Page tree
Skip to end of metadata
Go to start of metadata

FireMon is pleased to release the Lumeta Enterprise Edition 4.1 upgrade for general availability. This release introduces the Lumeta data warehouse, a new component that will become intrinsic to the Lumeta system as soon as you install it. The Lumeta data warehouse manages data while providing system longevity. Development of the Lumeta data warehouse has been a long-term engineering effort that expresses the team's commitment to providing you with industry-leading data services for the long term. 

Lumeta Enterprise Edition 4.1

The Lumeta 4.1 upgrade file bundle is now available on the Downloads page of the FireMon User Center. This upgrade package upgrades the 4.0 version of the Lumeta Enterprise Command Center and Enterprise Scout.

Lumeta 4.1 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility.

For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.1

Backward Compatibility

We always recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Lumeta 4.1 systems are backward-compatible with 4.0 installations. This means that Enterprise Scout 4.0 is compatible with the 4.1 version of the Command Center. 

ServiceNow

FireMon Lumeta is now available in the SeviceNow marketplace. See our certified listing in the ServiceNow Store. Just search for "FireMon" or "Lumeta" to get started. See ServiceNow (SNOW) Integration for an overview, integration guide, and technical information on its design. 

The UI and UX Enhancements

  1. Support Tools - The Support Tools and documentation about them have been updated throughout and to display better in Internet Explorer browser. See the Settings > Support Tools menu on your Lumeta system or go to Support Tools for details on the changes. 
    1. Download Database (-d) and Spool (-c) Files
      1. In Settings > Support Tools, the Download Log Bundle option now enables you to download the most frequently used log files from the browser interface, in addition to downloading the heap dump, which functionality was already present. You can select the types of log files you want to download. CLI and API commands for this support bundle are also available. See Essential CLI Procedures and Lumeta API Calls for the syntax. 
  2. Settings -  The Admin > Settings menu, which contains the user profile, has been brought into alignment with the new Lumeta data warehouse. See User Profile for documentation. 
  3. Table -  Table options and nomenclature have also been updated to reflect the data warehouse. See About Tables & Table Data for documentation. 
  4. Map Legend Update
    Now you can drag-n-drop the map legend to any location on the map pane from the "hamburger" icon. 

Data Expiration

The frequency of the time-to-expire-data job has been changed from 15 minutes to 2 hours, which pertains to SNMP aliases, WMI aliases, certificates, and routes. 

Saved Query Enhancement

A REST endpoint was added to provide input to saved queries. 

Example:

curl --location --header 'Content-Type: application/json' --request POST 'https://SERVERNAME/api/rest/report/savedQuery?fmt=json&queryName=query_test'--data-raw '[{"@class":"listfilter","columnName":"ip", "filters" : ["'\''172.18.1.1'\''"]}]'

Technical Notes

  1. You may see the following error while upgrading to Lumeta 4.1. This caused when an entry for the iftable_id is orphaned in the response_decision table.

    ERROR: ERROR: update or delete on table "iftable" violates foreign key constraint "fk_rspdscn_iftable_id" on table "response_decision"
    Detail: Key (id)=(38728) is still referenced from table "response_decision".

    The upgrade will nevertheless complete successfully and the CLI will be available. To resolve the problem, run this CLI command to delete the iftable orphans:

    support db orphans delete


  2. Custom queries, dashboards and reports do not carry through to the Lumeta 4.1 release. Before upgrading to 4.1, export the DDL of any you want to save. Contact us to extract the custom elements from your DDL file, edit them for compatibility with Lumeta 4.1, and return them to you for importing. See Exporting to Data Definition Language (DDL) and Importing Dashboards, Reports & DDLs for procedures. 

  3. Lumeta 4.1 backups can be generated only via the CLI and restored only to a system with the same release number (e.g., Lumeta 4.1). 

Security Updates & STIG 

Lumeta 4.1 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. A list of CVEs resolved in this 4.1 release will be made available at or soon after the GA release. 

Database Schema

The 4.1.0.0 database schema, which shows a visual representation of the Lumeta database, will be made available here post-GA.

 

WADL Viewer

The SWADLed WADL is our swagger-styled WADL documentation viewer. It comes from an auto-generated WADL that has been converted into human-readable documentation. The 4.1 WADL is available now:

 

Change Log

Updated 12/17/2020

Bug

LUM-1432 - Device details=>Firemon Assets tab: 'Null' values are showing for Data collector Id

LUM-2081 - Lumeta CloudVisibility Page: Attempting to delete server name navigates user to another screen

LUM-2321 - Error message when executing "support bash" in CLI

LUM-2322 - Qualys with network mapping. If you navigate away from Integrations screen, when you go back default Network IDs is displayed

LUM-2335 - Replace chkconfig call with systemd equivalent in gather_diagnostics

LUM-2341 - Firemon, Rapid7, Carbon Black and AWS-Finding integration feed ingestion is failing

LUM-2342 - SNMP services is disabled when attempting to snmpget OID 1.3.6.1.4.1.48995.1.1

LUM-2348 - Qualys: Unable to add any further Asset groups into Qualys After successfully creating two network mapped zone in qualys

LUM-2349 - backup restore of 4.1 backup is missing plpython3u language and other related issues

LUM-2351 - After Initial Creation of Asset Group; no further newly discovered IPs found by Lumeta are pushed to Qualys Asset Group

LUM-2363 - Warehouse - Discovery Data Metrics dashboard is showing sql error

LUM-2372 - Selecting a node on map shows everything as Unidentified

LUM-2379 - IP Utilization Widget throwing SQL error

LUM-2380 - AWS CloudVisibility AND CloudVisibility Dashboards are not showing any data because of SQL error

LUM-2382 - Heap Stats By Time throws an Integer Out of Range Exception

LUM-2383 - Multiple errors in various widgets in the Risk Summary Dashboard

LUM-2386 - Bluecat not showing data

LUM-2387 - Warehouse - Breach Detection - iDefense dashboard is not showing data

LUM-2388 - Warehouse - Carbon Black Management dashboard is not showing

LUM-2390 - Warehouse -FireMon Risk Analyzer dashboard is not showing data

LUM-2391 - Warehouse -FireMon Security Manager dashboard is not showing data

LUM-2392 - Warehouse - Infoblox Managemen dashboard is not showing data

LUM-2393 - Warehouse - McAfee ePO Management dashboard is not showing data

LUM-2394 - Warehouse - Qualys Management dashboard is not showing data

LUM-2395 - Warehouse - Rapid7 Management dashboard is not showing data

LUM-2396 - Warehouse - RedSeal Management dashboard is not showing data

LUM-2397 - Warehouse - Tenable SecurityCenter Management dashboard is not showing data

LUM-2400 - Duplicate API path

LUM-2401 - rmnfdata (in cron.hourly) processes pile up on a system with over 50% disk utilization at /

LUM-2407 - Emerging open threat does not ingest data

LUM-2409 - reinit postgres with correct locale

LUM-2410 - running a saved query that returns a lot of data fails with error " GC overhead limit exceeded"

LUM-2412 - Clicking on Export in the widget throws an error

LUM-2413 - compare of 4.1 netboot to 4.1 upgrade, 4 rpms are missing in upgrade

LUM-2414 - After upgrade from 4.0 to 4.1 syslog-ng will not start

LUM-2417 - Searching instance id in devicedetails is not giving any data

LUM-2418 - Reports - Vlan host detail query giving sql error

LUM-2420 - lastobserved is not updated for parent/container for previously discovered snmpDetalls response

LUM-2424 - Endpoint Trends - Endpoint Profiled Counts widgets errors out while loading

LUM-2425 - Exporting Metadata is throwing error

LUM-2427 - Warehouse PSQL Pager Not Preserving Query Results

LUM-2430 - Post Install Script: If setting manual configuration and leaving IP address blank the script accepts blank entry

LUM-2431 - Opaque Devices_query/ Opaque Devices Report is returning no rows

LUM-2437 - Creating any user with username container dot is not able to login

LUM-2441 - Could not load device into database. Failed on Interfaces. java.lang.RuntimeException: evaluation error

LUM-2442 - WMI Devices without Specific WMI Service advanced query fails with error

LUM-2445 - Advaced Query 'Expired Certificates and Use Types' fails with error

LUM-2446 - Modify Sacumen queries to use current_timestamp instead of current_timestamp()

LUM-2447 - query of devicemodel is returning different results for 4.1 compared to 4.0.1

LUM-2448 - Self Signed Certificate and SSL Certificates by Signature Type widgets throe SQL error

LUM-2452 - 4.1 Api's give json exception of duplicate key

LUM-2462 - Share query button yields an error

LUM-2464 - Create user with * via CLI yields already-exist error

LUM-2466 - Create users with ')' or ' (' cause a system cli error

LUM-2467 - Ip's unmanaged by lumeta table is showing sql exception when feed files are ingested

LUM-2470 - Query for 'threat feed devices_allzones' table fails with sql error

LUM-2472 - Export each of the dashboard widgets, yields an error.

LUM-2474 - Entering the 'Browse Historical' menu yields an error

LUM-2480 - 4.1 upgrade leaves /etc/init.d/filemonitor and should be removed

LUM-2481 - /etc/init.d/netflow-capture after upgrade to 4.1 still has a start up of filemonitor

LUM-2483 - search for an ip is timing out because of long query response time

LUM-2485 - Spelling issue when Email server is configured successfully

LUM-2489 - Few reports are showing SQL exception in table

LUM-2492 - UI is not accessible in IE 11

LUM-2493 - Fields in the table properties are not displayed for managed views in 4.1 and then are for 4.0

LUM-2500 - Reports - Leaks by Protocol - numbers of records in queryt don't match # in pie chart and table

LUM-2501 - Discovery Statistics By Discovery Types Detail drill down shows mismatched detail

LUM-2502 - Leaks by Direction shows incorrect number after you drill down from the pie chart

LUM-2504 - Notifications by Priority is not showing correct values when you drill down, mismatch bettween pie chart and drill down

LUM-2505 - Pattern Summary Show no available data for profile_sysobjectid, however table shows 1872 entries

LUM-2507 - Threat Flows and Tor Flows Report thows sql error

LUM-2508 - VLAN Host Summary pie chart does not match with VLAN Host details when you drill down

LUM-2509 - VLAN Interface Summary pie chart does not match the drill down response to the query results

LUM-2512 - IE 11 Settings/Support Tools: After running Ping Test and Traceroute Test, display of the results is difficult to see

LUM-2522 - Dashboards -- Autonomous System Summary and Autonomous System Details do not match up

LUM-2523 - Discovered BGP And OSPF Routes Dashboard has mismatched counts beytween pie chart and details

LUM-2529 - DXL configuration doesn't upload cert

LUM-2530 - Notifications By Notification Type report is showing data for unsubscribed notifications

LUM-2531 - Cannot import sample data to a custom table in 4.1 but the same file works in 4.0.

LUM-2534 - Qualys Integration: Default Asset Group LUMETA_ESI_DISCOVERED not being created

LUM-2538 - Errors in RC1 upgrade

LUM-2540 - After table creation, it takes several minutes till data appears, the user should be informed about it

LUM-2541 - LICENSE_VIOLATION and LICENSE_REMINDER notifications are not getting sent

LUM-2543 - Qualys: Lumeta no adding IPs to Asset Group when network Mapping is enabled

LUM-2546 - After uploading an invalid xml parser, table cannot be fixed by edit with valid file

LUM-2553 - Dashboard --> Integrations-->Breach Detection - iDefense --> Zombie Device Details thres exception

LUM-2554 - Table creation preview has rendering issues

LUM-2555 - When skip-header-rows is not '1', data is not presented.

LUM-2556 - XML parser with no fields should not pass a syntax check

LUM-2560 - Breach Detection - iDefense dashboard drill down of Threat Flow Summary By Threat Type widget gets an error

LUM-2562 - Meraki integration giving error 'This product is not configured properly'. for a key that works in 4.0

LUM-2565 - Export Widget Position In Opposite Order

LUM-2571 - Orphaned data is not cleaned up in 4.1 upgrade. Failing with permission denied

LUM-2572 - Drilldown parameters don't always work

LUM-2576 - Extra parser headers are not displayed

LUM-2586 - sql error when trying to view bad_actors_detail_v (view) table

LUM-2588 - The header of menu Spectra systems is not alligned

LUM-2589 - Index Statistics dashboard - Devices By Zone Details export is giving UI error

LUM-2590 - Portal icon file not uploaded

LUM-2591 - X15 backend replacement - Cannot import metadata that starts with whitespace

LUM-2592 - JS error when exporting a sorted data

LUM-2594 - Tables - when number of records reach 1000, the last record is 100 instead of 1000

LUM-2595 - Configuring Azure is throwing error in the logs

LUM-2597 - McAfee EPO Integrations errors on log file

LUM-2608 - Dismatch at Performance Metrics export times

LUM-2614 - Device Profile Detail query has a syntax error

LUM-2615 - Esi_Not_In_Subscribed is returning 0 rows when 4.0 does with the same data.

LUM-2617 - Firemon Integration: Error messages in Log file: Not creating synthetic device in Sec Manager

LUM-2618 - Address Visualization Detail advanced query fails with an error, invalid input syntax for integer: ""

LUM-2620 - Devices by Custom Attribute Name and Value advanced query fails with error.

LUM-2621 - Interfaces_For_Unmanaged_Devices_SM advanced query fails with and error.

LUM-2622 - STIGs verification of RedHat/CentOS STIGs failures

LUM-2623 - DNS Summary and Details dashboard timeout

LUM-2624 - Dashboards Most Recent Notifications. Can we make default the latest notification. Current Defaul is first notification

LUM-2627 - Security tab not showing not showing data for AWS and AZURE

LUM-2629 - Field names are not replaced

LUM-2631 - Configuration of DXL fails. bad interpreter error reported in //var/log/dxl

LUM-2632 - DXL - error publishing events - cannot concatenate 'str' and 'NoneType' objects

LUM-2634 - Security Manager Integration: Error in webapp after enabling Integration Error while processing feed: FireMon

LUM-2635 - Reports --> Autonomous Summary Status Pie Chart drill down does not match

LUM-2637 - Exporting JSON Results With Postgres Native Arrays Fails

LUM-2642 - Previously DXL is enabled, after a reboot it is not started

LUM-2645 - deviceopenports and devicecloseports don't always work

LUM-2646 - Performance Metrics > Average Time to Process Discovery Updates dashboard showing negative values

LUM-2651 - The 'user' variable is not getting replaced in periodic statements

LUM-2653 - File Monitor does not withstand file rewrite gracefully

LUM-2659 - deadlock on startup after upgrade to 4.1.0.0.33756

LUM-2668 - after upgrade to 4.1.0.0.33778 constraint uk_target is missing from the target table some zones

Epic

LUM-861 - Replace X15 with internally-developed engine

LUM-2047 - Support issues for Lumeta 4.1

Story

LUM-506 - PORT_ACTIVITY Notifications with further refinement....

LUM-1269 - Increase period between data expiration

LUM-1518 - X15 backend replacement - Infrastructure: Phase I

LUM-1544 - X15 backend replacement - Sanity-test the query framework

LUM-1545 - X15 backend replacement - Implement basic ingestion/ETL configuration logic

LUM-1546 - X15 backend replacement - Implement basic ingestion/ETL execution logic

LUM-1547 - X15 backend replacement - Implement basic Dashboard configuration

LUM-1548 - X15 backend replacement - Implement basic Dashboard retrieval

LUM-1549 - X15 backend replacement - Implement basic query storage

LUM-1550 - X15 backend replacement - Implement query execution

LUM-1551 - X15 backend replacement - Resolve any login issues

LUM-2013 - X15 backend replacement - Support for additional parser spec formats (csv, any other delimited, xml)

LUM-2014 - X15 backend replacement - Process ingested data through DTL expression syntax

LUM-2050 - X15 backend replacement - Support data ingestion via PUT request

LUM-2051 - X15 backend replacement - Support data ingestion via COPY command

LUM-2072 - X15 backend replacement - Support X15-specific SQL extensions

LUM-2073 - X15 backend replacement - Support the remainder of the DDL expressions

LUM-2086 - X15 backend replacement - Build and deploy (netboot) Warehouse

LUM-2101 - Use systemctl commands if possible

LUM-2116 - X15 backend replacement - Add syslog-ng support

LUM-2117 - X15 backend replacement - Add logrotate support

LUM-2118 - X15 backend replacement - Add API/CLI support for process management and status

LUM-2129 - Enable heap dumps to /var/tmp and clean up /var/tmp

LUM-2157 - X15 backend replacement - Update backup/restore scripts to refer to warehouse instead of X15

LUM-2158 - Provide a method to supply a large number of IPs to a saved query

LUM-2166 - X15 backend replacement - Load all X15 schema DDLs

LUM-2167 - X15 backend replacement - Merge warehouse schemas into the observer database

LUM-2168 - X15 backend replacement - Implement saved query execution

LUM-2169 - X15 backend replacement - Remove X15 before release

LUM-2196 - X15 backend replacement - Implement delete and truncate

LUM-2197 - Lumeta 4.1 - Refrain user from restoring backup from prior version

LUM-2211 - Qualys flagging Lumeta QID 11827 missing HTTP Security Header

LUM-2238 - Feature request allow for database and spool file to be gathered vi the UI download log bundle

LUM-2253 - Look into feasibility of converting x15 sql extension nest/outer nest to standard sql

LUM-2257 - X15 backend replacement - Create a migration plan for X15 data

LUM-2274 - Analyze the UI changes that need to be made to move away from x15

LUM-2285 - update gather_diagnostics to remove x15 and add warehouse

LUM-2302 - Add JSON Path functions to postgresql

LUM-2303 - X15 backend replacement - Support external tables as aliases

LUM-2312 - X15 backend replacement - Higher-order functions (map, filter, foldl)

LUM-2313 - X15 backend replacement - Support periodic statements

LUM-2314 - X15 backend replacement - Support system DDL import

LUM-2317 - X15 backend replacement - Configure filemonitor functionality

LUM-2328 - Make UI changes to related to Table

LUM-2329 - Make UI changes to related to Settings

LUM-2330 - feature request: Stale CloudVisibility still exists in customer's data, need to remove it

LUM-2331 - Make UI changes in Support Tools - Remove Data Controller

LUM-2333 - Fix issues in ingestion code for Qualys and Tenable

LUM-2334 - X15 backend replacement - Support bind variables and "with scalar"

LUM-2336 - Add option to collect heap dumps in log bundle

LUM-2346 - Allow left join and UNION on tables that don't yet exist

LUM-2347 - X15 backend replacement - Support macro expansion

LUM-2352 - Make UI changes in Support Tools - Change Spectre Text

LUM-2353 - Convert Support Tools Menu Items

LUM-2354 - Cleanup support tool pages

LUM-2355 - Change devicemodel and devicemodel_allzones to select Devices only

LUM-2364 - If zone id 1 is not present, reports don't work unless you select a zone from zone selector

LUM-2365 - Counts for VLAN Host Summary and details don't match

LUM-2367 - Remove Certify filter from Queries

LUM-2368 - Add functionality to change log levels for warehouse

LUM-2370 - Map UX update: colors, fonts, borders on regular/cloud map

LUM-2371 - Map UX update: new legend

LUM-2373 - Move postgresql superuser script from lumeta-api (and lumeta-webapp) to lumeta_init

LUM-2374 - Map - Highlight by VLAN query doesn't work

LUM-2375 - Remove backup option from post-install wizard

LUM-2376 - Change "Spectre Systems" to "Lumeta Systems"

LUM-2378 - Customer issue - ConcurrentModificationException exception in discovery agent

LUM-2404 - X15 backend replacement - Support system DDL export

LUM-2419 - X15 backend replacement - Full support of datatype casts in ingested data

LUM-2421 - X15 backend replacement - Table sorting doesn't work and the Info button doesn't work

LUM-2423 - Seeing locking conditions on ingestion

LUM-2428 - X15 backend replacement - Invalid IPv6 address format in "tor" table

LUM-2451 - Implement changes to support Report Scheduler

LUM-2459 - Wrong cli error prompt when username is invalid

LUM-2468 - STIG 4.1 release

LUM-2487 - Add missing RPMs to extras so ISO build can find them

LUM-2537 - Release candidates and release end game

LUM-2564 - System export generates a filename that starts with "X15-export"

LUM-2566 - (X15) Exported file name should be changed

LUM-2568 - X15 backend replacement - Support xcat for command-line ingestion

LUM-2577 - Fix additional places where database "observer" and schema "managed" are showing up on the GUI

LUM-2578 - Change "Spectre Systems" to "Lumeta Systems" in the menu and fix "Spectre Version"

LUM-2579 - Warehouse swagger requests should go down to /api (not /warehouse)

LUM-2654 - Implement exclusive locks on various table operations, especially import

 



 


 

 


  • No labels