FireMon Asset Manager
Page tree

Versions Compared

Old Version 6

changes.mady.by.user user-05670

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

FireMon Security Manager

We need to make below changes to the FireMon Security Manager Dashboard

  • A new widget will be added at the top of the dashboard.
  • Existing widget "Infrastructure Devices Unmanaged by Security Manager" will be changed.

Below are the details on changes

  • Add widget as the first widget on the dashboard
    • title: Synthetic Routers shared with Security Manager
    • Add tooltip text: Routers, Switches and Firewalls identified by Lumeta and shared with Security Manager as Synthetic Routers
    • Widget will display all the devices that Lumeta has created in Security Manager as synthetic routers.
    • Columns that need to be displayed; IP Address, Mac, active, device type, os, zone name, first observed, last observed, forwarder
  • Add below changes to existing widget "Infrastructure Devices Unmanaged by Security Manager"
    • Change title to "Forwarding Devices Unmanaged by Security Manager"
    • Add tooltip text - "Forwarding devices not profiled as a Router, Switch or Firewall.  These devices are not sent to Security Manager automatically and will need to be added manually as needed."
    • Change underlying query to return list of forwarders that are not router, switch or Firewall

Image Removed

Image Removed

Image Removed

...

Now you can share information between Asset Manager and Security Manager (SM) via API and create a group within Security Manager of Asset Manager-discovered devices it does not manage (i.e., non-managed devices in SM). Security Manager refers to devices imported from Asset Manager as "synthetic routers," and includes the data as part of the device's definition. 

  • Information on devices that profile as a unique router, switch or firewall in Asset Manager are fed to Security Manager, provided SM does not already know about the devices.
  • Data points like device vendor, operating system, and model are conveyed, along with the description "Discovered by Asset Manager."
  • Interface and routing information that Asset Manager discovers along with the device is also transmitted to Security Manager.

To amplify management capabilities, first configure the SIP Integration, and then review the FireMon Management dashboard, located on Asset Manager's Dashboards > Integrations menu.

The Risk Analyzer and Security Manager dashboards are introduced here:

Security Manager

The Synthetic Routers shared with Security Manager table identifies routers, Layer 3 switches and firewalls discovered in real-time by Asset Manager and pushed to Security Manager as "synthetic routers." Only devices that are new or “unknown” to Security Manager are transmitted there automatically. In the context of Security Manager, these newly ingested devices are called "synthetic routers."

Image Added


Forwarding Devices Unmanaged by Security Manager are forwarding devices Asset Manager found that do not profile as routers, switches, or firewalls. Asset Manager does not automatically push these findings to Security Manager. If the customer wants these findings in Security Manager, they must be added manually. 

Image Added


The Devices Unmanaged by Asset Manager are those devices that Asset Manager pulls from Security Manager. Ideally, this table will be empty, indicating that all devices managed by Security Manager have also been indexed by Asset Manager. The presence of records in this widget indicates a lack of visibility: Maybe a firewall is blocking discovery, maybe there’s a misconfiguration, a necessary protocol is missing, or there’s a poorly placed Scout component.

Image Added


The final widget—Security Manager and Asset Manager-Managed Devices—is the full result of the Asset Manager-Security Manager integration. Devices on a network that both Security Manager and Asset Manager know about presented here, indicating that there are “no blind spots” and the customer has “full, visibility and coverage.”

Image Added

Risk Analyzer

The top set of dashboard widgets shows devices Lumeta assets Asset Manager knows about, but FireMon Risk Analyzer does not. This means that FireMon SIP is not defending the IPs assets listed in the Assets Unmanaged by FireMon Risk Analyzer widget. Consider exporting these  these from Lumeta Asset Manager, and importing them to FireMon Risk Analyzer to complete its coverage.  

Image RemovedImage Added


Lumeta Asset Manager cannot "see" the IPs assets listed on the Assets Unmanaged by Lumeta Asset Manager widget. This indicates that your Scouts cannot "see" into the network on which they are located. Check your Scout deployment. Perhaps the device is off-network. This set presents devices FireMon Risk Analyzer knows about, yet Asset Manager does not.

Image Added

This set presents asset vulnerabilities Risk Analyzer knows about, yet Lumeta Asset Manager does not.

Image RemovedImage Added

These panels will show any devices assets managed by both Lumeta Asset Manager and FireMon.  The panel is empty because no devices were co-managed by both Lumeta and FireMon.

Image Removed

 

 Risk Analyzer.  

Image Added

SIP Device Details

The risk score, asset values and other device details associated with SIP-managed devices.

Image Added