Documentation forSecurity Event Manager

SEM 2019.4.1 Release Notes

Release date: April 9, 2020

This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 2019.4.1 (formerly Log and Event Manager), additional features, and upgrade notes and workarounds for known issues.

New in SEM 2019.4.1

SEM 2019.4.1 is a service release that introduces subscription licensing and a fix for the issue listed below.

Subscription licensing

SolarWinds now offers subscription licensing to complement our existing product licensing structure. This option allows greater flexibility by allowing you to select single or multi-year subscriptions with an option to renew at the end of the term. Learn more here.

Additional features and improvements

HTML5 features

SEM continues the transition from Flash-based software to HTML5 by adding the following features to the SEM Events Console:

Visualize network and log data through the SEM Dashboard

Access the SEM Dashboard to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display network data in a variety of tables and graphs according to pre-defined and user-defined filter sets.

Create rules from filters

From the Filters pane, you can create a new rule based on any existing filter with a single click. This allows you to set alerts for specific event activity without manually duplicating filter values in the custom rule builder.

Create email templates

You can use email templates to customize your email notifications when triggered as responses in your custom rules. An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is filled in from the original event that caused the rule to fire.

Create user-defined groups

Create user-defined groups to organize related elements for use with rules and filters. Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced from multiple rules and filters.

Update SEM agents and connectors automatically

On the SEM Events Console Settings page, you can enable automatic updates for SEM agents and connectors.

Download debug logs

SEM simplifies the network troubleshooting process by offering a one-click debug log download feature which no longer requires a third-party application and additional configuration steps. On the SEM Events Console Settings System Resources tab, click Download debug logs, and then forward them to SolarWinds Customer Support for assistance.

Set the global password policy for SEM users

On the SEM Events Console Settings page, you can set minimum password requirements for local SEM user accounts.

Enable the Threat Intelligence feed

On the SEM Events Console Settings page, you can enable the Threat Intelligence feed, which enables SEM to detect threats based on lists of known malicious IP addresses.

Participate in the SolarWinds Improvement Program

On the SEM Events Console Settings page, enter your email address to send usage statistics to SolarWinds to help us improve our products.

Browse FIM directories

SEM streamlines the FIM inclusion configuration process by allowing you to navigate to and choose specific files, directories, and registries. This enhancement eliminates the requirement to manually enter specific navigation paths.

Set the maximum event threshold

You can set the maximum number of events that populate the filters in your SEM Events viewer. The default setting is 10,000 events. This means SEM will store up to 10,000 events in memory for each filter. This setting also applies to the maximum number of events that can populate each filter-based dashboard widget.

Additional features and improvements

Agent installer support for Windows 2019

Starting with SEM 2019.4, the SEM agent installer supports Windows 2019.

Deploy SEM to Amazon Web Services (AWS)

With version 6.7 and later, you can deploy SEM to Amazon Web Services (AWS). To get started, contact your SolarWinds Sales or Customer Support representative to request access to SEM on AWS.

End of life, end of support, and deprecation notices

End of life

Version

EOL

Announcements

EOE Effective

dates

EOL Effective dates
6.3.1 May 23, 2019: End-of-Life (EoL) announcement – Customers on SEM version 6.3.1 should begin transitioning to the latest version of SEM. August 21, 2019: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 6.3.1 will no longer be actively supported by SolarWinds. August 21, 2020: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 6.3.1.

End of support

Type Details
Windows Server 2008

As of SEM 2019.4, Windows Server 2008 is no longer supported. SEM still supports Windows Server 2008 R2.

Deprecation notice

Type details
VMware vSphere 5.5 Beyond SEM 6.7, releases will no longer support vSphere 5.5. Find more information here.

New customer installation

For information about installing SEM, see the SEM Installation Guide and the SEM Getting Started Guide.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade:

Use the SEM Upgrade Guide to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

SEM agent versions 6.7 and newer no longer include Java Virtual Machine (JVM) or Oracle Java Runtime Environment (JRE). If needed, install Oracle JRE when installing agents in your network environment. SEM still includes OpenJDK JRE.

In SEM 2020.2.1, FIM is not fully compatible with previous SEM agent versions (6.6 and older). SolarWinds recommends that you upgrade agents to version 2020.2.1.

In new installations of SEM (6.7 and newer), corresponding agent versions communicate by default using a secure certificate, which no longer supports TLS 1.0, 3DES, or anonymous cipher. If you need to connect to earlier agent versions, navigate to the SEM Events Console security tab (Settings > Security), and switch the toggle button to enable lower security settings.

File system consistency check (fsck)

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

  • 21 mounts since the last check (during the 22nd reboot)

    -or-

  • Six months since the last check

SEM Agent installers

Oracle intends to discontinue support for their 32-bit Java Runtime Environment (JRE). Therefore, SolarWinds will no longer provide 32-bit SEM Agent installers for future SEM releases. Since IBM and HP provide their own customized Java implementations, this may impact their JRE support as well.

Supported connectors

Find SEM connector information on Thwack.

Fixed issues

SEM 2019.4.1 fixes the following issue:

Case Number Description

00370047

00386757

00445371

An agent certificate issue causes CPU spikes and SEM console connection failures.

SEM 2019.4 fixes the following issues:

Case Number Description
00363908 After upgrading to 6.7, several connectors are causing errors and showing InternalWarning - Reached the end of the file.
00323563 The cmc->hostname command breaks hierarchyTree.xml and communications.xml when the hostname leads by a number.
00263661 USB Defender appears as an unsigned and unverified in the process explorer.
00047834 The InternalUserLogonFailure event is missing the user name.

N/A

After updating an agent to the next version, it shows the previous version in Windows Programs and Features.
N/A DSA-4550-1 file buffer overflow vulnerability.

Known issues

Case Number Description
00403017 Agents prior to version 6.3 cannot communicate with the SEM manager.
N/A Default groups that were removed reappear after data migration.
N/A Agent is not connected but the FIM Driver status is still in running status.
N/A Unauthorized SSO login attempt displays incorrect error message.
N/A CSV validation errors do not work properly for i18n.
N/A When an issue occurs while adding a node to a connector profile, the error message and reload option do not appear as expected.
N/A Agent updated from 6.6 stays in installed programs on Windows after uninstalling.
N/A When creating a FIM template with the name Default monitor, the name does not display in the UI.
N/A The Create email template window does not close when the connection is lost.
N/A Select validation error messages require the user to click the Cancel button twice.
N/A Cannot change operand via drag and drop when creating filters.
N/A If a session expires, the user is always re-logged in to monitor instead of the last page visited.
N/A When a user adds a connector and the connection with agent timeouts, the connector is saved to the database anyway. A user then can click the Add button again and action fails with existing connector error.
N/A When running the CMC command exportcert, the wrong cert is returned when other than a self-signed cert is used.
N/A Changing timezone using the Blue screen doesn't restart services.
N/A Nodes: IP address sort does not sort correctly.

Additional known issues

Issue: You cannot resize partitions on managers deployed on AWS.

Workaround: None. This issue will be addressed in a future release.

Issue: Logins fail when a plus sign (+) is part of the password.

Workaround: Do not use passwords with a plus sign (+).

Issue: The SEM agent service does not restart after updating agents (AIX/HPUX/Solaris) locally. In this case, the older version of the agent is still running after the update.

Workaround: Manually restart the agent service.

  • AIX - "/etc/init.d/swlem-agent restart"

  • HPUX - "/usr/local/contego/ContegoSPOP/swlem-agent restart"
  • Solaris - "/etc/init.d/swlem-agent restart"

You can also use remote updates, reinstall the agent, or stop the agent service before running the update.

Issue: The User-defined groups Refine Results filter pane disappears after reloading data. This can happen if one administrator deletes a group, and a second administrator attempts to filter and reload the same group.

Workaround: Press F5 on your keyboard to reload the page.

Issue: Select SEM functionality does not work properly in Microsoft Edge 44.

Workaround: Use a different browser until the latest release (Chromium Edge is currently in Beta) is generally available.

Issue: During SEM upgrades, default user-defined groups are updated to the latest versions, unless the customer has modified the group. This update primarily impacts anonymizer websites, antivirus/firewall processes, remote desktop websites, and XSS/SQL injection vector groups.

Workaround: None. SEM cannot overwrite customer-modified groups.

Issue: The From field in the Flash console email template remains empty after saving the template.

Workaround: Use the email templates in the HTML5 SEM Events Console.

Issue: After creating new rules with the SEM console Add Rules wizard, some rules (typically incomplete rules) are not enabled by default.

Workaround: Review your rules created by the wizard to identify disabled rules, and then manually enable the rule. If this fails, edit and save the rule, and then manually enable the rule.

This only applies to rules created in the Flash-based SEM console, not the HTML5 SEM Events Console.

Issue: When users log in to SEM using HTTPS in Google Chrome or Mozilla Firefox, and then open a new browser tab and attempt to log in via HTTP, the login fails.

Workaround: None. This a known issue with the latest SEM console version and only occurs per browser session.

Issue: A new default filter, New Unmatched Connector Data, is included with this release to watch for InternalNewToolData events. This is only available for a newly created user.

Workaround: Current users can create a new filter to watch for InternalNewToolData events.

Issue: Agent service is not started when the Linux agent (SolarWinds-SEM-6.7.0-Agent-LinuxInstaller-NoVM.bin) is installed with system Java (this happens only for No-VM installers).

Workaround: Start the SEM agent manually after installation.

Version History

SEM Release Notes Version 2019.4

SEM Release Notes Version 6.7.2

SEM Release Notes Version 6.7.1

SEM Release Notes Version 6.7

SEM Release Notes Version 6.6

SEM Release Notes Version 6.5

SEM Release Notes Version 6.4

SEM Release Notes Version 6.3.1

SEM Release Notes Version 6.3.0

Legal notices

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.