Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

FireMon is pleased to provide this overview of the new features and enhancements made for this Lumeta Enterprise Edition 4.3 release, which is recommended for all users. 

Lumeta Enterprise Edition 4.3

The upgrade file is available now in FireMon User Center > Downloads.
You can upgrade to Lumeta Command Center 4.3 directly from either 4.1x and 4.2x versions of the same (but not from 4.0x).

For the upgrade procedure, see Upgrading to Lumeta Enterprise Edition 4.2.


We recommend that you upgrade your Lumeta Enterprise Scouts when you upgrade your Command Center. However, Enterprise Scouts 4.1x and later are compatible with the 4.3 version of the Command Center. 

Lumeta 4.3 is compatible with Lumeta Cloud Scout 1.1 (release 1.20200401.105457.dev). No changes have been made to Lumeta CloudVisibility. 

Documentation

On the main menu, we've added a Help tab from which you can access the Lumeta API Reference in Swagger and this Support site, https://lumetadocs.firemon.com/.

Database Update

The Lumeta 4.3 platform uses PostgreSQL 13 database, which is an upgrade from PostgreSQL 9.6.

Scout Enhancements

A variety of support tools previously available only on Command Centers, including the capability to download a log bundle, are available from your Enterprise Scout GUI.  On your Enterprise Scout, navigate to Settings > Support Tools to see the additions. 


Integration with Security Manager


  1. All devices for which interface data is present, regardless of whether route data is present, are forwarded to FireMon Security Manager. 

  2. Devices pushed from Lumeta to Security Manager are labeled by their "sysname" rather than their IP address. The IP Address is already listed under the Management IP column. 

  3. Lumeta does not push 0.0.0.0/0 and ::/0, which would allow traffic from any IPv4 or IPv6 source, respectively, to bypass the AWS firewall.  
    1. Interface 0.0.0.0/0  is not pushed, but the associated routes are pushed
    2. Null0/Nu0 interfaces with routes are pushed 
    3. Drop is set to True
    4. Set Tunnel is set to True

  4. Lumeta removes duplicate devices before pushing them to Security Manager.

  5. Lumeta continues to push Layer 2 devices, which may increase the leaf nodes displayed on Security Manager maps.

Integration with Infoblox

Lumeta 4.3 is integrated with Infoblox 2.11––the current version that also provides a better paging mechanism that comes into play in managing the address space in larger deployments. Lumeta now collects data from more record types, including host, A, AAAA, and PTR. In addition, the extensible attributes "Site," "Device Type," and "Operating System" are now pushed from Lumeta and populate in Infoblox.

To learn how to view, create, and delete extensible attributes from the Infoblox CLI, GUI, and API, see Infoblox

Operational Technology Dashboard

Chart of Operational Technology (OT) vs. Information Technology (IT) chart and the details of each piece of equipment. 

Device count (Y axis) by Type of Device (X axis)

Device count (Y axis) by Country (X axis)

NOTE: If a device does not yet have its IP address populated,  the IP column will be blank. Once the device does receive an IP, the column will show the checkbox and value.

DNS

  1. Wondering which DNS server is configured on your Command Center? 
    1. Browse to your DNS identifier from Settings > Zones > DNS.
    2. See the identifier on Settings > Lumeta Systems  > System Information


  2. Run DNS lookup from Settings > Support Tools  > DNS Lookup.



  3. Additional Command Center and Enterprise Scout interfaces may be configured via the CLI or API without having to reinitialize the systems. More granular interface configuration management has been added via CLI submenus. You can see the multiple interfaces on Settings > Lumeta Systems > Interfaces.



    CLI
    "interface add" and "interface configure
    1. DHCP
    2. Static

    API
    @POST @Path("/interface/configure")
            POST "/api/rest/system/interface/configure?iface=$h{name}"

  4. DNS configuration commands have been added to the CLI. 

    ObjectiveCommand
    Check the values via CLIsystem dns
    Change the setting manuallysystem dns manual "172.16.22.5,172.16.22.6"
    Check the current values in the config filecat /etc/resolv.conf
    Check the help outputsystem dns<tab> system dns manual<?> system dns dhcp<?>


LDAP

  1. LDAP-enabled systems are supported through Lumeta upgrade. 

    1. LDAP-configured servers maintain their LDAP configuration through Lumeta upgrades.  

    2. When Lumeta is upgraded from a release in which LDAP was enabled, it will stay LDAP-enabled. 

    3. All Lumeta systems come with a new /etc/nslcd.conf file, regardless of LDAP status. 

  2. All External Data Connector (EDC) requests are checked against the Target and Eligible Lists. 

  3. A "true" or "false" Forwarding attribute displays in the Device Details > Attributes > System column to indicate whether or not the device described in that row forwards traffic. 



Technical Notes

Our product is called "Lumeta" on the GUI, CLI, and API. The names "Spectre" and "ESI" have been removed or replaced. However, the default hostname and root prompt is programmed to be "esi-" followed by the hex encoded IP address. This instance is temporary and will only remain until your system admin changes the host name. 


Security Updates & STIG 

Lumeta 4.3 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.3 (coming soon) for a list of CVEs resolved in this Lumeta 4.3 release. CVEs on our radar are also available. 

Change Log Updated 9/1/2021

Bug

LUM-2204 - re-licensing system disables snmpd

LUM-2239 - Collectors are disabled in CC after restore

LUM-2438 - License activation exception should not appear for scouts or perpetual license

LUM-2752 - compare of upgrade to netboot has a difference in warehouse.user_roles constraint user_roles_id_role_fkey

LUM-2808 - Reports | Schedule | GUI | Ambiguous "email server is not configured" alert message

LUM-2827 - Notification subscriptions can thrash through email-related logic

LUM-2831 - EDC High not inserting rows into zone.target_highpriority

LUM-2835 - Fix httpd config issues around apache MPM

LUM-2845 - Warehouse - all widgets have TYPE 'WIDGET' in DDL export

LUM-2858 - Warehouse - XJSON import can result in type coercion errors

LUM-2859 - Warehouse - Race condition between periodic statements and ingestion

LUM-2860 - Warehouse - the periodic statement service may not execute statements in a timely fashion

LUM-2863 - Update table api is throwing 500 error

LUM-2876 - groupname field missing from devicemodels in 4.2

LUM-2887 - Add CLI to configure DNS

LUM-2891 - compare of 4.3 netboot to upgrade has some differences in observer schema

LUM-2900 - Database | Queries | "plpy.Error: Error parsing JSON Path" displayed on certain queries/dashboards/reports

LUM-2902 - CLI command to configure snmpd community string is failing

LUM-2903 - CLI command to set password-parameters maxDays, resets minDays to default

LUM-2904 - CLI command to removed a role for a user is returning an error.

LUM-2905 - Using the CLI to set banner text or uploading a banner text file disables system banner

LUM-2908 - Change default password for 'Manager' account

LUM-2915 - Infoblox | API | Extensible Attributes not being populated on Infoblox server

LUM-2918 - Another "esi" occurrence found

LUM-2919 - compare of rpms in netboot and upgrade is failing

LUM-2926 - Scheduled Reports: email failure should not result in report failure

LUM-2927 - 4.3 upgrade build script is failing

LUM-2931 - Upgrade should not import its own gather_diagnostics

LUM-2934 - 4.0 scout showing NegativeArraySizeException after applying lumeta-discovery-agent 4.0.1.2 34686

LUM-2935 - some pip3 packages are missing from 4.3 upgrade

LUM-2940 - Feature Request: add ifType to the data we capture

LUM-2946 - Integrations | Dashboard Widget | "Unable to fetch query results. column mh.dnsname does not exist" displayed

LUM-2948 - risk_assesement_cloud_query query is failing with an error

LUM-2955 - latest netboot can't login. PSQLException: Unterminated identifier started at position 0 in SQL " as superuser

LUM-2964 - ESI | Upgrade | UI login fails after successful upgrade

LUM-2971 - there is a mismatch in the rpms installed between a netboot cc and upgrade cc

LUM-2972 - Fix memory leak in Warehouse native library

LUM-2979 - Upgrade doesn't correctly update postgresql.conf

LUM-2982 - mismatch in the compare of the postgres config file postgresql.conf between netboot and upgrade

LUM-2985 - Error messages when starting getty on machines without serial ports

LUM-2986 - The compare of the /etc/init.d/network file between netboot and upgrade is showing a difference

LUM-3001 - /var/log/messages is getting error message every 5 minutes "Less that 25% of / remaining! Please check immediately"

LUM-3008 - Ping from support tools and CLI should use ip address and not interface name

LUM-3013 - Allow upgrade from 4.0 and 4.1 to 4.3

LUM-3016 - rpm mismatch between 4.3.0.0.35438 netboot and upgrade

LUM-3020 - LDAP configuration doesn't handle fields with spaces well

LUM-3025 - user is able to set password-controls override and then also enable radius

LUM-3027 - Leak scanner won't start without an IPv6 interface

LUM-3029 - 4.3 observer schema differences between netboot and upgrade.

Epic

LUM-2783 - Automate Lumeta release manufacturing

LUM-2847 - Automation for the Lumeta 4.3 release

Story

LUM-428 - Make x509 subject and issuer CNs "friendlier"

LUM-742 - Allow additional interface(s) to be configured via the CLI without having to run the system reinit

LUM-2449 - Add checks at global level so user can only see reporting data for organizations user has access to

LUM-2665 - Update build process to use Lumeta as the filename

LUM-2728 - Support upgrade for LDAP enabled systems

LUM-2785 - Upgrade Postgres as 9.6 is EOL

LUM-2798 - Files that have "Spectre" in user facing strings

LUM-2809 - Automate Manufacturing for MSSP

LUM-2810 - Automate Manufacturing for different sizes/personalities

LUM-2811 - Automate Manufacturing for AWS

LUM-2812 - Automate Manufacturing for Azure

LUM-2815 - Migrate Scout UI to Angular

LUM-2822 - Lumeta 4.1 is trying to connect to IP 104.21.91.94 (terracotta.org)

LUM-2854 - Copy OVA to hector

LUM-2861 - Automate Manufacturing for Community Edition

LUM-2883 - Warehouse - ingesting a file that's not XJSON into the XJSON pipeline results in confusing errors

LUM-2916 - Implement EDC enhancements

LUM-2941 - Reject paginated queries if the format is not XJSON

LUM-2943 - Add attribute in response to ipForwarding etc. via SNMP

LUM-2950 - Operational Technology Dashboard

LUM-2952 - Investigate 4.3 device processing performance

LUM-2960 - Add DNS info and DNS lookup

LUM-2965 - Review logging documentation

LUM-2970 - Deduplicate devices

LUM-2981 - Log all CLI commands

LUM-2990 - Investigate and resolve high RSS usage in Webapp in R4.2+

LUM-3026 - Misleading message when doing remote scout upgrade



  • No labels