FireMon is pleased to provide this overview of the new features and enhancements made for this Asset Manager 4.8 release, which is recommended for all users.
| FireMon Asset Manager Edition 4.8 | |
|---|---|
The upgrade file is now available in FireMon User Center > Downloads. | For the upgrade procedure, see Upgrading Asset Manager. |
We recommend that you upgrade your Scouts whenever you upgrade your Command Center. However, Scouts 4.6x and 4.7x are compatible with the 4.8 version of the Command Center.
For customers upgrading from 4.7, previous branding customizations will be reapplied after the upgrade to FireMon Asset Manager 4.8.
For customers upgrading from 4.5 or 4.6, previous branding customizations will not be reapplied after the upgrade to FireMon Asset Manager 4.8. Contact support@firemon.com for instructions on how to rebrand after upgrading.
For Meraki customers: After upgrading to 4.8, select a zone for devices to be stored for Security Intelligence Platform (SIP) and Meraki integrations if no zone is already selected.
Release Highlights
TLS Discovery
We have implemented a new HTTPS discovery feature in Asset Manager to provide the ability to collect endpoint-supported SSL and TLS versions and populate a dashboard providing SSL and TLS speakers by version. This feature leverages extra questions that can be asked of an endpoint while Asset Manager gathers security certificate information to determine what TLS versions are responsive from the endpoint. This allows for the identification and remediation of disallowed and unsupported TLS versions.
Device Profiling
We have added the ability to profile devices (Vendor, Device Type, Model, OS, and Version) from any arbitrary device attribute. This powerful feature greatly expands Asset Manager’s ability to identify all device elements based on any arbitrary attribute related to the device. This means you can profile against any attribute including custom attributes (for example, a CSV list of web servers), integration-derived attributes, or any other attribute.
Auto Targeting Cloud Sources
An enhancement was made to the cloud scanner discovery configuration. We have added the functionality to auto-update a collector’s target list directly from cloud scanner results. This feature was designed for use cases where cloud-based targets (for example, web servers) have dynamically changing IP addresses and are difficult to target for daily port testing. This feature supports the ingestion and auto-targeting of dynamic cloud IP addresses using Cloud Scanner for direct port scanning of those cloud IPs. It is recommended that the cloud scanner run in its own collector when Target Cloud Devices is enabled. When enabled, any existing targets in the target list will be removed.
Security Manager Integration
We have instituted the native processing of assets ingested from Security Manager to allow for the creation of device attributes (initially for profiling). This feature changes the nature of ingested firewalls from just a data point to a natively discovered device within Asset Manager. This allows for the profiling of ingested assets against device attributes (attribute examples, firewall, Palo Alto, Panorama).
Tripwire Integration
We enhanced our existing Tripwire integration with the added ability for users to select which Asset Manager zones get pushed to Tripwire. This ‘fine-tuning’ capability of our recent Tripwire integration allows you to specify which zones do or do not get shared with your Tripwire instance, allowing for a much more flexible integration strategy.
External Data Sources
We have added Elasticsearch to the list of external JDBC data sources supported by Asset Manager. This feature allows users to configure a JDBC connection to one or more Elasticsearch servers and then write Elasticsearch SQL queries to retrieve data from those servers. That data can be used in Dashboards, Reports, and Queries, alone or connected with other Asset Manager data.
Database Schema
The 4.8 database schema shows a visual representation of the database.
Security Updates & STIG
4.8 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 4.8 for a list of CVEs resolved in this release.
Change Log
Improvements
[LUM-574] - Record SSL CipherSuites
[LUM-3677] - Upgrade Lumeta API Spring components to the same version as Warehouse
[LUM-3830] - Feature Request: take list of public IPs found by Cloud Scanner and automatically add to Target List
[LUM-3904] - Add attributetype_id int column to profile.pattern
[LUM-3905] - Update code to ingest fingerprints with <deviceAttribute> field (update xsd too)
[LUM-3906] - Write device processing java code in MemoryZoneDaoImpl.processProfileData
[LUM-3982] - Update "Outbound Leaks - all zones" query
[LUM-4004] - Uptick Spring for CVE-2022-22965
[LUM-4042] - Need to turn off the APA/Rule Rec portion of our FireMon integration
[LUM-4056] - Allow user to set/view targetCloudDevices setting in CLI
[LUM-4072] - Extract lumeta-api-client code into its Maven module - Phase II
[LUM-4107] - Device profile source for attributes should be more informative
[LUM-4110] - Devicify FireMon integration devices
[LUM-4147] - Warehouse: Support Elasticsearch as an external data source
[LUM-3850] - Implement bidirectional Integration - push assets to Tripwire
[LUM-3964] - System | Replace legacy names for downloaded filenames
[LUM-3971] - UI | Hardcoded Doc URL not using the new rebranding logic
[LUM-3999] - Update sysctl with kernel.dmesg_restrict = 1
[LUM-4002] - Extend new CIDR validation functionality to remaining applicable GUI spots
[LUM-4036] - Allow User to select Zones to push to Tripwire
[LUM-4055] - Uptick Postgresql JDBC to >= 42.5.4
[LUM-4081] - Zones | GUI | Increase Custom Attributes Upload Limit
[LUM-4109] - update rpms based on Nessus and R7 scans for 4.8
[LUM-4125] - Tweak lumeta selinux module to allow SSH port forwarding
[LUM-4150] - Change help text for "Target Cloud Devices" option
[LUM-4166] - Fix rogue "Lumeta" in enterprise SNMP response
Resolved Issues
[LUM-3689] - Error around jsonb ? text operator
[LUM-3783] - User not warned they add invalid CIDR Masks greater than 32.
[LUM-3816] - device_vendor view not including some profiled vendors
[LUM-3978] - DOPS | Purge | "Table not found" error when purging data
[LUM-3980] - Tenable.SC | Feeds | " No value found for feed "Tenable" and key "tenableUserAgentHeader"" error message on upgraded system
[LUM-3992] - EULA contains spurious links that don't go anywhere
[LUM-3997] - customer license with non perpetual lifetime display error "License not yet activated"
[LUM-4008] - DDL export should not replace branding tokens
[LUM-4010] - Tenable.SC | Feeds | "Unable to make field private final" error message
[LUM-4054] - Cloud Configuration - Target Discovered Devices tooltip text has extra unintended text
[LUM-4059] - Upgrade from 4.6. to 4.8 is failing. warehouse and webapp not starting.
[LUM-4065] - profile.pattern constraint has a different name on upgrade compared to netboot.
[LUM-4078] - CLI command 'authentication ldap' is failing with an error, same error from GUI
[LUM-4080] - Integrations | GUI | Retrieve Configurations Button does not show zone dropdown selection
[LUM-4113] - ISC | Feed | Fails to parse services feed file
[LUM-4118] - WMI | Newer version of Windows not responding
[LUM-4121] - Incorrect debug message syntax
[LUM-4122] - sshd is not starting after upgrade. ssh_host_ed25519_key has the wrong permissions
[LUM-4126] - Tighten up form restrictions on GUI modals with zone options
[LUM-4130] - A config.override.properties that's created after Warehouse is running will be ignored
[LUM-4133] - Integrations | API | Seeing "unable to find valid certification path to requested target" when enabling integration
[LUM-4144] - cloud scanner with Target Discovered Devices enabled is not targeting devices
[LUM-4162] - Upgrade - Files in /usr/local/lumeta/branding/images are not preserved on upgrade