Security in Hybrid Cloud Observability

What does it mean and why is it important?

IT admins are increasingly interested in having single-pane-of-glass visibility into their environment, including security events and issues. Full-stack observability solutions help provide comprehensive coverage across the IT landscape, enabling rapid time to value and reduced mean time to detect and remediate issues.

We’re excited to announce the integration of our security products, Security Event Manager (SEM) and Access Rights Manager (ARM), with our SolarWinds® Hybrid Cloud Observability solution. This will allow IT admins to view important security dashboards from SEM and ARM within Hybrid Cloud Observability. IT admins will also be able to see correlated node-based events and issues dashboards from SEM/ARM in the appropriate node details pages.

This integration converges security-related events, metrics, and activities with the data in Hybrid Cloud Observability about the end-user environment and will help IT teams to:

  • Gain insights into the whole internal state of complex distributed systems and environments
  • Minimize the time needed for identifying security issues
  • Understand the security posture of an environment
  • Remove internal silos for better control

Who has access to this

Customers who have Hybrid Cloud Observability Advanced, SEM, and ARM licenses will be able to integrate the products together. Customers who only have SEM or ARM licenses but not both will be able to visualize only a subset of the dashboards in Hybrid Cloud Observability.

How to integrate

In Hybrid Cloud Observability, under Settings -> All Settings ->Product Specific settings, there’s a new addition labeled “SecObs Settings”:

 

Once clicked, SEM or ARM details can be entered there for integration.

 

Here’s a sample setting page for SEM settings:

Summary dashboards

  1. Under the My Dashboards tab within Hybrid Cloud Observability is a new category for Security, and under it, the following sample summary view for the “Security in Observability” summary page:

This page shows summary widgets from not only SEM and ARM but also displays important updates from Patch Manager and firmware vulnerabilities and policy violations widgets from Network Configuration Manager (NCM), as well as providing a true single-pane-of-glass view of items relevant to identifying critical security issues.

  1. Additionally, under the security tab is a separate option labeled “SEM summary dashboard,” showing some key security activities and metrics from SEM. The widgets shown from SEM are based on SEM saved queries which are scheduled to execute at any frequency and with tags like “General Best Practice metrics” or “PCI breakdown,” etc. For each of those queries, you can set minimum or maximum thresholds to determine the severity level of these queries as “ok,” “critical,” or “warning.” More on saved queries in SEM in the “SEM saved Queries/Tags section below.

The little red rectangle highlighted in the middle widget in the picture above allows admins to launch in context into SEM for more details.

By clicking the edit button on the page above, admins can add more widgets by selecting the appropriate SEM data source tags they’re interested in, as shown below:

SEM saved queries/tags

In SEM, under the tab “Historical Events,” there’s an option to view or add saved queries for filtering the events.

The picture below shows an example of a predefined saved query in SEM that can be scheduled or edited.

For executing the saved query, select “Schedule this query” and select the time and frequency to execute the query, as below:


To edit a saved query, select “Edit” against the query name, and in the “Details” tab, add a tag corresponding to the category of events. For example: “General best practice metrics” or “PCI.” In this release, a select set of tags are available in SEM to choose from.

 

After adding tags, select the “Thresholds” tab and add the minimum and maximum thresholds for the number of results of the saved query to determine the severity level. For example: “critical” if number of results over 1000, and “warning” if results over 100 but below 1000, etc. Based on the set thresholds, the SEM widgets in Hybrid Cloud Observability will show green, red, or yellow for “ok,” “critical,” and “warning” levels.

Note: Scheduling saved queries with tag(s) in SEM is a mandatory requirement to be able to see SEM widgets in Hybrid Cloud Observability.

Node details

One of the most notable updates in this integration is the node-based correlation of SEM and ARM events. For those Hybrid Cloud Observability nodes under the management of SEM and ARM, relevant widgets will appear in the Hybrid Cloud Observability node details pages with the ability to launch into SEM/ARM in context.

 

How to Download

The 2022.4 releases are fully tested and supported and are ready for you to install on new servers or update your current ones.

What's next?

Watch this space for more exciting capabilities in the future, and check out our What We’re Working On post for what’s coming next for Hybrid Cloud Observability and its features.

THWACK - Symbolize TM, R, and C