FireMon is pleased to provide this overview of the new features and enhancements made for this Lumeta Enterprise Edition 4.5 release, which is recommended for all users.
Lumeta Enterprise Edition 4.5 | |
---|---|
The upgrade file will soon be available in FireMon User Center > Downloads. | For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.5. |
We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Enterprise Scouts 4.3x and 4.4x are compatible with the 4.5 version of the Command Center.
Enhancements
Migrate Zones
All of the back-end code that supports configuring Zones has been migrated to a state-of-the-art framework that makes the front-end GUI easier to read.
New GUI of Lumeta 4.5 Zone Collectors |
---|
Previous GUI of Lumeta 4.4 Zone Collectors |
VmWare ESXi hosts offer profiling data tied to every hosted VMs MAC address. When you use SNMP protocol from ESXi hosts in Lumeta, you can now improve the asset profiles by retrieving version information as highlighted in the examples below:
- SNMPv2-SMI::enterprises.6876.2.1.1.4.122 = STRING: "Linux 4.4.243-1.ph1 VMware Photon 1.0 Photon VMware Photon 1.0 "
- SNMPv2-SMI::enterprises.6876.2.1.1.4.392 = STRING: "Windows Server 2012 R2 Standard Edition, 64-bit (Build 9600)"
- SNMPv2-SMI::enterprises.6876.2.1.1.4.405 = STRING: "Linux 3.10.0-1160.31.1.el7.x86_64 CentOS Linux release 7.7.1908 (Core)"
Randomize Targets
The use of system resources increases sharply when millions of scan targets are configured at once. Typically this would occur when configuring a large number of targets via the API or by uploading a CSV of targets. To prevent this spike, we're providing customers with a query and an API call that will enable targets to be randomized across a rescan interval. That API call is at https://<command center>/api/rest/zone/<zone number>/randomize targets
Sample API call:
curl -H "Content-Length: 0" -v -X POST -k -u admin:admin "https://yourcommandcenter/api/rest/zone/1/randomizeTargets"
SNMP Device Inventory
Added phase 1 support to give Lumeta the capability to identify and gather information on the software and hardware inventory of SNMP speaking devices
DNS Error Handling
The DNS scanner interface now prompts users to delimit Internal DNS Servers entries with commas. Whitespace is automatically removed and error messages have been made more informative.
An entry like this is valid and would save without errors.
Azure Resource Groups
In Cloud scanner, there's no longer a need to bulk-upload a list of resource groups. Instead, just leave the Resource Group field empty to accomplish the same objective. To upload just one Resource Group, specify it by name.
Database Schema
The Lumeta 4.5 database schema shows a visual representation of the Lumeta database.
Security Updates & STIG
Lumeta 4.5 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.5 for a list of CVEs resolved in this Lumeta 4.5 release.
Change Log
Epic
LUM-3154 - Migrate Zones to AngularJS
LUM-3246 - Add automation for Angular JS Zone UI
Story
LUM-1104 - MacIP Should Not Enforce IP or MAC Validity
LUM-1923 - Support 32 bit ASNs in AS Path
LUM-3075 - Improve GUI experience around DNS "Internal DNS Servers" input box
LUM-3128 - Add the ability to scan Entity MIB from SnmpScanner
LUM-3132 - Rework the SNMP OID document after the dust settles on SNMP query changes
LUM-3155 - Migrate Zones to AngularJS - GUI framework
LUM-3156 - Migrate Zones to AngularJS - Zone Collectors tab: view
LUM-3157 - Migrate Zones to AngularJS - Zone Networks tab: view
LUM-3158 - Migrate Zones to AngularJS - Zone Custom Attributes tab: view
LUM-3162 - Migrate Zones to AngularJS - Zone Collectors tab: view phase 2
LUM-3163 - Migrate Zones to AngularJS - Zones add/edit/delete
LUM-3164 - Migrate Zones to AngularJS - Collectors add/edit/archive
LUM-3165 - Migrate Zones to AngularJS - Collector configuration
LUM-3166 - Migrate Zones to AngularJS - Zone Networks configuration
LUM-3167 - Migrate Zones to AngularJS - Zone Custom Attributes configuration
LUM-3168 - Migrate Zones to AngularJS - Change system menu to point to new page
LUM-3205 - Sometimes cannot login to AWS instance
LUM-3219 - Warehouse table truncation should work even for tables with pre-created schemas
LUM-3228 - Use pg_dumpall to dump roles in addition to databases
LUM-3247 - Automate Zone CRUD
LUM-3254 - Add support for querying hrSWInstalled
LUM-3257 - Uptick 3rd-parties for 4.5
LUM-3273 - SPIKE - Work up implementation plan for bare-bones scheduler (script)
LUM-3283 - CLI for tenable.io integration is (mostly) missing
LUM-3287 - Use SNMP from ESXi hosts to improve profiling
LUM-3298 - Compile our own virt-what RPM from source
LUM-3359 - Create API call to randomize targets across rescan interval
LUM-3367 - Force marked IPv4 packets to specific interface
LUM-3368 - Featured Request: To get data from Azure without adding Resource Groups in the creds tab..
LUM-3372 - Uptick 3rd-parties one more time for 4.5
Bug
LUM-2279 - Can't connect scout using its v6 ip address from CC GUI
LUM-2286 - Leak path discovery doesn't seem to work for IPv6
LUM-2567 - Rapid7 Integration Dashboard: Endpoint Context/Action link Opens Tab of Rapid7 URL with Default Port 3780
LUM-2925 - Zones | Config | When deleting and re-adding a zone of the same name, the zone is in an undetermined state and cannot be deleted
LUM-2976 - differences in observer and warehouse schemas between upgrade and netboot
LUM-3000 - processing of path response fails if the IP of the scanning interface is already in the device table
LUM-3042 - Fix the remainder of the Lumeta Systems modal dialogs
LUM-3173 - Feature Request: Add ability to connect scout to Command Center from Scout UI
LUM-3185 - CLI authentication commands are failing with a lumeta_sudoers: syntax error
LUM-3188 - Further Investigate and Resolve Possible Bug with Table Truncation
LUM-3196 - Risk Assessment -> Enterprise Risk Summary can be empty even when there is data
LUM-3199 - Dashboards | Widgets | 1st widget on Risk Assessment has a data column labeled Spectre
LUM-3202 - Current zone selection should obey GUI global current zone
LUM-3223 - Custom Attributes added via report/dashboard on an IP that is a child IP will not display in Device Details
LUM-3224 - Dashboard dropdown categories not populated when navigating to certain pages from Zones page.
LUM-3232 - Issue when going from static to DHCP configured interface address
LUM-3245 - CLI command to upload cloud credentials that was successful in 4.4 is failing in 4.5
LUM-3249 - Fix a few follow-up license installation oddities
LUM-3250 - DNS | Internal DNS Server | CLI | When adding multiple addresses, the config may not be saved correctly
LUM-3251 - Duplicate zone and collector name detection should skip Zone Security Filters
LUM-3252 - RPM mismatch on upgrade
LUM-3260 - GUI | Zone Configs | CIDR upload count seen in logs do not match actual count
LUM-3261 - CLI command to set dns internal server IP addresses doesn't accept muilple IPs like UI
LUM-3264 - Deleting the last zone should leave the GUI in a usable state
LUM-3265 - GUI | Zone Configs | Dropdowns w/ no pre-selected value have an empty row selection
LUM-3266 - Bug when receiving entPhysicalMfgDate or entPhysicalUris or entPhysicalUUID data
LUM-3267 - Cloud and WMI credentials can get provisioned without passwords/secrets
LUM-3268 - Zones/Path Discovery: Place Advanced Optional Configuration Use Custom TCP Ports under protocol list
LUM-3270 - 4.5 Zone UI: Leak Path allows to choose a interface already defined for collector
LUM-3271 - GUI | Zone Configs | Download button still downloads even when disabled
LUM-3280 - System Configuration | When adding an existing IP address of a remote system under "Available Systems", it corrupts the original connection
LUM-3282 - BGP password in clear text on 4.5 new zone setup
LUM-3309 - Fix spurious errors when deleting zones
LUM-3312 - Core Indices: Forwarding Device Summary Pie Chart. Device Types are jumbled overlayed
LUM-3324 - GUI | Profile | When disabling Profile discovery, status still shows enabled
LUM-3328 - Leak packets don't respect commanded interface
LUM-3330 - Allow ability to add more than 1 CIDR in new Angular Zone
LUM-3331 - system.macvendor table is empty in 4.5 netboot
LUM-3333 - warehouse saved query risk_assessement_query is different in upgrade and netboot
LUM-3336 - dns results shouldn't make a device "active"
LUM-3338 - "On Premises" widget is missing a column in 4.5 upgrade compared to netboot
LUM-3340 - error after upgrade and gui doesn't display
LUM-3350 - Maps | Group | "Expand All Attached Host" does not work a second time
LUM-3351 - Maps | Badges | Badge display issues after collapsing devices
LUM-3354 - with a zone with multiple collectors configured for BGP if the BGP Peers of one are deleted, all are
LUM-3355 - The GUI jumps around when clicking on the menu
LUM-3374 - entPhysical attribute is not removed with other snmpDetails attributes when receiving a NACK response
LUM-3375 - Device search on attributes isn't working
LUM-3376 - Phantom Host result
LUM-3379 - custom CA cert may cause httpd to fail
LUM-3385 - Cannot add new users if RADIUS is enabled
LUM-3387 - Reports | Schedule | Cannot create "Patterns Summary" report from Schedule Reports page
LUM-3403 - devices with IP as '::" are being created for broadcast scanner ndp protocol
LUM-3438 - Risk Assessment Dashboard, On Premises Widget has no data if one Integration table is truncated
LUM-3450 - 4.5 RC3 - Upgrade and netboot have differences in observer schema