Page tree
Skip to end of metadata
Go to start of metadata

FireMon is pleased to provide this overview of the features and enhancements in Lumeta Enterprise Edition 4.2., the upgrade to which is recommended but not required for all users. 

Lumeta Enterprise Edition 4.2

The upgrade file is available now in FireMon User Center > Downloads.
You can upgrade to Lumeta Command Center 4.2 directly from either 4.0 or 4.1 versions of the same.

For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.3.


We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Lumeta 4.2.0.0 systems are backward-compatible with 4.0 and 4.1 installations. Enterprise Scouts 4.0.0.0 and 4.1 are compatible with the 4.2 version of the Command Center. 

Lumeta 4.2 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility. 

New & Enhanced Features

API Support in Swagger

FireMon is delighted to make our Lumeta Warehouse and API documentation available through a Swagger interface. Syntax and example links follow:


SyntaxExample
Lumeta API Swaggerhttps://<systemname or IP address>/api/swagger-ui.htmlhttps://10.9.0.26/api/swagger-ui.html
Lumeta Warehouse Swaggerhttps://<systemname or IP address>/warehouse/swagger-ui.htmlhttps://10.9.0.26/warehouse/swagger-ui.html

This documentation replaces the SWADLed WADL that we had included with earlier releases. 

LDAP Support

We are also delighted to introduce LDAP support for user authentication. This enables Active Directory (AD) queries to go directly to LDAP for answers and information without first having to go through an intermediary application (such as Samba). This enhancement enables users to access to their AD domain without having to join to it.

To leverage this capability, you will need to . . .

  1. Configure your AD server for anonymous access. See Anonymous Access to Active Directory for more. 
  2. Configure Lumeta as an LDAP client. See Configuring LDAP for more.
























Security Manager Integrations

Lumeta data is now normalized before reaching Security Manager, increasing the speed at which Security Manager is able to ingest and incorporate Lumeta data.

In addition, we've augmented the data set available to you in reports with the following:

  1. Lumeta pushes updates to routes and interfaces of firewalls, switches and routers discovered by Lumeta at the frequency specified by users.  
  2. To the description text for Lumeta-discovered devices in Security Manager, aka synthetic routers, we've added the DNS and sysname attributes.

In the FireMon tool suite, in the Administration > DeviceRoutes section, Lumeta populates the Gateway column in Security Manager. This column displays the interface used for the next hop.






























Leak Improvements

When Lumeta identifies a leaking device in your network, it identifies both the NATd address and the exact IP address of a leaking device, facilitating remediation.  

InfoBlox Integration

  1. Lumeta introduces the capability to ingest PTR-type and A-type records from InfoBlox, in addition to the Host-type records it was able to ingest in earlier Lumeta versions. 
  2. Lumeta 4.2 is compatible with InfoBlox version 8.5.1-397728 or higher.

Support Tools

To the support tools (Settings > Support Tools), we've added the capability for users of the type "viewer" to run and read information generated by the tools:

  1. Viewers can see the status of Lumeta components
  2. Viewers are allowed to run support tools that generate information, including:
    1. ping
    2. ping6
    3. traceroute
    4. snmp
    5. snmpwalk
    6. top
    7. db query
  3. Viewers cannot start or stop services
  4. Viewers cannot import or export log bundles or any other system data 

SNMP Get and SNMP Walk have been made more useful: Now you can run an SNMP test from the interface designated for a particular IP/CIDR block, including remote interfaces. The new Interface field is shown in the screencap, below. 


In similar fashion, the traceroute tool has been updated to allow you to select the interface (e.g., Scout)  from which you want to run the test.

Scan Completion Time 

Customers like you occasionally ask, "When is it done?" and "How can I tell a scan cycle has completed?" These are difficult questions to answer in an environment of always-on, real-time network discovery. Nevertheless, we endeavored to provide you with more information so you could figure out how best to tune the rescan interval of your configuration––how frequent to make the scan cycles. And specifically, how to optimize the rescan interval by setting the primary and secondary scans to occur as close together as possible without causing a spike in the message-processing queue depth or any performance degradation. To that end, we're introducing the Overall Message Queue Utilization widget and the Message Queue Utilization per Collector report widgets to help. These are located on the Device Response Statistics dashboard.


Support IAB addresses

Newly added macvendor support means you can look up Individual Address Block (IAB) allocation addresses such as:

00:50:C2:22:10:00/36 Getinge IT Solutions ApS 

The Individual Address Block is an inactive registry activity that was replaced by the MA-S registry product in 2014. The owners of already-assigned IABs may continue to use the assignment. 

Update to SNMPD

We've updated snmpd.conf to report the product name "Lumeta" instead of a deprecated product name. 

Technical Notes

  1. LUM- 2770 Although the Lumeta GUI will import and accept custom attributes with the label of target, the imported attributes do not display in the GUI custom attribute list, making it appear as though the attribute-creation process had failed. In Settings > Tables, check the zone.attribute_cidr table to verify your targets. 
  2. We have added audit rules to monitor changes to /tmp and /etc/resolve.conf. Rules are in effect on a freshly installed system, however for upgraded systems, it would require another reboot to have them take effect. Normal operations will not be affected in either case.

  3. Custom queries, dashboards and reports do not carry through to the Lumeta 4.2 release from the 4.0 release (but do carry through from the 4.1 release). Before upgrading from 4.0 to 4.2 only, export the DDL of any you want to save. Contact us to extract the custom elements from your DDL file, edit them for compatibility with Lumeta 4.2, and return them to you for importing. See Exporting to Data Definition Language (DDL) and Importing Dashboards, Reports & DDLs for procedures. 
  4. Lumeta 4.2 backups can be generated only via the CLI and restored only to a system with the same release number (i.e., Lumeta 4.2). 

Security Updates & STIG 

Lumeta 4.2 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.2 for a list of CVEs resolved in this Lumeta 4.2 release. CVEs on our radar are also available. 

Database Schema

The 4.2 database schema, which shows a visual representation of the Lumeta database, is available now.

 

Change Log Updated 4/26

Dev Task

LUM-2719 - API to configure LDAP

LUM-2720 - CLI to configure LDAP

LUM-2721 - GUI to configure LDAP

LUM-2727 - Enablers for LDAP configuration

LUM-2737 - UI Work to support traceroute

LUM-2738 - CLI Work to support traceroute

LUM-2739 - UI work to support snmpwalk

LUM-2740 - CLI work to support snmpwalk

Bug

LUM-1071 - /var/log/kern file not rotating on our leak scouts

LUM-1152 - /api/rest/management/users returns total=X where X does not represent the current number of users

LUM-2227 - Local leaks showing up as inbound

LUM-2266 - UI license agreement “I Agree” button greyed out; unable to activate license

LUM-2471 - query of devicemodel is slower in 4.1 than 4.0.1

LUM-2607 - When your session is timed out, you should be disconnected immediately.

LUM-2669 - QueryBuilder UI does not generate warehouse compliant sql constructs

LUM-2671 - Warehouse startup can hang if there are too many trace files

LUM-2677 - Add dashboard button not showing up for the manager user.

LUM-2691 - CLONE - Errors on db orphans delete command in CLI

LUM-2702 - Upgrade does not check for adequate disk space

LUM-2705 - Warehouse should preserve duplicate column names during export

LUM-2706 - Table Created In Transactions Appears To Not Be Visible To Other Operations in Same Transaction

LUM-2707 - Getting sysdescr from Palo Alto Firewall but not profiling device

LUM-2708 - Lumeta:FireMon integration not bringing in "next hop" gateway

LUM-2709 - Warehouse can deadlock if the client disconnects mid-transaction

LUM-2711 - Feature Request: Users UI screen , not easily visible for more than 10 users, next page arrow.

LUM-2715 - Warehouse uses old VIEW definition even after updating from the GUI

LUM-2717 - Couchbase RPM installed by upgrade

LUM-2718 - Searching For Word That Is Schema Name to Filter Returns All Results

LUM-2723 - Infoblox | Upgrade | When upgrading to 4.2, Infoblox configuration error occurs

LUM-2724 - Infoblox | Upgrade | When upgrading to 4.2, SQL error with "column ipv6addrs does not exist" error

LUM-2726 - WMI queries and devicemodel_allzones query are not updated with the upgrade from 4.1, but are from 4.0

LUM-2732 - Infoblox Integration: Lumeta appends to the Grid Manager Host count even if the IP address already exists on the Grid Manager

LUM-2736 - Wells concerned over 'uk_device_ipv4' exceptions causing file processing failures each day

LUM-2741 - errors in webapp and discovery-agent logs and scanning not working

LUM-2750 - Add user dialog says Object Object instead of first last name

LUM-2754 - New use not getting password change page

LUM-2755 - Dashboards Integrations: Ips Unmanaged by xxxx: Make the underlying query order by IP ASC so IP Addresses appear at top of dashboard list

LUM-2756 - When the search field in the LDAP configuration screen is left blank. The error message is not descriptive

LUM-2760 - Updating Ui tests as per new changes in modal/dialog boxes

LUM-2764 - Add ntp commands to gather_diagnostics, remove chrony commands

LUM-2765 - upgrade to 4.2.0.0.34355 is failing with dependent package errors

LUM-2766 - Support Tools | Status of Lumeta Components | DXL option missing from Service dropdown

LUM-2767 - Advanced Query WMI Devices by Service Name is returning all services, not just the one submitted

LUM-2769 - Tables | Table Wizard | When adding/editing a table, it does not report an error when uploading data with more columns than fields defined

LUM-2771 - Tables | Table Wizard | When editing a table, there is no "Sample data upload" step

LUM-2772 - Custom audit rules not installed correctly

LUM-2774 - 4.2.0.0.34402 upgrade is missing some rpms that the netboot has

LUM-2775 - Tables | Table Wizard | When uploading a data file larger than 1MB, the login session gets kicked out

LUM-2776 - Tables | Table Wizard | Next button is grayed out on "Sample data upload" step when a file larger than 1MB is uploaded

LUM-2778 - Dashboard WMI Devices without Security Services is showing duplicate entries

LUM-2782 - Upgrade of Scouts is failing from the GUI. No error message is returned to the GUI

LUM-2790 - Dashboards | Widgets | The 3rd "<Some_integration> and Lumeta IPs" widget have missing columns

LUM-2792 - Radius showing successful authentication, but login fails with bad username or password

LUM-2794 - Connecting a scout from CC with CLI or UI is failing. error "ClassNotFoundException: org.eclipse.jetty.io.ByteBufferPool"

LUM-2796 - Bad value displayed for LDAP CLI config

LUM-2806 - Warehouse is not starting after upgrade from 4.0 to 4.2

LUM-2807 - Browse Historical Reports does not show data, date filters don't work

LUM-2824 - Infoblox dashboards show error after upgrade from 4.0 to 4.2

LUM-2826 - Fix Device.estimateSize() to account for routes (causing websocket size errors)

Story

LUM-468 - Clean up packets code in scanning

LUM-1138 - Swagger Integration for api

LUM-1387 - Can we make tcpdump an option in CLI or at least for non-root user

LUM-1881 - Security Manager Integration Improvements

LUM-2625 - Make /usr/local/lumeta/bin/discovery-agent more resilient

LUM-2644 - Do not allow Editing/Deleting of External and Reference tables

LUM-2655 - Active Directory Support using LDAP

LUM-2658 - Slow running queries post 4.1

LUM-2661 - Scan Completion Time

LUM-2664 - Delay the first periodic statement execution by a configurable amount of time

LUM-2682 - It can be confusing why Lumeta Systems -> Available Systems -> Add is disabled

LUM-2689 - Support IAB addresses

LUM-2690 - Support database upgrade for Warehouse

LUM-2700 - Use payload encoded leaking IP instead of received IP for UDP and ICMP leaks

LUM-2701 - Encode leaking IP in payload DNS and SNMP leak

LUM-2733 - Support tools access user level Viewer

LUM-2734 - Please add Interface selection option to SNMP Status and SNMP Walk

LUM-2735 - UKMOD: requests ability to select interface for traceroute test

LUM-2748 - Clean up old data in warehouse.filemon

 

  • No labels