FireMon is pleased to provide this overview of the new features and enhancements made for this Lumeta Enterprise Edition 4.4 release, which is recommended for all users.
Lumeta Enterprise Edition 4.4 | |
---|---|
The upgrade file is available now in FireMon User Center > Downloads. | For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.4. |
We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Enterprise Scouts 4.2x and 4.3x are compatible with the 4.4 version of the Command Center. Lumeta 4.4 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility.
Integrations
Lumeta is newly integrated with Tenable.io, Tenable's cloud vulnerability management system. See Tenable Configuration and Tenable.io Management Dashboard for more.
Lumeta is newly integrated with Tripwire threat detection software. See Tripwire Configuration and Tripwire Management Dashboard for more.
Integration Enhancements
Purge Integration Data
You can now choose to purge all data from your integrated third-party applications by clicking the Purge Data button. This is useful when you want to remove or expire data from the Lumeta system.
Whitelisting
The setup to receive data feeds from third-party applications to Lumeta involves adding a URL or IP address to your firewall whitelist. To the extent available, the information you'll need to add now displays on the setup page for each integration.
Examples | |||
---|---|---|---|
The IP address will display for these integrations:
| Emerging Threats - http://rules.emergingthreatspro.com |
Dashboard Enhancements
The Dynamic Edge dashboard (Lumeta > Dashboards > Dynamic Edge) now displays the First Observed column for both Inbound and Outbound Leaks.
The WMI dashboard (Lumeta > Dashboards > WMI) now displays the Logged in Users column.
LDAP
The LDAP configuration page, located in Lumeta > Settings > Lumeta Systems > System Information > LDAP, has been enhanced to display the search string constructed from your entries for LDAP server url, Base DN, Bind DN and search filter. You will be able to see the final search string and see the results of running the string in the user interface.
Earlier releases | Enhanced Lumeta 4.4 |
---|---|
Scanning
CISCO-IP-IF MIB Support
Support for scanning CISCO-IP-IF MIBs has also been added to this 4.4 release. Because Cisco NX-OS speaking devices appear not to answer consistently across versions to the normal RFC-compliant interface MIBs, yet do appear to answer to CISCO-IP-IF, we've added support for the CISCO-IP-IF MIB as a fallback the system can use when RFC-compliant MIBs fail.
Store & Forward
Connectivity issues between Command Centers and Scouts no longer have any impact on Lumeta's response processing capabilities or performance because raw response files are now stored on the Scout and then transmitted once connectivity has been re-established.
Notification Subscriptions
The graphical interface in Settings > Notificatification Subscriptions has been completely updated.
Scheduling Reports
Now you can now create, view, edit, and delete scheduled reports from the report itself. Just open the report you want to schedule and click Schedule this Report.
Device Pattern Improvements
Two device patterns were added. See Adding & Managing Device Profile Patterns for more.
- Added 150 pattern for IT/OT macvendors
- Consolidated Microsoft Windows to Windows for OS
Technical Note
In the event your browser interface "loops" after you select one of the Maps options, please reload the page or enable hardware acceleration of your web browser.
If you use FireFox browser, use this procedure: https://support.mozilla.org/en-US/kb/performance-settings to enable hardware acceleration.
Hardware acceleration may be disabled in your FireFox browser due to this: https://wiki.mozilla.org/Blocklisting/Blocked_Graphics_Drivers. If that's true for you, you will also need to follow the steps listed at the bottom of the linked-to article to resolve the looping issue.
To enable hardware acceleration using Chrome browser:
- Type chrome://settings/system in a new tab.
- Make sure "Use hardware acceleration when available" is turned on.
If it is still is not working, do this:
- Type chrome://flags in new tab.
- Search for Override software rendering list.
- Enable and restart the browser.
Database Schema
The Lumeta 4.4 database schema shows a visual representation of the Lumeta database.
Security Updates & STIG
Lumeta 4.4 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.4 for a list of CVEs resolved in this Lumeta 4.4 release.
Change Log
Updated 1/17/2022
Bug
LUM-1895 - CLI- Scout - Getting 'NullPointerException' when running 'support db orphans' command
LUM-2103 - Scanner doesn't respect commanded interface when that interface doesn't support the appropriate address family
LUM-2255 - Profiling: No Profile Match for raw_ieee_name APC BY SCHNEIDER ELECTRIC
LUM-2710 - Possible DNS scanner bug ("Couldn't handle DNS Response: null =")
LUM-2768 - After running system reinit the permissions on /etc/resolf.conf change
LUM-2956 - Uploading test file with empty line leads to creation of 0.0.0.0/0 in target list
LUM-3030 - Infoblox | Dashboard Widget | The "os" column on 3rd widget is empty
LUM-3041 - Coerce system reinit hostname to lowercase
LUM-3043 - Drop x15 database as part of upgrade
LUM-3045 - 4.3 stig failure with database auditing is enabled
LUM-3047 - Dynamic Edge Dashboard: First Observed Column missing for Outbound Leaks
LUM-3048 - Scout picking up targets that don't belong to it
LUM-3057 - All data tables missing in GUI
LUM-3060 - CSV export of timestamps appear with variable precision
LUM-3069 - Concurrent Modification in fragments
LUM-3070 - Misc. manufacturing automation fixes
LUM-3074 - Tenable.io is configuring successfully with invalid server ip
LUM-3076 - BGP Scanner restarts when we get unrelated config changes
LUM-3078 - Fix the concurrent-checkin deadlock described in SUPPORT-223
LUM-3082 - Remove default nameservers and search domains from /etc/resolv.conf
LUM-3084 - Scanner | ScanManager | Concurrent Modification exception seen on Auto-CLI testbed
LUM-3088 - If collectHTTP is enabled for a collector, enabling cloud discovery disables it.
LUM-3100 - Feature Request add 4 number release to manufactured OVAs
LUM-3102 - Integrations | TOR | Possibly display both URLs to the allow-firewall text
LUM-3110 - OVAs created before system is fully initialized
LUM-3113 - Azure CloudVisibility Dashboard: Investigate better way to display Outbound/Inbound Paths by Device Type
LUM-3130 - once LDAP binddn and bindpw are set there is now way in the CLI to clear them for a new config
LUM-3134 - Update zone security filters after every database upgrade
LUM-3136 - There is a mismatch in the rpms installed between a netboot cc and upgrade cc
LUM-3141 - enable database-auditing is failing
LUM-3144 - latest build causing warehouse error on startup
LUM-3148 - compare of warehouse schema between upgrade and netboot is failing
LUM-3149 - upgraded device table is missing the parent column core indices dashboard show error.
LUM-3161 - profiling is disabled if any other scan type is enabled or disabled in the GUI
LUM-3174 - ipV4Forwarding attribute is not cleaned up with other SNMP attributes when receiving NACK
LUM-3187 - upgrade is failing because of missing required rpms
LUM-3200 - Dashboards | Widgets | Tenable SC vendor Logo is missing on last widget
LUM-3209 - Custom CEF Notifications are not retained after upgrade
Story
LUM-503 - Create utility function rather than hard coding string
LUM-698 - SPIKE: Tenable.io Integration
LUM-971 - Feature Request: Place the URLs to whitelist on Integrations page
LUM-2107 - DNSScanner should check servers for appropriate address family
LUM-2108 - HttpScanner, BGPScanner, SMBScanner, and WMIScanner should check for appropriate address family
LUM-2777 - Queries timing out that need to be updated
LUM-2816 - Migrate Notification Subscriptions UI to Angular
LUM-2875 - Implement Store and Forward on the Scout
LUM-3064 - Implement code to inhibit a collector from scanning
LUM-3072 - Implement 802.1Q support so Broadcast can "hear" trunked traffic
LUM-3095 - Store zip files that get pushed to SM for better debugging
LUM-3118 - Custom Dashboard for customer
LUM-3126 - Add support for scanning CISCO-IP-IF MIB
LUM-3129 - Add LoggedOnUser to WMI capabilities
LUM-3131 - Scan CISCO-VRF MIB to get list of VRFs
LUM-3137 - Include all IPs in Device Details -> IPs search results
LUM-3146 - Add unauthenticated Warehouse status REST call
LUM-3153 - Add Tripwire to Integrations Summary dashboard