One of the things that we wanted to do for this release was to split out the Windows Filtering Platform (WFP) from the Windows Security log connector.
Why are we splitting this out into a separate connector?
This is being split out because customers frequently call into support after being completely overwhelmed with the sheer volume of data upon enabling the Windows Security Log connector. While on the other hand some customers still want to collect this data.
What does this mean?
It means that upon connector upgrade this behaviors will change. Anyone that wants to collect Windows Filtering Platform events will need to configure that connector specifically once they get the latest connector update.
To receive updates on the Engineers Toolset roadmap, JOIN thwack and BOOKMARK this page.
We are constantly looking for new tools to add to our Engineer's Toolset so don't forget to vote or submit your ideas. Meanwhile, we are working on a few things to improve your experience:
SolarWinds considers various features and functionality prior to any final generally available release. As such, comments given in this forum are not (nor should they be interpreted to be) a commitment from SolarWinds that it will deliver any specific feature or, if it delivers such feature, any time frame when that feature will be delivered. SolarWinds is always trying to improve and enhance its products. All discussions herein are based upon product team current interests, and product team plans and priorities can change at any time.
To receive updates on the WPM roadmap, JOIN thwack and BOOKMARK this page.
With the official release of WPM 2.0.1 the WPM team is working hard to build several new and exciting features including:
Server & Application Monitor 6.2 included a boatload of great new features that are going to be difficult to top, but that isn't going to stop us from trying. Here is a sneak peek at just a few of the items the team is diligently plugging away on.
I'm excited to announce that the Log & Event Manager (LEM) 6.2 Release Candidate is now available for download by customers on active maintenance! If you're too eager to read the entirety of this post and want to jump right in, head on over to your customer portal to get started. The LEM team has been hard at work on features that will make your lives both safer and easier, and we can't wait to see what you think of them. So, with that, here's a quick overview of what goodness LEM 6.2 is delivering.
I already wrote a lengthier blog post about this feature, so I won't go too much into the details, but I will say that this a feature that we're really excited about. You asked for it and now we have it ready for you. With this new feature, we focused on ease of implementation and immediate value, and we hope you'll agree that a check box to get it up and running is pretty good. It's as easy as the screenshot below.
LEM sources its threat intelligence feed data from command and control lists such as Zeus and Freodo, and drop nets such as Spamhaus and Dshield top attackers, among other sources.
LEM's connectors are one of its greatest assets. However, we realize that in the past we have made it somewhat cumbersome to get the newest connectors for the newest devices. So with LEM 6.2, we have created a feature that we're really excited about - automatic connector updates. With this feature enabled, you will no longer have to worry about manual updates - and you can rest assured that your LEM will always be up to date with the newest connectors.
Best of all, it's easy to use. Just enable it in Manage Appliances, and you'll be kept up to date. And if you want to force an update at any time, you're just another click away. See below.
For the purpose of ensuring reliable performance and simplifying troubleshooting, it's important for LEM users to be able to view their host appliances' resource settings. Because we know how important this information is, we wanted to ensure that LEM users have easy access to it. So with LEM 6.2, you now have access to this critical information directly from your LEM Manager. You'll be able to quickly view details regarding CPU, memory, and more.
We make sure that every release addresses your customer issues, and LEM 6.2 is no exception. To name a few:
Head over to your customer portal to download and get started.
Once you have it up and running, if you have any questions/comments/concerns/feedback, head over to the LEM RC forum and let us know!
- the LEM Product Team
Disclaimer: Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product team's intentions, but those plans can change at any time.
I'm excited to announce general availability of Kiwi Syslog Server 9.5! The new Kiwi Syslog version is packed with great new features and improvements.
This release contains various improvements such as
Kiwi Syslog v9.5 is available for download in your customer portal for those customers under current Kiwi Syslog maintenance.
Storage Resource Monitor (SRM) v6.2 Release Candidates is now available in the SolarWinds Customer Portal for customers on Active Maintenance. Release Candidates can be installed on your production systems and are fully supported. The Product Team is eagerly awaiting your feedback in the Storage RC Forum.
Additional Device Support for Storage Resource Monitor's Orion Module :
This release adds additional device support to the Orion Module, allowing customers to monitor more devices on the Orion Core Platform and take advantage of the AppStack Environment View.
Hierarchical Storage Pools:
In addition to more device support in the Orion Module, we are adding support for Hierarchical Storage Pools. This allows customers to see multiple pool layers when a storage array has more than one logical storage container (pool) from which a LUN can be created. This is possible with HP 3PAR and EMC VMAX. Following are some screenshots showing Hierarchical Storage Pools and a *couple of new arrays supported.
Devices Supported by SRM Orion Module in Previous Releases of Storage Resource Monitor
I am excited to say that Database Performance Analyzer 10.0, with MySQL support, is now available. For the Orion users out there we have also extended the DPA data for MySQL into the integration. DPA 10.0 is now available in the customer portal to download for customers on active maintenance. If you are new to DPA and want to try it, you can download an evaluation from the SolarWinds website.
Note: DPA 9.5 was renamed to 10.0 before release. If you are running the release candidate DPA 9.5, no need to rush to upgrade to 10.0.
Register MySQL on-premise and in the cloud (RDS & EC2). Whether your MySQL instance is on RDS, EC2, or on-premise, the data shown in DPA is the same! Register a MySQL instance the same as you would for any other supported database in DPA. Have several instances to register no problem, use the Mass Registration wizard that can be found in Options.
MySQL DBA's have never really had a tool that could show them their problem SQL Statements. A lot of tuning work comes from the slow query log and monitoring metrics. While this can be important, this tuning path often misses the SQL that most effects the user. You certainly can't find a query in the slow query log if it runs in .01 seconds. However if that query is now running in .1 seconds and it runs thousands of times in an hour, it is most definitely the biggest pain point for your users.
In the screen capture below, you can see I have drilled into the familiar 'Time' dimension. From here, you can see that I can easily click to the Database tab to select and isolate SQLs that are coming from 1 specific database. This isolation can be done the for any of the dimensions.
The new dimensions for MySQL are 'Wait Instruments' and 'Operations'.
You may say 'Ok Kathy, that is a lot of information and all of this data is great, but what do I do with it?'. That is where the Advisors, Query Advice, and wait advice in general comes in. Let's say we saw a lot of blocking with a SQL. I click on the Query Advice and select the SQL I am concerned with.
Below is an example of the Query Advisor in DPA. You can see the highest hours that had blocking, an explanation of what Blocking is, and other areas to look in DPA to troubleshoot this problem further.
DPA has added more out of the box metrics for MySQL than we have for any other database we support. The good news is you get all these metrics PLUS, you still can create a custom resource metric just like you can for the other monitored instances
Note:This is one area of DPA that provides more detail for InnoDB than other engines.
We are building on what we did in the previous 9.2 release by giving SAM and Orion users the ability to see MySQL in Orion.
To see the full integration with Orion, go here Announcing DPA 9.2 GA : Is it the Application or the Database?
Let's go back to that Resource (metrics) page for a moment. you may notice something new. Yep, that is the same 'Show Baselines' button that is on the Resources tab. When there is a metric that is in alarm on the home page, here the Memory 'Warning alarm is circled', you want to click on that alarm to find out more details.
You can see that clicking on that warning icon brings you to the memory tab on the metrics page. However once we got to the Resource Metric page, you noticed that there is a critical issue with Sorts and the Memory issue has resolved itself. Here you can see a short snippet of what this Metric means as well as the Baseline for the metric. You can easily see that the Row Sort Rate is higher than the baseline for this hour. This would call for more investigate in DPA.
For current customers, just log into the Customer Portal to download DPA 10.0.
If you want to try out DPA for the first time, download it from the SolarWinds website.
What's next for DPA? You can review our What We Are Working on post What We Are Working On for DPA (Updated November, 2019)
As a part of an effort to help untangle compliance initiatives, a popular request on the federal side is FISMA (Federal Information Systems Management Act) Compliance and support for the Risk Management Framework (RMF). In this post, I’ll outline what FISMA compliance is, we’ll walk through FISMA bit-by-bit, and we’ll talk about where SolarWinds® products can help.
What it means to take on “FISMA Compliance,” is described in several NIST (National Institute of Standards and Technology) publications. The amount of NIST publications out there are impressive, but there are only a few we’re interested in. A couple of these are FIPS (Federal Information Processing Standard) publications—usually when we think of FIPS we think of encryption, but here we’re mostly focused on risk analysis.
Here’s a great summary, though wordy, of how it all fits together:
FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems, is a mandatory federal standard developed by NIST in response to FISMA. To comply with the federal standard, organizations follow the Risk Management Framework to determine the security category of their information system in accordance with FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, derive the information system impact level from the security category in accordance with FIPS 200, and then apply the appropriately tailored set of baseline security controls in NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
Okay, okay, how about the super simple version? In order to implement FIPS 200 with NIST 800-53, you have to first do the risk categorization in FIPS 199. Whew!
We’ll leave the whole exercise of assigning risk up to you, since it’ll be different for each environment. Once you’ve done that, as you walk through the 800-53 requirements, you’ll see different controls needing to be applied at different levels. Generally, you’ll have to comply with the “document” and “policy” controls across all risk levels, but some of the finer controls may not need to be applied to all risk levels.
NIST 800-53 and the RMF (revision 2) provide a great breakdown of the steps needing to be applied. Of interest to us when it comes to where SolarWinds products can help are:
I’ll walk through each control and identify relevant products for each category as I go, so you don’t have to memorize them all just yet.
Before we dig into implementing key controls (Step 3), as a part of assessing and monitoring controls (Step 4 and Step 6), here is out-of-the-box content designed to help in SEM, ARM and NCM:
There are hundreds of out-of-the-box reports, many of which are categorized for FISMA specifically. These reports help address the Assess/Monitor by looking for exceptions to controls, unexpected changes or activity, or attempts to bypass controls. In the SEM Reports Console, navigate to Configure > Manage Categories, select FISMA, then click OK. To see the list, go to View > Industry Reports.
In addition, SEM includes dozens of correlation rules categorized for different compliance initiatives. From the SEM Console, navigate to Rules, and Create Rule from Template. I’d recommend starting with General Best Practice, but as we go through the actual controls you should find relevant correlation rules where real-time notifications are useful.
All changes made with ARM are automatically recorded in the log book. This ensures compliance with legal and best-practice standards and saves the time of manual documentation. The log book report allows you to capture events by person or event type within any desired time period. This ensures fully transparent processes and documentation.
In addition, ARM allows reporting by resource or user for all resources.
There are several templates included to help (starting with NCM 7.4— DISA STIG and NIST FISMA Reports Now Shipping with NCM—earlier versions can download from the Content Exchange):
In the NCM web console, under CONFIGS, then Compliance, you should see them listed under the NIST category.
You might want to get a cup of coffee (or tea) while you read through this, as there’s a lot here. The entirety of Appendix F of 800-53 describes the controls and implementing them in detail. I’m going to skip over many of them since they don’t apply to implementing SolarWinds products, but I’ll include a description for each and more details where they’re especially relevant. Got your warm beverage? Let’s get going.
Double whew! I bet your hot beverage cup is empty at this point, perhaps I should’ve warned you to use a large one.
Hopefully at this point we’ve given you more info on how we can help you get moving with FISMA compliance. If you have any questions, feel free to post them and we’ll update the post as things change or more details are necessary.