 - Instance summary report from Cloud Sdk does not include Azure instances created with custom disk or vhd files

LUM-1616 - Added AWS/Azure Credentials are showing when configuration is disabled / Switched Off

LUM-1622 - Risk Assessment dashboard's queries should be updated to use new cloud tables, right now showing error on dashboard as old cloud tables are removed

LUM-1623 - Dashboards >> Instance Inventory >> Securitygroupid field is empty

LUM-1624 - "Add AWS/Azure credentials" page is not properly displayed in IE 11 browser.

LUM-1625 - CC is not displaying data for inspectorhealth and inspectorfindings fields on dashboards and instance details

LUM-1626 - Not recording Leak results

LUM-1627 - CC is not getting audit logs from CloudSDK api, api is returning 403

LUM-1631 - Aws/Azure Risk Parameters screen, Image White List/Image Black List are not getting saved

LUM-1633 - Switching cloud provider from Risk parameters screen gives "Discard the work you started on the form below Y/N?" pop-up even though changes were saved

LUM-1642 - Help text for white/black list in risk parameters for azure should be changed as image id names are different in azure

LUM-1643 - Cloud Visibility >> Risk parameters page doesn't show error when one of the risk parameters is invalid

LUM-1645 - Instance summary data for Azure is empty from Cloud Scout (Cloud SDK performance issue)

LUM-1648 - Data is not coming in security tab for azure instances on instance details page

LUM-1651 - GUI: The "Tables" and "Queries" screens are no longer sortable by column header

LUM-1652 - SecurityGroupID needs to be re-formatted in Spectre Cloudvisiblity UI for Azure

LUM-1654 - Azure instance details do not show all security rules coming under same network security group, shows just the first rule

LUM-1655 - Label AWS and Azure dashboard widget to include provider

LUM-1658 - Azure - include subnetPolicies in security group queries

LUM-1660 - There is no provision to remove active report schedules when a user gets deleted

LUM-1663 - GUI Sessions never marked closed in database

LUM-1672 - Clear orphaned profiledata records as part of Upgrade

LUM-1677 - Unable to login via GUI in latest esi-current systems

LUM-1679 - CLI - 'support service api status' asks for confirmation implying a restart

LUM-1680 - Fix mismatch between netboot and upgrade for x15 ddls as well as Postgres db

LUM-1681 - Risk parameters tab is spinning and timing out sometimes

LUM-1706 - Instance inventory table shows multiple entries for an instance when instance has multiple security group ids

LUM-1707 - Cloud Visibility Config: all required fields should remain required even if the config is disabled

LUM-1708 - Integrations (Other Solutions)are not saved in IE browser.

LUM-1709 - Polling Interval is not configured properly for Open Source Feeds in integrations in IE browser..

LUM-1710 - Default value for Polling Interval is not shown for integrations in IE browser.

LUM-1712 - Add Source and Destination IPv6 columns in Security tab of instance details

LUM-1713 - Enhancement >> Risk Assessment dashboard, cloud tab should have Cloud Provider column like all other tables in Aws/Azure dashboards

LUM-1717 - Azure/AWS configuration, hyphen should be allowed in server name as dns name of cloud scout may have hyphen

LUM-1718 - Audit logs tab of a cloud instance displays oldest 100 events occurred in 30 days instead of most recent 100 events

LUM-1720 - Remove copyright from footer (Update Lumeta Footer to show 2020)

LUM-1723 - CLI - CC ->Manager user - Role list get empty when tried to add duplicate role for user

LUM-1725 - Browse real time reports, for custom reports, "Set as default dashboard" option doesn't show widget it only shows the widget name on homepage

LUM-1726 - Community License--> User is allowed to add more cloud visibility credentials than the license limit

LUM-1727 - Cloud Scanner--> Unable to delete cloud accounts which are having spaces in Cloud Alias

LUM-1732 - Self Signed Certificates Summary report widget record counts doesn't make details click through

LUM-1733 - lastobserved and maclastobserved are not updated for previously discovered layer2 mac addresses in snmpDetalls

LUM-1735 - Browse real time reports, Certificate related reports, Drill down in pie charts reports count mismatch

LUM-1744 - Remove option "Enable continuous queries on this table" from Table->Edit->Advanced options

LUM-1745 - CLI user superuser name ? shows text with privileges spelled incorrectly

LUM-1746 - tweak-route handles ipv6 only interface incorrectly

LUM-1747 - When we remove a CIDR from Zone Known List, the devices under that CIDR still come up as Known Devices

LUM-1752 - UI Tables/Reports there is a Settings/Search Limit that is not being honored

LUM-1753 - Remove device id and duplicate ip address column from tables on firemon management dashboards

LUM-1754 - Cannot configure McAfee DXL configuration it sits and spins, works in 334

LUM-1755 - Public internet inbound/outbound data points are coming empty from latest cloud scout(1.20200303.093345)

LUM-1756 - Viewer role is able to edit Users

LUM-1759 - Community Edition --> Report Schedule should not be accessible when CC is installed with community license from Marketplace & Firemon website

LUM-1760 - Correct the typo of "Lumeta CloudVisiblity" in dashboard menu

LUM-1767 - Unable to see "Asset Mapping by zone" option in Rapid7 Configuration screen.

LUM-1772 - Meraki Integration >> ui is not updating check boxes of mapped zones

LUM-1777 - Portal -CLI--->Inappropriate error message is displayed when created username with more than 40 characters

LUM-1790 - Unable to load Lumeta CloudVisibility map on 335 RC2(

LUM-1794 - Device details of Azure device ip discovered by Cloud Scanner do not show cloud data when same device gets discovered by Cloud Visibility also

LUM-1800 - Spectre(local) super user cannot login via CLI when AD is enabled and system is under maintenance mode

LUM-1801 - Instance details doesn't show security group risks from all interfaces when instance has multiple interfaces

LUM-1803 - CLI-viewerUser - Throwing 'Internal Server Error' when running 'Zone list Zone1' command to view the properties of particular zone

LUM-1814 - Device Profile Patterns >> Existing custom device patterns are getting overwritten even on selecting replace no option on import

LUM-1815 - update_iface_db works incorrectly on v6 only interface

LUM-1817 - nessus scan of 3.3.5 RC2 show high level vulnerabilities

LUM-1822 - CC is not forwarding some types of CEF notifications to Splunk Server e.g. zone/collector updates

LUM-1823 - GUI allows user to upgrade/re-license after session timeout

LUM-1824 - BGP via IPv6 with password auth fails

LUM-1829 - X15 metada comparison fails in netboot and upgrade pp Build 335.30326

LUM-1841 - Can't switch to Default CA using command 'certificate ca remove' after installing custom CA

LUM-1846 - zookeeper occasionally doesn't start on boot up -- upgrade to

LUM-1848 - Cloud Scanner is not able to fetch virtual machines from azure lumeta subscription ed69b797-ef18-49db-ac5b-d19ae3fa796f

LUM-1866 - Sacumen splunk plugin >> 'Cloud devices' widget is not displaying securitygroup id of cloud instances

LUM-1891 - BGP Failure processing MP_REACH_NLRI attribute

LUM-1908 - Investigate increase in processing time for hostDiscovery in 3.3.5 RC3


LUM403  - Add Azure / Modify AWS CloudVisibility

LUM446  - Expand Custom Attribute Functionality

LUM1280 - Refactor AWS CloudVisibility

LUM1639 - Splunk Integration


LUM-461 - SPIKE: Azure Support for CloudVisibility

LUM-479 - Customization of WF for /etc/syslog-ng/syslog-ng.conf needs to be preserved on upgrades

LUM-619 - Remove top level license install - CLI Two license install commands: 2 paths (1) system license install (2) certificate spectre install

LUM-628 - Remove columns from device_values that are not being used.

LUM-629 - Add dependency check support into the Upgrade framework

LUM-875 - Feature Request:  Device Details tabs need "Zone" field

LUM-881 - Custom attribute listed twice on Group menu after a 24-hour soak

LUM-896 - Enable multi-selection and checkbox selection for table widgets that contain device results

LUM-897 - Dialog to add new custom attributes to selected device rows

LUM-898 - Add API call to add multiple custom attributes to a list of devices

LUM-899 - Dialog to edit/delete custom attributes from a single device

LUM-900 - Add API call to delete custom attributes from a device

LUM-901 - Device Details: split Attributes into System and Custom

LUM-903 - New saved queries to search for devices by custom attribute name/value

LUM-1016 - Multi-select device menu routing to device details

LUM-1018 - Multi-select device menu support on Alternate IPs and Wildcard Search Results

LUM-1045 - MAC Reject list (was NX-OS devices report 0:0:0:0:0:0 MAC addresses for non-existent IPs)

LUM-1095 - Device Details - internal refactoring for better behavior, performance and maintainability

LUM-1265 - Correct Mac OS X related patterns

LUM-1271 - zone.device_values not being populated with profile information

LUM-1358 - Improve security of WMI credentials via mount namespaces

LUM-1391 - Relicensing a community CC should remove telemetry RPM and cron job

LUM-1417 - Allow HttpScanner to use weaker ciphers (if possible)

LUM-1419 - Add CLI command to enable/disable 'client ipc signing' in samba for Active Directory authentication

LUM-1447 - Edit/Delete custom attributes' pop-up window shows "<IP> doesn't have any custom attributes". 

LUM-1449 - Save IPC signing value in AD config file

LUM-1462 - Should not need to configure email to schedule report

LUM-1463 - Custom Attributes fit and finish: validation and IE CSS improvements

LUM-1464 - Customer Feature Request: Allow user option to Increase ESI/Spectre Session Timeout

LUM-1465 - Queries for few Real time reports should be modified to include device_id to enable custom attribute functionality

LUM-1469 - Device Details: Custom Attributes should show configured CIDR value

LUM-1476 - Add reload button to Device Details tab

LUM-1478 - Device Details: reload tab on re-drill

LUM-1483 - Create dashboard for AWS

LUM-1484 - Create dashboard for Azure

LUM-1488 - Refactor CloudVisibilty Config & Credentials to allow user to select a cloud provider (AWS)

LUM-1489 - Create dashboard for Unified Cloud Visibility

LUM-1493 - Add Azure and Unified CloudVisibility Assets to Map

LUM-1494 - Add CloudVisilbity Azure to system.feed

LUM-1507 - Migrate feed (integrations) configuration improvements to all screens

LUM-1510 - Modify APIs for get/set/delete Cloud Credentials

LUM-1511 - Add Azure Credential Configuration to Cloud Visibility

LUM-1522 - Add queries to support AWS dashboard

LUM-1541 - Meraki: Change raw data source for from to api.switchPort.number

LUM-1542 - Meraki: We appear to be losing a large number of IP/mac pairs derived from api.clients call for L2 switches

LUM-1560 - Develop test scripts to test Add, edit, delete Custom Attributes from Reports Screen

LUM-1561 - Develop test scripts to test Add, edit, delete Custom Attributes from Device Details Screen

LUM-1569 - Modify AWS Audit Implementation With New Parameters

LUM-1570 - Device Details changes to support Azure

LUM-1601 - Use "i-" as a prefix for all instance wildcard searches, even Azure

LUM-1606 - Performance requirement for Cloud Visibility in 335

LUM-1612 - Develop test scripts to Add Custom Attributes to Multiple devices from UI

LUM-1613 - Develop test scripts to verify Custom attributes in Advanced Queries from UI

LUM-1614 - Develop test scripts to Add more than 50 Custom attributes to device from UI

LUM-1630 - Create queries for Sacumen integration

LUM-1632 - Reporting module hardcodes need for admin user

LUM-1665 - STIGS Q1 2020 - apache 2.4 V1R3 STIGs update has 9 STIGs changed.

LUM-1740 - Add more networking information to gather_diagnostics

LUM-1798 - Add feed table in x15 schema


  • No labels