FireMon is pleased to provide this overview of the features and enhancements in Lumeta Enterprise Edition 4.2., the upgrade to which is recommended but not required for all users.
|Lumeta Enterprise Edition 4.2|
The upgrade file is available now in FireMon User Center > Downloads.
For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.3.
We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Lumeta 22.214.171.124 systems are backward-compatible with 4.0 and 4.1 installations. Enterprise Scouts 126.96.36.199 and 4.1 are compatible with the 4.2 version of the Command Center.
Lumeta 4.2 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility.
New & Enhanced Features
API Support in Swagger
|Lumeta API Swagger|
|Lumeta Warehouse Swagger|
This documentation replaces the SWADLed WADL that we had included with earlier releases.
We are also delighted to introduce LDAP support for user authentication. This enables Active Directory (AD) queries to go directly to LDAP for answers and information without first having to go through an intermediary application (such as Samba). This enhancement enables users to access to their AD domain without having to join to it.
To leverage this capability, you will need to . . .
- Configure your AD server for anonymous access. See Anonymous Access to Active Directory for more.
- Configure Lumeta as an LDAP client. See Configuring LDAP for more.
Security Manager Integrations
Lumeta data is now normalized before reaching Security Manager, increasing the speed at which Security Manager is able to ingest and incorporate Lumeta data.
In addition, we've augmented the data set available to you in reports with the following:
- Lumeta pushes updates to routes and interfaces of firewalls, switches and routers discovered by Lumeta at the frequency specified by users.
To the description text for Lumeta-discovered devices in Security Manager, aka synthetic routers, we've added the DNS and sysname attributes.
In the FireMon tool suite, in the Administration > Device > Routes section, Lumeta populates the Gateway column in Security Manager. This column displays the interface used for the next hop.
When Lumeta identifies a leaking device in your network, it identifies both the NATd address and the exact IP address of a leaking device, facilitating remediation.
- Lumeta introduces the capability to ingest PTR-type and A-type records from InfoBlox, in addition to the Host-type records it was able to ingest in earlier Lumeta versions.
- Lumeta 4.2 is compatible with InfoBlox version 8.5.1-397728 or higher.
To the support tools (Settings > Support Tools), we've added the capability for users of the type "viewer" to run and read information generated by the tools:
- Viewers can see the status of Lumeta components
- Viewers are allowed to run support tools that generate information, including:
- db query
- Viewers cannot start or stop services
- Viewers cannot import or export log bundles or any other system data
SNMP Get and SNMP Walk have been made more useful: Now you can run an SNMP test from the interface designated for a particular IP/CIDR block, including remote interfaces. The new Interface field is shown in the screencap, below.
In similar fashion, the traceroute tool has been updated to allow you to select the interface (e.g., Scout) from which you want to run the test.
Scan Completion Time
Customers like you occasionally ask, "When is it done?" and "How can I tell a scan cycle has completed?" These are difficult questions to answer in an environment of always-on, real-time network discovery. Nevertheless, we endeavored to provide you with more information so you could figure out how best to tune the rescan interval of your configuration––how frequent to make the scan cycles. And specifically, how to optimize the rescan interval by setting the primary and secondary scans to occur as close together as possible without causing a spike in the message-processing queue depth or any performance degradation. To that end, we're introducing the Overall Message Queue Utilization widget and the Message Queue Utilization per Collector report widgets to help. These are located on the Device Response Statistics dashboard.
Support IAB addresses
Newly added macvendor support means you can look up Individual Address Block (IAB) allocation addresses such as:
00:50:C2:22:10:00/36 Getinge IT Solutions ApS
The Individual Address Block is an inactive registry activity that was replaced by the MA-S registry product in 2014. The owners of already-assigned IABs may continue to use the assignment.
- LUM- 2770 Although the Lumeta GUI will import and accept custom attributes with the label of target, the imported attributes do not display in the GUI custom attribute list, making it appear as though the attribute-creation process had failed. In Settings > Tables, check the zone.attribute_cidr table to verify your targets.
We have added audit rules to monitor changes to /tmp and /etc/resolve.conf. Rules are in effect on a freshly installed system, however for upgraded systems, it would require another reboot to have them take effect. Normal operations will not be affected in either case.
- Custom queries, dashboards and reports do not carry through to the Lumeta 4.2 release from the 4.0 release (but do carry through from the 4.1 release). Before upgrading from 4.0 to 4.2 only, export the DDL of any you want to save. Contact us to extract the custom elements from your DDL file, edit them for compatibility with Lumeta 4.2, and return them to you for importing. See Exporting to Data Definition Language (DDL) and Importing Dashboards, Reports & DDLs for procedures.
- Lumeta 4.2 backups can be generated only via the CLI and restored only to a system with the same release number (i.e., Lumeta 4.2).
Security Updates & STIG
Lumeta 4.2 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.2 for a list of CVEs resolved in this Lumeta 4.2 release. CVEs on our radar are also available.
The 4.2 database schema, which shows a visual representation of the Lumeta database, is available now.
Change Log Updated 4/26
LUM-2719 - API to configure LDAP
LUM-2720 - CLI to configure LDAP
LUM-2721 - GUI to configure LDAP
LUM-2727 - Enablers for LDAP configuration
LUM-2737 - UI Work to support traceroute
LUM-2738 - CLI Work to support traceroute
LUM-2739 - UI work to support snmpwalk
LUM-2740 - CLI work to support snmpwalk
LUM-1071 - /var/log/kern file not rotating on our leak scouts
LUM-1152 - /api/rest/management/users returns total=X where X does not represent the current number of users
LUM-2227 - Local leaks showing up as inbound
LUM-2266 - UI license agreement “I Agree” button greyed out; unable to activate license
LUM-2471 - query of devicemodel is slower in 4.1 than 4.0.1
LUM-2607 - When your session is timed out, you should be disconnected immediately.
LUM-2669 - QueryBuilder UI does not generate warehouse compliant sql constructs
LUM-2671 - Warehouse startup can hang if there are too many trace files
LUM-2677 - Add dashboard button not showing up for the manager user.
LUM-2691 - CLONE - Errors on db orphans delete command in CLI
LUM-2702 - Upgrade does not check for adequate disk space
LUM-2705 - Warehouse should preserve duplicate column names during export
LUM-2706 - Table Created In Transactions Appears To Not Be Visible To Other Operations in Same Transaction
LUM-2707 - Getting sysdescr from Palo Alto Firewall but not profiling device
LUM-2708 - Lumeta:FireMon integration not bringing in "next hop" gateway
LUM-2709 - Warehouse can deadlock if the client disconnects mid-transaction
LUM-2711 - Feature Request: Users UI screen , not easily visible for more than 10 users, next page arrow.
LUM-2715 - Warehouse uses old VIEW definition even after updating from the GUI
LUM-2717 - Couchbase RPM installed by upgrade
LUM-2718 - Searching For Word That Is Schema Name to Filter Returns All Results
LUM-2723 - Infoblox | Upgrade | When upgrading to 4.2, Infoblox configuration error occurs
LUM-2724 - Infoblox | Upgrade | When upgrading to 4.2, SQL error with "column ipv6addrs does not exist" error
LUM-2726 - WMI queries and devicemodel_allzones query are not updated with the upgrade from 4.1, but are from 4.0
LUM-2732 - Infoblox Integration: Lumeta appends to the Grid Manager Host count even if the IP address already exists on the Grid Manager
LUM-2736 - Wells concerned over 'uk_device_ipv4' exceptions causing file processing failures each day
LUM-2741 - errors in webapp and discovery-agent logs and scanning not working
LUM-2750 - Add user dialog says Object Object instead of first last name
LUM-2754 - New use not getting password change page
LUM-2755 - Dashboards Integrations: Ips Unmanaged by xxxx: Make the underlying query order by IP ASC so IP Addresses appear at top of dashboard list
LUM-2756 - When the search field in the LDAP configuration screen is left blank. The error message is not descriptive
LUM-2760 - Updating Ui tests as per new changes in modal/dialog boxes
LUM-2764 - Add ntp commands to gather_diagnostics, remove chrony commands
LUM-2765 - upgrade to 188.8.131.52.34355 is failing with dependent package errors
LUM-2766 - Support Tools | Status of Lumeta Components | DXL option missing from Service dropdown
LUM-2767 - Advanced Query WMI Devices by Service Name is returning all services, not just the one submitted
LUM-2769 - Tables | Table Wizard | When adding/editing a table, it does not report an error when uploading data with more columns than fields defined
LUM-2771 - Tables | Table Wizard | When editing a table, there is no "Sample data upload" step
LUM-2772 - Custom audit rules not installed correctly
LUM-2774 - 184.108.40.206.34402 upgrade is missing some rpms that the netboot has
LUM-2775 - Tables | Table Wizard | When uploading a data file larger than 1MB, the login session gets kicked out
LUM-2776 - Tables | Table Wizard | Next button is grayed out on "Sample data upload" step when a file larger than 1MB is uploaded
LUM-2778 - Dashboard WMI Devices without Security Services is showing duplicate entries
LUM-2782 - Upgrade of Scouts is failing from the GUI. No error message is returned to the GUI
LUM-2790 - Dashboards | Widgets | The 3rd "<Some_integration> and Lumeta IPs" widget have missing columns
LUM-2792 - Radius showing successful authentication, but login fails with bad username or password
LUM-2794 - Connecting a scout from CC with CLI or UI is failing. error "ClassNotFoundException: org.eclipse.jetty.io.ByteBufferPool"
LUM-2796 - Bad value displayed for LDAP CLI config
LUM-2806 - Warehouse is not starting after upgrade from 4.0 to 4.2
LUM-2807 - Browse Historical Reports does not show data, date filters don't work
LUM-2824 - Infoblox dashboards show error after upgrade from 4.0 to 4.2
LUM-2826 - Fix Device.estimateSize() to account for routes (causing websocket size errors)
LUM-468 - Clean up packets code in scanning
LUM-1138 - Swagger Integration for api
LUM-1387 - Can we make tcpdump an option in CLI or at least for non-root user
LUM-1881 - Security Manager Integration Improvements
LUM-2625 - Make /usr/local/lumeta/bin/discovery-agent more resilient
LUM-2644 - Do not allow Editing/Deleting of External and Reference tables
LUM-2655 - Active Directory Support using LDAP
LUM-2658 - Slow running queries post 4.1
LUM-2661 - Scan Completion Time
LUM-2664 - Delay the first periodic statement execution by a configurable amount of time
LUM-2682 - It can be confusing why Lumeta Systems -> Available Systems -> Add is disabled
LUM-2689 - Support IAB addresses
LUM-2690 - Support database upgrade for Warehouse
LUM-2700 - Use payload encoded leaking IP instead of received IP for UDP and ICMP leaks
LUM-2701 - Encode leaking IP in payload DNS and SNMP leak
LUM-2733 - Support tools access user level Viewer
LUM-2734 - Please add Interface selection option to SNMP Status and SNMP Walk
LUM-2735 - UKMOD: requests ability to select interface for traceroute test
LUM-2748 - Clean up old data in warehouse.filemon