Security in Hybrid Cloud Observability
IT admins are increasingly interested in having single-pane-of-glass visibility into their environment, including security events and issues. Full-stack observability solutions help provide comprehensive coverage across the IT landscape, enabling rapid time to value and reduced mean time to detect and remediate issues.
We’re excited to announce the integration of our security products, Security Event Manager (SEM) and Access Rights Manager (ARM), with our SolarWinds® Hybrid Cloud Observability solution. This will allow IT admins to view important security dashboards from SEM and ARM within Hybrid Cloud Observability. IT admins will also be able to see correlated node-based events and issues dashboards from SEM/ARM in the appropriate node details pages.
This integration converges security-related events, metrics, and activities with the data in Hybrid Cloud Observability about the end-user environment and will help IT teams to:
- Gain insights into the whole internal state of complex distributed systems and environments
- Minimize the time needed for identifying security issues
- Understand the security posture of an environment
- Remove internal silos for better control
Customers who have Hybrid Cloud Observability Advanced, SEM, and ARM licenses will be able to integrate the products together. Customers who only have SEM or ARM licenses but not both will be able to visualize only a subset of the dashboards in Hybrid Cloud Observability.
In Hybrid Cloud Observability, under Settings -> All Settings ->Product Specific settings, there’s a new addition labeled “SecObs Settings”:
Once clicked, SEM or ARM details can be entered there for integration.
Here’s a sample setting page for SEM settings:
- Under the My Dashboards tab within Hybrid Cloud Observability is a new category for Security, and under it, the following sample summary view for the “Security in Observability” summary page:
This page shows summary widgets from not only SEM and ARM but also displays important updates from Patch Manager and firmware vulnerabilities and policy violations widgets from Network Configuration Manager (NCM), as well as providing a true single-pane-of-glass view of items relevant to identifying critical security issues.
- Additionally, under the security tab is a separate option labeled “SEM summary dashboard,” showing some key security activities and metrics from SEM. The widgets shown from SEM are based on SEM saved queries which are scheduled to execute at any frequency and with tags like “General Best Practice metrics” or “PCI breakdown,” etc. For each of those queries, you can set minimum or maximum thresholds to determine the severity level of these queries as “ok,” “critical,” or “warning.” More on saved queries in SEM in the “SEM saved Queries/Tags section below.
The little red rectangle highlighted in the middle widget in the picture above allows admins to launch in context into SEM for more details.
By clicking the edit button on the page above, admins can add more widgets by selecting the appropriate SEM data source tags they’re interested in, as shown below:
In SEM, under the tab “Historical Events,” there’s an option to view or add saved queries for filtering the events.
For executing the saved query, select “Schedule this query” and select the time and frequency to execute the query, as below:
To edit a saved query, select “Edit” against the query name, and in the “Details” tab, add a tag corresponding to the category of events. For example: “General best practice metrics” or “PCI.” In this release, a select set of tags are available in SEM to choose from.
After adding tags, select the “Thresholds” tab and add the minimum and maximum thresholds for the number of results of the saved query to determine the severity level. For example: “critical” if number of results over 1000, and “warning” if results over 100 but below 1000, etc. Based on the set thresholds, the SEM widgets in Hybrid Cloud Observability will show green, red, or yellow for “ok,” “critical,” and “warning” levels.
Note: Scheduling saved queries with tag(s) in SEM is a mandatory requirement to be able to see SEM widgets in Hybrid Cloud Observability.
One of the most notable updates in this integration is the node-based correlation of SEM and ARM events. For those Hybrid Cloud Observability nodes under the management of SEM and ARM, relevant widgets will appear in the Hybrid Cloud Observability node details pages with the ability to launch into SEM/ARM in context.
The 2022.4 releases are fully tested and supported and are ready for you to install on new servers or update your current ones.
- For all current Hybrid Cloud Observability customers or prospects, the release is available now. You can check the Hybrid Cloud Observability product release blog for further details to download the software or a 30-day free trial.
- For all SEM or ARM customers, the release is available now. You can log in to your customer portal and download it.
- If you do not own SEM or ARM but would like to try,
Watch this space for more exciting capabilities in the future, and check out our What We’re Working On post for what’s coming next for Hybrid Cloud Observability and its features.