FireMon Asset Manager 5.3
Release Date: 14 March 2025
Summary
FireMon is pleased to provide this overview of the new features and enhancements made for this Asset Manager 5.3 release, which is recommended for all users.
| FireMon Asset Manager Edition 5.3 | |
|---|---|
|
The upgrade file is now available in FireMon User Center > Downloads. |
For the upgrade procedure, see Upgrading Asset Manager. |
We recommend upgrading your Scouts whenever you upgrade your Command Center. However, Scouts 5.1.x and 5.2.x are compatible with Command Center version 5.3.
When deploying the OVA, ensure FIPS is enabled. After licensing the system, disable FIPS through the CLI by entering the following command: system fips disable. A reboot is required to apply the change.
Database Schema
The database schema provides a visual representation of the database. You can request the 5.3 database schema from Asset Manager Support.
CLI Commands
The Asset Manager CLI is a powerful hierarchical menu-driven interface that provides virtually all administrative functionality in the browser interface.
To administer your system using the command-line interface, see System Administration via CLI.
Security Updates & STIG
5.3 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 5.3 for a list of CVEs resolved in this release.
Highlights
Scan Window Profile – Take Control of Your Asset Scans
With Scan Window Profile, you can now easily manage when an Asset Manager Collector scans your network. Create a profile, attach it to a collector, and precisely schedule scans to run at your preferred days and times. More information can be found here: Scan Window Profile
Introducing a One-Stop Resource for All Your Key Asset Information
Efficiently access essential asset details, including DNS information, SNMP credential usage, expired certificates, and more — all in one convenient location.
Enhanced SAML Configuration – Flexible Service Provider Entity ID Management
Users can now customize the SAML Service Provider Entity ID, enabling support for multiple Asset Managers managed by SAML authentication.
RedSeal Integration Removal
The RedSeal Integration has been removed from the product.
Device Profiling Improvements
Capture Group Labeling: Resolved an issue where capture groups were incorrectly applying capture group label {2}.
Reference IP Designation: Fixed an issue where the Reference IP designation did not respect the internal list.
Custom Profile Pattern Application: Addressed a problem where custom sysDescr profile patterns were only applied to a subset of devices.
Noteworthy Resolved Issues
Download Log Bundle Issue: Fixed an issue where the Download Log Bundle function was not working correctly.
Organization Name Handling: Resolved a problem with organization names containing spaces.
Port ID Display: Port IDs are now displayed correctly without commas.
Security Enhancements: Applied critical security updates.
Change Log
Improvements
| Ticket | Summary |
|---|---|
| LUM-5277 | New Core Indices Dashboard Widget Devices Discovered per Target List now loads on the Performance System |
| LUM-5249 | Suppress/Hide the Map: "Export to Visio" Button |
| LUM-5235 | Feature request: Allow users to change the SAML SP entity ID |
| LUM-5219 | Real-Time Notifications Emails | Update to remove Lumeta from email title and content |
| LUM-5210 | New Core Indices Dashboard/Landing Page |
Resolved Issues
|
Ticket |
Summary |
|---|---|
| LUM-5257 | CLI command system DNS accepts special characters (like /) for DNS IP address |
| LUM-5220 | Support Tools/Download Log Bundle the resulting file is only 158 bytes |
| LUM-5202 | SNMP scanning looping on lldpRemManAddrIfId |
| LUM-5171 | Asset Manager in AWS not sending scan traffic due to ifcfg-eth0 |
| LUM-5151 | Discovery doesn't start |
| LUM-5111 | Profiling. Capture groups applying capture group label {2} instead of pattern match |
| LUM-5081 | Parent selection not respecting the internal list for many devices |
| LUM-5006 | After deleting a Scout, the Collector tied to the Scout interface remains enabled. |
| LUM-4260 | Do not use comma formatting for port numbers or IDs |
| LUM-3983 | CLI | rebranding of raduis and pki enable warning message added an extra newline |
| LUM-3397 | When Installing Server certificate at CLI level the export password is in plain text |
| LUM-3391 | Naming a zone with a vertical bar in the name causes breakages in Rapid7 due to the way Rapid7 zone mapping data is being stored and parsed |
| LUM-2521 | If Organization Name has Spaces the User Roles for that Organization are not shown as checked |
| LUM-786 | CLI to add SNMP V3 credentials requires a context string, it should be optional like the UI |