Page tree

FireMon is pleased to provide this overview of the new features and enhancements made for this Lumeta Enterprise Edition 4.4 release, which is recommended for all users. 

Lumeta Enterprise Edition 4.4

The upgrade file is available now in FireMon User Center > Downloads.
The supported upgrade path to Lumeta Command Center 4.4 is from the 4.2 and 4.3 versions.

For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.4.


We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Enterprise Scouts 4.2x and 4.3x are compatible with the 4.4 version of the Command Center. Lumeta 4.4 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility. 

Integrations

Lumeta is newly integrated with Tenable.io, Tenable's cloud vulnerability management system.  See Tenable Configuration and Tenable.io Management Dashboard for more.


Lumeta is newly integrated with Tripwire threat detection software.  See Tripwire Configuration and Tripwire Management Dashboard for more.

Integration Enhancements

Purge Integration Data

You can now choose to purge all data from your integrated third-party applications by clicking the Purge Data button. This is useful when you want to remove or expire data from the Lumeta system. 




Whitelisting

The setup to receive data feeds from third-party applications to Lumeta involves adding a URL or IP address to your firewall whitelist. To the extent available, the information you'll need to add now displays on the setup page for each integration. 

Examples

The IP address will display for these integrations:

Emerging Threats - http://rules.emergingthreatspro.com

Dashboard  Enhancements

The Dynamic Edge dashboard (Lumeta > Dashboards > Dynamic Edge) now displays the First Observed column for both Inbound and Outbound Leaks.  

The WMI dashboard (Lumeta > Dashboards > WMI) now displays the Logged in Users column.  

LDAP

The LDAP configuration page, located in Lumeta > Settings > Lumeta Systems > System Information > LDAP, has been enhanced to display the search string constructed from your entries for LDAP server url, Base DN, Bind DN and search filter. You will be able to see the final search string and see the results of running the string in the user interface. 

Earlier releasesEnhanced Lumeta 4.4 

Scanning

CISCO-IP-IF MIB Support
Support for scanning CISCO-IP-IF MIBs has also been added to this 4.4 release. Because Cisco NX-OS speaking devices appear not to answer consistently across versions to the normal RFC-compliant interface MIBs, yet do appear to answer to CISCO-IP-IF, we've added support for the CISCO-IP-IF MIB as a fallback the system can use when RFC-compliant MIBs fail.

Store & Forward

Connectivity issues between Command Centers and Scouts no longer have any impact on Lumeta's response processing capabilities or performance because raw response files are now stored on the Scout and then transmitted once connectivity has been  re-established.

Notification Subscriptions

The graphical interface in Settings > Notificatification Subscriptions has been completely updated. 

Scheduling Reports

Now you can now create, view, edit, and delete scheduled reports from the report itself. Just open the report you want to schedule and click Schedule this Report. 

Device Pattern Improvements

Two device patterns were added. See Adding & Managing Device Profile Patterns for more. 

  1. Added 150 pattern for IT/OT macvendors
  2. Consolidated Microsoft Windows to Windows for OS

Technical Note

In the event your browser interface "loops" after you select one of the Maps options, please reload the page or enable hardware acceleration of your web browser.

If you use FireFox browser, use this procedure: https://support.mozilla.org/en-US/kb/performance-settings to enable hardware acceleration.

Hardware acceleration may be disabled in your FireFox browser due to this: https://wiki.mozilla.org/Blocklisting/Blocked_Graphics_Drivers. If that's true for you, you will also need to follow the steps listed at the bottom of the linked-to article to resolve the looping issue.

To enable hardware acceleration using Chrome browser:

  1. Type chrome://settings/system in a new tab.
  2. Make sure "Use hardware acceleration when available" is turned on.

If it is still is not working, do this:

  1. Type chrome://flags in new tab.
  2. Search for Override software rendering list.
  3. Enable and restart the browser.


Database Schema

The Lumeta 4.4 database schema shows a visual representation of the Lumeta database. 

 

CLI Commands

Though spare in appearance, the Lumeta CLI is a powerful interface. To administer your system via command-line interface, see System Administration via CLI.


Security Updates & STIG 

Lumeta 4.4 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.4 for a list of CVEs resolved in this Lumeta 4.4 release. 

Change Log 

Updated 1/17/2022

Bug

LUM-1895 - CLI- Scout - Getting 'NullPointerException' when running 'support db orphans' command

LUM-2103 - Scanner doesn't respect commanded interface when that interface doesn't support the appropriate address family

LUM-2255 - Profiling: No Profile Match for raw_ieee_name APC BY SCHNEIDER ELECTRIC

LUM-2710 - Possible DNS scanner bug ("Couldn't handle DNS Response: null =")

LUM-2768 - After running system reinit the permissions on /etc/resolf.conf change

LUM-2956 - Uploading test file with empty line leads to creation of 0.0.0.0/0 in target list

LUM-3030 - Infoblox | Dashboard Widget | The "os" column on 3rd widget is empty

LUM-3041 - Coerce system reinit hostname to lowercase

LUM-3043 - Drop x15 database as part of upgrade

LUM-3045 - 4.3 stig failure with database auditing is enabled

LUM-3047 - Dynamic Edge Dashboard: First Observed Column missing for Outbound Leaks

LUM-3048 - Scout picking up targets that don't belong to it

LUM-3057 - All data tables missing in GUI

LUM-3060 - CSV export of timestamps appear with variable precision

LUM-3069 - Concurrent Modification in fragments

LUM-3070 - Misc. manufacturing automation fixes

LUM-3074 - Tenable.io is configuring successfully with invalid server ip

LUM-3076 - BGP Scanner restarts when we get unrelated config changes

LUM-3078 - Fix the concurrent-checkin deadlock described in SUPPORT-223

LUM-3082 - Remove default nameservers and search domains from /etc/resolv.conf

LUM-3084 - Scanner | ScanManager | Concurrent Modification exception seen on Auto-CLI testbed

LUM-3088 - If collectHTTP is enabled for a collector, enabling cloud discovery disables it.

LUM-3100 - Feature Request add 4 number release to manufactured OVAs

LUM-3102 - Integrations | TOR | Possibly display both URLs to the allow-firewall text

LUM-3110 - OVAs created before system is fully initialized

LUM-3113 - Azure CloudVisibility Dashboard: Investigate better way to display Outbound/Inbound Paths by Device Type

LUM-3130 - once LDAP binddn and bindpw are set there is now way in the CLI to clear them for a new config

LUM-3134 - Update zone security filters after every database upgrade

LUM-3136 - There is a mismatch in the rpms installed between a netboot cc and upgrade cc

LUM-3141 - enable database-auditing is failing

LUM-3144 - latest build causing warehouse error on startup

LUM-3148 - compare of warehouse schema between upgrade and netboot is failing

LUM-3149 - upgraded device table is missing the parent column core indices dashboard show error.

LUM-3161 - profiling is disabled if any other scan type is enabled or disabled in the GUI

LUM-3174 - ipV4Forwarding attribute is not cleaned up with other SNMP attributes when receiving NACK

LUM-3187 - upgrade is failing because of missing required rpms

LUM-3200 - Dashboards | Widgets | Tenable SC vendor Logo is missing on last widget

LUM-3209 - Custom CEF Notifications are not retained after upgrade

Story

LUM-503 - Create utility function rather than hard coding string

LUM-698 - SPIKE: Tenable.io Integration

LUM-971 - Feature Request: Place the URLs to whitelist on Integrations page

LUM-2107 - DNSScanner should check servers for appropriate address family

LUM-2108 - HttpScanner, BGPScanner, SMBScanner, and WMIScanner should check for appropriate address family

LUM-2777 - Queries timing out that need to be updated

LUM-2816 - Migrate Notification Subscriptions UI to Angular

LUM-2875 - Implement Store and Forward on the Scout

LUM-3064 - Implement code to inhibit a collector from scanning

LUM-3072 - Implement 802.1Q support so Broadcast can "hear" trunked traffic

LUM-3095 - Store zip files that get pushed to SM for better debugging

LUM-3118 - Custom Dashboard for customer

LUM-3126 - Add support for scanning CISCO-IP-IF MIB

LUM-3129 - Add LoggedOnUser to WMI capabilities

LUM-3131 - Scan CISCO-VRF MIB to get list of VRFs

LUM-3137 - Include all IPs in Device Details -> IPs search results

LUM-3146 - Add unauthenticated Warehouse status REST call

LUM-3153 - Add Tripwire to Integrations Summary dashboard











  • No labels