Skip navigation

Product Blog

5 Posts authored by: omri

I'm excited to announce that the Log & Event Manager (LEM) 6.2 Release Candidate is now available for download by customers on active maintenance! If you're too eager to read the entirety of this post and want to jump right in, head on over to your customer portal to get started. The LEM team has been hard at work on features that will make your lives both safer and easier, and we can't wait to see what you think of them. So, with that, here's a quick overview of what goodness LEM 6.2 is delivering.

 

 

New Feature: Threat Intelligence Feed

 

I already wrote a lengthier blog post about this feature, so I won't go too much into the details, but I will say that this a feature that we're really excited about. You asked for it and now we have it ready for you. With this new feature, we focused on ease of implementation and immediate value, and we hope you'll agree that a check box to get it up and running is pretty good. It's as easy as the screenshot below.

threat_intelligence_enable.png

LEM sources its threat intelligence feed data from command and control lists such as Zeus and Freodo, and drop nets such as Spamhaus and Dshield top attackers, among other sources.

 

 

New Feature: Automatic Connector Updates

 

LEM's connectors are one of its greatest assets. However, we realize that in the past we have made it somewhat cumbersome to get the newest connectors for the newest devices. So with LEM 6.2, we have created a feature that we're really excited about - automatic connector updates. With this feature enabled, you will no longer have to worry about manual updates - and you can rest assured that your LEM will always be up to date with the newest connectors.

 

Best of all, it's easy to use. Just enable it in Manage Appliances, and you'll be kept up to date. And if you want to force an update at any time, you're just another click away. See below.

enable auto updates.png

 

Improvement: Virtual Appliance Details from LEM Manager

 

For the purpose of ensuring reliable performance and simplifying troubleshooting, it's important for LEM users to be able to view their host appliances' resource settings. Because we know how important this information is, we wanted to ensure that LEM users have easy access to it. So with LEM 6.2, you now have access to this critical information directly from your LEM Manager. You'll be able to quickly view details regarding CPU, memory, and more.

vm details.png

 

And of course -- bug fixes!

 

We make sure that every release addresses your customer issues, and LEM 6.2 is no exception. To name a few:

  • NTLMv2 authentication support for effective resource allocations
  • File Audit Event report bug fixes and enhancements
  • New connectors for Kerio, Blue Coat, Proofpoint, GENE6, and more!

 

So what do you do next?

 

Head over to your customer portal to download and get started.

 

Once you have it up and running, if you have any questions/comments/concerns/feedback, head over to the LEM RC forum and let us know!

 

- the LEM Product Team

 

Disclaimer: Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product team's intentions, but those plans can change at any time.

Over the last few months, the Log & Event Manager (LEM) team has been working hard on a not so short list of features. I'm excited to announce that a major feature of the upcoming release of LEM 6.2 will be something that you all have asked for time and again: Threat Intelligence Feed integration. And so, I decided to take a moment to show off a bit of what the feature will look like and provide a chance to test the new functionality.

 

So before I get started, feel free to click below to be included in the LEM 6.2 beta program to test out new features such as the Threat Intelligence Feed and more.

 

download button.png

 

What's in the Threat Intelligence Feed for me?

The concept of Threat Intelligence is one that has been covered in the world of security news for some time now. Problem is that, generally speaking, the term opens itself to a broad range of implementations and thus can mean something different to any vendor. So why should you care about the feature as it applies to SolarWinds? LEM 6.2's Threat Intelligence Feed will allow your organization to be prepared to recognize and handle already known and proven threats. With LEM analyzing your environment for activity against a list of known malicious threats, you will be able to easily incorporate the shared knowledge of top, reputable threat lists into your own workflows to prevent yourself from the risk these threats pose. Since that is a lot of words, let's jump into some screenshots that will help to better clarify what the new feature brings.

 

 

From Reactive to Proactive

LEM's new Threat Intelligence Feed is what allows your organization to move from reactive detection, looking around your environment as best you can hoping to surface suspicious activity, to the world of proactive detection - creating workflows that will ensure you know right away when known bad actors have made the way to your own environment.

 

We've all been there before - pulling down a list of threat indicators and manually searching for traces of them throughout our environment. Well with the Threat Intelligence Feed, that won't be necessary because the part that we know our customers will delight in most is the ease of implementation. All you have to do is check a box in your LEM console's Appliances Properties screen and you've enabled automatic coverage of some of the top threat lists available today.

 

threat_intelligence_enable.png

 

Search and Filters and Rules - Oh my!

Once enabled, LEM will automatically begin detecting threats in your environment. And if it finds something, it's readily available to you throughout LEM. The first place you'll be able to find it is through an nDepth search (see below - the highlighted event has been flagged by LEM as a known threat).

ndepth.png

 

Of course we know that search isn't the ideal way to consume such critical security information, so of course we will include out-of-the-box functionality that will help you get the most value out of this feature. This includes pre-built Filters, such as the one for All Threat Events seen in the screenshot below.

filters.png

 

And, finally, who would we be if we didn't provide out-of-the-box correlation rules, allowing you to take action and alert whenever a threat event is found in your environment (just in case you don't spend your whole day in the LEM console - which is how I spend mine). See the image below for a rule to take action on a potential threat flagged by the Threat Intelligence Feed.

ootb correlation rule.png

 

In summary

While there's more in store for the release of LEM 6.2, the Threat Intelligence Feed is a feature we are excited about and hope that you are excited about too. As such, we want to get this into your hands ASAP so we can get your thoughts on it while we still have time to make fixes and improvements.

 

So if you're a current LEM customer interested in testing out LEM 6.2 and getting your hands on new features such as the Threat Intelligence Feed, sign up for the beta here.

First and foremost, I'm excited to announce the availability of Web Performance Monitor (WPM) 2.2!

 

With this newest release, the WPM team has introduced several new features, including:

 

  • AppStack Integration
  • Web-based Alerting
  • and Step Dependencies

 

To learn more about each of these features, head over to my WPM 2.2 Beta post. Rather than cover these features individually, I want to give a bit of color as to the power of the three in aggregate.

 

 

Using WPM to Define a Web App Workflow

When thinking about the AppStack, a WPM transaction recording is best thought of as a way of defining a web-based application workflow. Defining this workflow allows you to add great context to your AppStack environment. As in previous versions, WPM permits you to capture a series of steps you take within a web app. But now, when you complement this with WPM's newly introduced AppStack support, you are able to go one step further - tying the steps in your WPM transaction to the various components in the AppStack on which it depends.

 

The easiest way to demonstrate the capability of WPM 2.2 in identifying, forecasting, alerting, and reporting on issues is through an example and for that, why not use a web app with which we're all familiar - the SolarWinds Orion Console. To make it easy, I'll use an example from our wonderful online demo so you can click through. You'll find the example here.

 

Creating the WPM Transaction

I'm not going to step through how to record the transaction, but as mentioned previously, we built a transaction in the WPM demo to define a workflow that simulates end users visiting the Orion Console from our various office locations. The screenshot below shows the various steps in the recording as well as their statuses (we'll touch on those later):

orion transaction steps.png

The transaction workflow is as you would expect - login to Orion from our main Austin office, log out, and do the same from our offices in Cork and Tokyo. Now that you have the transaction and its various steps recorded, you can set your dependencies and really unleash the power of the AppStack.

 

Setting the AppStack Dependencies

WPM 2.2 allows you to setup both transaction and step dependencies easily. The result is a set of dependencies in your environment that are tied to the success of the execution of our Orion Console transaction - and thus our Orion products more broadly. A screenshot of a transaction level application dependency:

orion transaction dependencies 2.png

The screenshot above is from the main transaction details page. It shows that you that the entire transaction has an application dependency on an MSSQL instance that is sitting on our orion-main server. Now we'll set a few of our newly introduced step level dependencies, which can be applied both to nodes and applications. To do this, go to the Step Details page for any transaction step and click the Edit option, as seen in the below screenshot.

step details.png

From there, scroll to the bottom, expand the "Set individual dependencies for steps" list, and add your step dependencies through the Edit menu option you see below.

setting step dependencies.png

Once you've set the step dependencies you need, go back to the Step Details page and you will see all the dependencies which you've set.

orion step dependencies.png

The screenshot above is from the "Log in to Additional Web1 - Cork" step details page. You see that we have set both node dependencies on this step (a couple of routers and a location specific Orion server, orion-web-cork) as well as one application dependency, our Cork IIS. We could have set any node or application dependency we deemed critical to the execution of this step - the list of the dependencies you can set is only limited by what your SolarWinds products can see.

 

So that means we set our transaction, and we set our dependencies. Time for the AppStack.

 

WPM + AppStack = Making Sense of it All

We did all the heavy lifting. Now it's time for AppStack to do the rest and see where it gets us. The good news is, that it gets us pretty far. Opening up our AppStack view and turning our Orion Console transaction on in the AppStack Spotlight view shows us this:

appstack orion.png

A few simple steps and we now have a view from top to bottom of what our Orion Console transaction looks like in the context of our broader environment. The applications that matter are put into focus. As are the various servers and volumes. A more complex transaction would mean that more levels of your AppStack would come into focus.

 

So, How Does This Help Me?

The value that the previous view in the AppStack provides is limited really only by your imagination. A few straightforward examples.

1) If you get a ticket that says that your Orion Console is unreachable (which in our demo it seems to be), you can quickly look at the transaction in the above focused view and follow the statuses down the AppStack to find the root cause - you may have noticed in earlier screenshots that our orion-web-cork server is down and thus the status of that leg of the transaction is unreachable. This is clearly represented by the red dot on the server level. Now you know your issue lies with that server and you know where to start.

2) If you would prefer using WPM's full power to get ahead of such issues rather than fight the resulting fires, you can set an alert on a transaction step and instantly be alerted when a step goes down. This will allow you to be informed of an issue as soon as that step goes down and be able to pinpoint which dependent resource may be at fault. Here's what setting up that alert would look like in our new web-based alerting front end. You'll see that it is set to alert you anytime a transaction step is in any state but up (the unreachable status in this example would have triggered this alert):

tranaction step alert.png

3) You know that you have a non-responsive app (you see it right in the AppStack) and are curious to see which web apps and transaction workflows may be impacted. You click and see that this Orion Console transaction has that application on its path. Immediately you know that users of the Orion Console will be impacted. While you're fixing the root cause of the issue (our orion-web-cork server), you can have WPM's reporting functionality on the Orion Console transaction build a report to show the impact (availability, SLA, etc.)

4) Mapping of these transaction dependencies allows all those using WPM and the AppStack to understand what parts of your environment are interrelated and dependent on one another. Thus, after initial setup, this information is clearly and intuitively presented even to those that are new to your environment. And if someone in your organization is trying to take down a server for maintenance, they can look at these dependencies and know exactly what will and won't be affected.

 

A Quick Review

So what did we accomplish? In a few easy steps, we enabled the AppStack to provide quick and easily digestible context about our environment that will help to make identifying, solving, forecasting, alerting, and reporting the root cause of an issue simple.

 

Above all, this is the power of the new WPM 2.2 and its features. But this is really the tip of the iceberg in the form of a simple example. We can't wait to see what our users come up with.

 

Leave some comments on your thoughts about this and where you think the power of WPM + AppStack could help you.

 

And of course, head over to your Customer Portal to get started with the the new WPM 2.2.

The Web Performance Monitor (WPM) 2.2 Release Candidate 1 (RC1) is now available! To participate in the RC, simply fill out the survey in the link below to get started.

 

 

 

 

Improvements in WPM 2.2 include all the new features we mentioned in our beta blog post, as well as:

 

 

Support of SolarWinds AppStack Resource:

Our beta post mentioned how excited we are about WPM 2.2's integration with the new SolarWinds AppStack. This integration will power an additional new feature in WPM - the AppStack Resource. With this resource, you'll have the same easily digestible view of your environment right in your transaction details page, but with the focus only on those resources associated with that transaction. This view, powered with our new step dependencies, means that you'll have transaction diagnostics as well as statistics on resource dependencies all in in the same place. With all this information together on one page, you'll be able to diagnose issues in transactions more easily than ever. Check out the screenshot below and make sure to download WPM RC1 to get started with it.

MiniStack2.PNG

 

Various bug fixes:

  • Internet Explorer cache growth issues
  • HTTP500 errors on Windows Server 2008 R2
  • Top 10 Transactions/Steps by Duration resource errors
  • Event summary time displayed errors
  • WPM service unexpected crashes

 

Release candidates are fully supported and are made available to existing customers prior to formal release in order to generate feedback on new features. Take the survey through the button below to make sure you qualify. If you have any problems with the RC1, you can file a ticket with Support just as you would for any GA version of the product.

 

And don't forget to leave any feedback you have in the RC Forum!

 

 

- the WPM product team

Here at SolarWinds we've been working overtime on another update to Web Performance Monitor (WPM), only a few short months after our release of WPM 2.1. I am pleased to announce that the result of our efforts, WPM 2.2, has reached beta status. Now is your chance to install the latest version and provide us your feedback on the newest features. We remain committed to constantly improving WPM and your beta participation and feedback guarantees that we are making improvements that are beneficial to our users.

 

To participate in the beta, simply fill out this survey and we will send you the download links as soon as they’re ready.

 

 

Below is an overview of the newest features you’ll see in WPM 2.2.

 

1. New AppStack Integration

The AppStack environment is a new feature that we’re very excited about here at SolarWinds. It provides users an overview of their entire environment in a single, easily digestible view – from storage arrays all the way up to the applications consuming the data they house. As a part of the AppStack formula, transactions managed by WPM as well as their dependencies can easily be viewed and any issues diagnosed.

 

To give an example of where the magic of AppStack + WPM would shine, let's say you get an alert that your WPM transaction has failed and users are beginning to call with complaints. From the AppStack view below, you can quickly glance to determine if the issue lies in your storage, server, web application, virtualization, or elsewhere. Knowing this allows you to focus your remediation efforts right away, decreasing the time to resolution.

 

Check out a recent blog post for more information about our new AppStack and the screenshot below of what you can expect to see.

AppStackView.png

2. New Web-Based Alerting

By popular demand, web-based alerting is now ready to go with WPM. To be clear, for us that doesn’t mean simply moving alerts to the web. With WPM 2.2, you’ll see a whole new alerting engine built from the ground up. The update won’t affect the alerting functionality you’re used to; instead, it will give you increased functionality and control when creating transaction alerts. All said, that means you’ll be able get more out of your existing WPM transactions by making the data it generates more actionable. Lots of functionality with this so you'll have to dig in to see more, but a sneak peek of the UI is below and check out a recent blog post that gives an overview of the new features.

WebBasedAlerts.PNG

3. Step Dependencies

WPM 2.1 brought you dependencies at the transaction level. That meant that you were able to set resource dependencies to transactions as a whole. However, we started to see that users had different dependencies on the various, individual steps of a transaction. With WPM 2.2, we’re letting you take that one step farther (pun intended) - you’ll now be able to drill down even deeper by setting dependencies on the transaction step level.

 

A quick example. Let's say you have a web transaction that includes various dependencies across the different steps of the transaction - e.g. you're an e-commerce site with a dependency in the first step on checking inventory from an inventory system, a dependency in the second step on routing shipping through a shipping system, and a dependency in the final step on posting a sale to a sales system. Before step dependencies, all three of these systems would have been dependent at the transaction level. That meant if any single step of the transaction were to fail, you would get a warning that any one of those systems might be a potential cause for the transaction failure - you wouldn't know where to start. Now, with step dependencies, WPM 2.2 can tell you based on which step of the transaction failed the exact dependency that is the root cause. The result is more focused alerting, thus a more focused response and a quicker time to resolution.

 

This granularity of control is why we're excited to provide step dependencies and why we think they'll be valuable to our users. Check out a screenshot below where you can see individual transaction steps on the left and a VM node step dependency for the first step.

StepDependencies2.PNG

So there you have it – WPM 2.2. Be sure to fill out the beta survey to be included and if you have any feedback, leave it here. We’re working hard on making WPM better and your beta participation and feedback goes a long way in our being able to do that.

 

 

- the WPM product team

Filter Blog

By date: By tag: