Page tree
Skip to end of metadata
Go to start of metadata

FireMon is pleased to release Lumeta Enterprise Edition 4.0 for general availability. This release is required for all Lumeta Enterprise Edition users.

Lumeta Enterprise Edition 4.0

The Lumeta 4.0 upgrade file bundle is now available on the Downloads page of the FireMon User Center. This upgrade package upgrades all versions of the Lumeta Enterprise Command Center, and Enterprise Scout.

Lumeta 4.0 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility.

FireMon offers enhanced support for all 4.0 upgrades. To schedule a service request for your upgrade, send an email message to us at support@lumeta.zendesk.com.

For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.0.

Backward Compatibility

Given the nature of this release and the many changes that have been made, Lumeta 4.0 systems are not backward-compatible with previous versions of Lumeta installs. This means that 3.X versions of Enterprise Scouts are not backward compatible with the 4.0 version of the Command Center.

New & Enhanced Features

This major release offers several upgraded components, chief among which are the CentOS 7.7 operating system (upgraded from CentOS 6.7) and a new partitioning scheme that is STIG compliant.

New Partition Scheme

Lumeta 4.0 provides a new partition scheme that makes the platform compliant with the Red Hat Enterprise Linux 7 Security Technical Implementation Guide STIGIDs: SV-72059, V-72061, V-72063, V-72065. This partition scheme separates the boot and data partitions. It also reserves space for emergency recovery operations.

The Logical Volume Management (LVM) Virtual Groups (VG) are as follows:

  • swap: An area that allows Linux to utilize as virtual memory when memory pressure increases or as an opportunist place to create more free RAM space (per the --recommended flag, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-disk-partitioning-setup-x86#sect-recommended-partitioning-scheme-x86 ).
  • /home: Small space to store files for individual users (2% of vg_sys, mounted nosuid to comply with V-72041)
  • /var/log/audit: Location for the Linux Audit Framework to store data. These logs show who did what and when. While this is technically a log, STIGs specify that the audit log must be in it's own space (2% of vg_sys).
  • /var: A place for persistent data to be stored for applications such as the Lumeta database. Also, logs are stored in this location (70% of vg_sys).
  • /tmp: A space for temporary files to be stored. Lumeta does not currently clean this (2% of vg_sys).
  • : The root of the file system. This is the top level directory for all other files (10% of vg_sys).

Configurable Data Expiration

Before this 4.0 release, non-system attributes and non-user-defined attributes were aged-out after two days of their associated device not receiving a response. Customers had requested that this variable be made user-configurable so that they could retain the attribute values for a longer period of time, and we've done so.

With this 4.0 release, you can now configure the expiration cadence from either the Command Center CLI or via the Lumeta API using these commands:

API
GET api/rest/management/system/expiredatainterval
PUT api/rest/management/system/expiredatainterval?minutes=N

CLI
command is "system expire-data-interval [ minutes ]"
Display current setting by leaving off minutes. Set the value by including minutes.

ServiceNow Integration

Lumeta now has a certified plug-in in the ServiceNow marketplace. FireMon's integration with ServiceNow brings API communication between Lumeta and one of the largest security orchestration, automation and response (SOAR) vendors in the industry. Lumeta highlights missing network data that the ServiceNow "Orlando" platform pulls in via API on a scheduled basis. Or, ServiceNow populates its Configuration Management Database (CMDB) with Lumeta's real-time visibility and device discovery data. 

For information on configuring the integration within ServiceNow, and how to get the ServiceNow plug-in, see ServiceNow(SNOW) Integration.

Scout Discovery Results Resilience

This feature ensures that when the discovery process restarts on an Enterprise Scout, Lumeta retries targets that were in progress during the restart. For example, if Host discovery were interrupted on a target of 10.0.0.0/8, which covers more than 16 million addresses and takes a while, Lumeta would scan that target again. 

Device Behavior Changes

Devices respond differently depending on how they have been consolidated. When a network device is consolidated and the reference IP or “parent” IP is selected to represent the device, the responsiveness of the device may be impacted. For this release, we've examined whether an incoming response should be associated with a known (already-discovered) device or a newly discovered device. This analysis yielded a new algorithm that has been implemented. It allows device decisions to be made with a high level of confidence and with significant improvements in efficiency. See Selecting & Processing a Reference ID for more.

Splunk Integration

Lumeta has a certified plug-in in the Splunk app store. After installing this plug-in, you'll be able to use the Lumeta API to populating Splunk application with Lumeta security intelligence. See these pages to learn how to configure the integration in Lumeta and in Splunk, and where you'll find the results:

Forward DNS Lookups

A device on your network with an IPv4 address and hostname can now report its related IPv6 address to Lumeta (and vice versa). Two devices sharing the same name––one of them with an IPv4 address and the other with IPv6––can both be reported out by Lumeta. You can use the checkboxes to specify which related hosts you want to retrieve (i.e., all related, IPv4-related, IPv6-related, or none). This enables Lumeta to discover and profile more IPv6 hosts.


To support this host acquisition capability, we've added a new option to the Settings > Zones > DNS tab. This "Use host names to find related IP addresses" checkbox will enable you to target a host whose name is associated with multiple IPv4 and IPv6 records and use the discovered host name to retrieve any IPv4 or IPv6 addresses associated with that name.

If, for example, you were to target the zone collector to 172.18.1.1  and choose "find related" in the DNS configuration, shown below, and use internal DNS server 172.16.53.5, the zone would find not only 172.18.1.1 but also 2600:802:460:425::1 and 172.18.1.254.

For more on the results report, dashboard, and CLI commands, see Reporting: DNS.

BGP IPv6 only interface, router ID

Lumeta requires a 32-bit router ID to establish a connection to a BGP peer and uses the scanning/collector interface's current IPv4 interface to serve in that capacity. This release's enhancement is to provide a near-term process for when the current interface  is not an IPv4 but an IPv6 address.

  1. Use the first available IPv4 address of the scanning interface as the BGP Router ID.  
  2. If there isn't one (like on an IPv6-only interface), use the discoveryagent.bgpRouterId property to make the connection  
  3. Otherwise, use 1.1.1.1

New "Last 24 Hours" Report

Wondering what the Lumeta system has found in the last day or so? This new "All Devices Discovered in the Last 24 Hours" report provides the details. 



IPIPv4 device identifier
MACMac device identifier
IdentityData recipient, such as collector:local:eth0
DNS nameDomain Name Service identifier
ActiveWhether or not the device is responsive
OSOperating system name
Device typeCategory of asset such as router, printer, switch
First observedDate and time stamp indicator
ModelModel number provided by device vendor
VersionRelease number as provided by device vendor
SNMP responderWhether or not the device responded to SNMP protocol
SNMP accessibleWhether or not the device has been detected by SNMP protocol

Set Port on Rapid7 Integration

Lumeta 4.0 brings you the added flexibility to connect Lumeta with your Rapid7 sever using a port number you specify. Or you can stick with the default port 3780. See Rapid7 Integration for more. 

In LumetaIn Rapid7


Qualys Integration Enhancement

You can now opt to selectively push data to Qualys' Lumeta Asset Group.

Configure by:

  1. Mapping zones using Qualys Network IDs,
  2. Selecting the "Asset Mapping by Zone" option, and
  3. Selecting the Lumeta Zones whose assets you want transferred to Qualys.

See Qualys Integration Enhancement for more. 

Database Update

An update to the Lumeta database yielded several improvements:

  1. The findings capacity of Lumeta CloudVisibility scaled up by 65%
  2. A timestamp has been added to Lumeta CloudVisibility findings. 
  3. A delay in the startup of Command Centers has been eliminated
  4. Data tables nested below pie chart reports stay populated after table columns are sorted

Technical Notes

  1. Five views that were created for use with query builder have been streamlined down to the two that apply to all zones: devicemodel and devicemodel_allzones. The three views that apply to a specific zone––devicemodel, devicemodel_zone, and devicemaster––were eliminated.

    Important!

    If you have any saved queries based on the views devicemodel, devicemodel_zone, or devicemaster, please update them to point to either devicemodel or devicemodel_allzones (and sorry for the inconvenience).

  2. If the Lumeta system prompts you to change a password while the Password Controls option is set to "enabled," the new password you set must not have 4 or more repeated or sequential characters in any character class. This is to accommodate new STIG security controls.
    Examples of invalid passwords:
    1. Vanilla3333
    2. Vanilla ####
    3. Vanilla6789
    4. VVVVanilla
    5. Vanilla!!!!
    6. Vanilla....
    If your current password has these characteristics, it will continue to work fine until it reaches the end of its term and expires. Any new password you enter in response to a system prompt will be subject to these new rules.

Known Issue

  1. OS Auditing - In the CLI, enable auditing by entering the system audit enable command twice. By running this command twice, you will generate accurate results and avoid a known issue in which some lines of audit output are missing. 

Security Updates & STIG 

Lumeta 4.0 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. A list of CVEs resolved in this 4.0 release will become available soon. 

Database Schema

This Q3 2020 database schema, generated 7/10/2020, shows a visual representation of the Lumeta database. 

 

WADL Viewer

The SWADLed WADL is our swagger-styled WADL documentation viewer. It comes from an auto-generated WADL that has been converted into human-readable documentation. The 4.0 WADL is available now:


Change Log

Updated 8/17/2020

Epic

LUM-1537 - What is a device?

LUM-1913 - Upgrade CentOS to CentOS 7

LUM-2015 - Lumeta integration with ServiceNow

LUM-2046 - Support issues for Lumeta 4.0

Bug

LUM-386 - CLISH Shell does not handle shell disconnects gracefully

LUM-481 - snmpDetails response with a previously discovery device with a missing parent interface doesn't update child

LUM-482 - snmpDetails response with new interface for an existing parent device causes has device_id and meta flag on update error

LUM-787 - ERROR: device record has device_id and meta flag on update seen at Customer site

LUM-1393 - Get IPs list request is timing out when BAM has 6000+ IPs in one of the network configurations

LUM-1528 - Discrepancies in snmpDetails response

LUM-1750 - (X15) Reports type with Pie Chart after drill down to table widget, sorting removes / decreases the data in grid

LUM-1806 - Runtime exception for cloud visibility accounts

LUM-1845 - (X15) AWS Cloud Scout scale up to 28,000 findings fails with X15 error 'java.lang.IndexOutOfBoundsException: Range -16878512..-16878510 out of legal range 0..33554431

LUM-1857 - Discovery-Agent No Longer Builds

LUM-1862 - Maven Repository Should Use HTTPS Instead of HTTP

LUM-1875 - Device gets processed twice where raw file contains multiple responses for same device

LUM-1930 - Discovery runs out of memory when presented with too many packets

LUM-1984 - Tweak autonetbooter and test scripts to allow 3 and 6hour to work with Lumeta 4.0+

LUM-1986 - Auto-net boot current boxes having issues

LUM-1991 - Netboot target to 'esi-current' systems failing at initialization setup, impacted auto netboot systems

LUM-2010 - esi-current fails to login with default admin password and launch initial setup

LUM-2064 - Error enabling service via /api/rest/service/enable/SNMPD call

LUM-2067 - logrotate email shows trouble with perms of lumeta-webapp

LUM-2070 - tfa netboot error message with pam_securid.so path

LUM-2074 - CentOS7 - Spectre 4.0 - Regression Testing Lumeta CC, Scout and Portal

LUM-2076 - Browse Real-Time Reports-->Device Profile Statistics--> Spell mistake in "Active" Column name of the table, Showing "acrtive" instead of "active"

LUM-2080 - Wrong label in GUI for DNS forwarding settings

LUM-2082 - Feed not getting downloading from Rapid7 server, Json parser error showing in lumeta-webapp.out console

LUM-2084 - CentOS7-->PKI authentication fails in CLI

LUM-2085 - CentOS7-->AD authentication taking more time to login via GUI and CLI

LUM-2088 - Open Session Does Not Check Source Properly

LUM-2090 - Data is not downloaded from tenable server.

LUM-2091 - CentOS7--> Syslog service is not Active/running

LUM-2092 - Remove extraneous "code" from scan agent spec file

LUM-2095 - Data is not populated in Firemon dashboards

LUM-2099 - Add filter for interface.ip

LUM-2100 - CentOS7-->Login Banner functionality failed in CLI

LUM-2122 - Update X15 RPMs to 14.6

LUM-2128 - System startup order is not correct

LUM-2137 - 'support snmp' command is printing line break (^M) characters in output

LUM-2155 - during 4.0 initialization if the user chooses manual network configuration, restore from backup is not asked

LUM-2164 - snmpd is not started after 4.0. upgrade after enabled prior to upgrade

LUM-2177 - System is in maintenance mode after installing Scout license

LUM-2178 - Fix DB Command Error

LUM-2179 - Postgres Restore Fail

LUM-2185 - Do Not Unzip Files Not Being Restored

LUM-2186 - UI session timing out within 5 minutes get 403 not logged in errors

LUM-2189 - running database DDL fails in restore

LUM-2194 - httpd service is not running in a fresh netbooted system

LUM-2200 - Backup file not found

LUM-2202 - restore option is not available in CLI under system you have to type 'top' first to view it.

LUM-2210 - Can't ssh to system (172.18.1.19) after 336 upgrade

LUM-2213 - fips setting is not getting restored

LUM-2215 - after restore and reboot only one eth interface is getting connections

LUM-2217 - We append addresses to /etc/sysconfig/network-scripts/ifcfg-eth<n> rather than replacing

LUM-2220 - Expire response decision data that is over a certain interval old

LUM-2221 - CEF isn't working in fresh netboot system

LUM-2222 - Active directory is disabled in system after restore

LUM-2223 - Device Details is not displaying Open and Closed ports

LUM-2224 - webapp isn't started for latest netboot. no lumeta-webapp.log file to view

LUM-2225 - Not able to configure AD netbios name in upgraded system

LUM-2229 - Sometimes when data is large in cc, backup command exits with error while backup create process is still running in background

LUM-2230 - rpms don't match comparing netboot to IOS boot

LUM-2231 - getting a NullPointerException during snmpDetails process

LUM-2232 - Upgrading pki enabled 3.3.5 scout to 3.3.6 ssh doesn't work

LUM-2233 - Pki enabled cc on 3.3.6 create back fails

LUM-2237 - Connected Scout isn't getting restored, missing from 'Available System' list

LUM-2245 - Error Copying Backup

LUM-2246 - lumeta-webapp.service Job Failing with Exit Code

LUM-2247 - NACK clean up routine removes the iftable_id affecting the updated device processing

LUM-2249 - Cache is not cleaned when the CheckDeadDevices code runs causing sync issues

LUM-2251 - System defined custom attributes aren't populating correct value in Configured CIDR field

LUM-2252 - cron email being sent to root

LUM-2258 - error on login '/etc/profile.d/tmout.sh: line 2: syntax error near unexpected token `fi' /etc/profile.d/tmout.sh: line 2: `fi'

LUM-2259 - X15 Provided Scripts Leaving X15 in Wrong State

LUM-2261 - CloudDiscovery not inserting interfaces

LUM-2262 - password controls remain active after disabling them

LUM-2263 - "system fips disable" doesn't update /etc/sysconfig/lumeta_stigs

LUM-2265 - Devices(child) with reference ip aren't showing custom attributes in device details

LUM-2267 - restore_system is leaving SSLOCSPEnable on commented out in /etc/httpd/conf.d/ssl.conf

LUM-2269 - 'Can't open /home/admin/.esicookies.txt' error on cli login after restore

LUM-2272 - restore is copying /etc/httpd/conf/httpd.conf and reverting change in LUM-2120

LUM-2275 - maclastobserved of container is not set

LUM-2277 - After restore, custom user with sysadmin role and with superuser flag true is not able to see administration commands like 'support', 'user new', 'organization new'

LUM-2280 - ndisc6 rpm should be installed in 4.0 netboot and ISO

LUM-2283 - db alias forces local login despite NOPASSWD sudoer rights (4.0 RC2)

LUM-2288 - Leaks By Direction Report doesn't display the data returned

LUM-2290 - Symlinks in /etc/pam.d are changed to separate files after upgrade to 4.0

LUM-2291 - discrepancies between devicemodel and API getDevices queries

LUM-2294 - 3.3.5 system PKI enabled when upgraded to 4.0 still needs password to login

LUM-2295 - Custom logos are not getting restored

LUM-2296 - Cannot disable CEF remote CEF logging from GUI

LUM-2297 - After backup create is finished system complains about some critical service not running on cli login also doesn't allow GUI login

LUM-2299 - Getting 'Can't open /home/admin/.esicookies.txt' error on cli login after restore is done

Story

LUM-624 - httpd mpm prefork warning in error_log

LUM-1773 - Design and implement the Existing Device Detection (EDD) Functionality

LUM-1774 - Update the current device creation functionality

LUM-1778 - Implement Existing Device Functionality

LUM-1779 - Design and implement a new reference (parent) device strategy and algorithm

LUM-1780 - Update port handling to support the proposed new reference/parent device strategy

LUM-1781 - Update attribute handling to support the proposed new reference/parent device strategy

LUM-1783 - Update device response handling to support the proposed new reference/parent device strategy

LUM-1784 - Update device profiling to support the proposed new reference/parent device strategy

LUM-1785 - Update layer 2 host handling to support the proposed new reference/parent device strategy

LUM-1786 - Update MAC/IP pair handling to support the proposed new reference/parent device strategy

LUM-1787 - Update route handling to support the proposed new reference/parent device strategy

LUM-1788 - Update target query to support the proposed new reference/parent device strategy

LUM-1892 - Ingest SM device packs into Lumeta

LUM-1893 - Remove static references to firemonArtifactId and firemonGroupId to retrieve it from ingested devicepack data

LUM-1915 - Add forward DNS lookups for Host Acquisition

LUM-1921 - Configure syslog-ng to not log to /dev/null (causes SELinux warnings)

LUM-1924 - Remove collectd / carbon etc.

LUM-1932 - Unable to fetch or push data from our plugin to ePO server to version 5.10

LUM-1933 - Test Lumeta CC, Spectre and Portal on Centos 7 in feature branch and find and fix all issues

LUM-1980 - Change calls to service and init.d to systemd

LUM-1981 - Modify stigs script to use systemd

LUM-1989 - Identify and Define CentOS 7 Upgrade Path

LUM-1999 - UI Enhancement for DNS lookup

LUM-2017 - Create Database Backup

LUM-2018 - Generate Upgrade Backup File

LUM-2019 - Add API to Create Backup

LUM-2020 - Add CLI for Migration Backup

LUM-2021 - Upgrade All Packages for Security in Trunk

LUM-2023 - Create Restore Utility

LUM-2025 - Create CLI For Backup Restore

LUM-2028 - reboot does not work

LUM-2034 - pam_cracklib has been replaced by pam_pwquality

LUM-2035 - Create Seperate Partitions for OS and Data

LUM-2036 - Feature Request to Support Rapid7 Integration over other ports besides 3780

LUM-2037 - Update device values to support the proposed new reference/parent device strategy

LUM-2040 - Rework gather_diagnostics to include tools from CentOS 7

LUM-2041 - Delete all parents and children as part of the upgrade

LUM-2049 - Feature Request: Allow user to stop pushing data to Qualys Lumeta Asset group

LUM-2056 - Write 3.3.5.1 to 4.0 upgrade specific tests to cover backup, restore of data with centos 7

LUM-2069 - Service Command Output

LUM-2089 - Restore users into isobooted box from the system backup

LUM-2093 - Restore license into isobooted box from system backup

LUM-2096 - Improve handling of Port scanned devices during low load

LUM-2104 - Scrub the Java and SQL code for parent/child processing using the old parent paradigm

LUM-2109 - Update isoboot build to match netboot

LUM-2115 - add an optional boot item to isoboot menu for small-size partitioning

LUM-2120 - Add the first line of request %r back to the apache logs format

LUM-2121 - Restore network configs in 4.0 upgrade

LUM-2124 - Restore syslog-ng configs

LUM-2126 - Restore iptables/firewall in 4.0

LUM-2127 - Restore snmpd settings in 4.0 upgrade

LUM-2132 - Merge branch esi-3.3.4-LUM-1537 to trunk

LUM-2133 - Restore sshd settings in 4.0

LUM-2134 - Restore ntp and timezone in 4.0

LUM-2135 - Restore PKI settings in 4.0

LUM-2136 - Restore certs for lumeta-dxl and cisco-ise-pxgrid in 4.0

LUM-2138 - Restore proxy settings and httpd settings

LUM-2140 - Restore /etc/sysconfig/lumeta_stigs configuration

LUM-2142 - Restore ospf, bgp and bird configuration files

LUM-2143 - Restore postgresql configs in 4.0

LUM-2145 - Restore users home dir, Active Directory, password-controls

LUM-2148 - Add ddl updates, run normal and new sql cleanup in 4.0

LUM-2149 - httpd ssl.conf SSLOCSPUseRequestNonce on directive unknown

LUM-2150 - There is currently no mechanism to update interface address when a device is deleted

LUM-2152 - Remove vestiges of NMAP from Spectre/Lumeta

LUM-2154 - lumeta-webapp should not start unitl X15-server is up

LUM-2156 - Restore the properties files at /usr/local/lumeta/*/*.properties

LUM-2159 - Ignore hangup signals like sshd timeout in backup and restore

LUM-2160 - Improvements for backup logging

LUM-2162 - Restore failed to drop the db, logs recorded that

LUM-2163 - Restore of x15 failed with not accepting connections yet

LUM-2171 - STIGs for centos 7

LUM-2176 - Update syslog-ng to not log to /dev/null (causes selinux errors)

LUM-2188 - 2 changes must be copied from 3.3.6 to trunk

LUM-2198 - update x15 ddls to look at device_response of children for a container device

LUM-2209 - Release candidate(s) for release 4.0

LUM-2234 - Cannot install an SSH key

LUM-2240 - Change spec of DiscoveredEndpointsCountSnapshot X15 table so customer can ingest exported data

LUM-2260 - upgrade from 4.0 to a higher version

LUM-2268 - There is temporary code in restore_system for pg_hba.conf, remove it.

LUM-2276 - boot into single user mode doesn't accept root password

LUM-2281 - root's password is not restored from the backup, uses netboot password

LUM-2282 - Save and restore password controls

LUM-2284 - improve performance of stigs script to reduce 5 minute wait.

LUM-2298 - Copy changes from netboot kickstart file to isoboot file

LUM-2301 - remove the isoboot "4.0 (small-system)" boot option

 


  • No labels