SolarWinds Hybrid Cloud Observability security integration

With version 2022.4, Hybrid Cloud Observability Advanced customers can now integrate Hybrid Cloud Observability with our security products, SolarWinds Security Event Manager (SEM) and SolarWinds Access Rights Manager (ARM).

Customers with deployed SEM and/or ARM products can integrate with Hybrid Cloud Observability and have visibility into security dashboards from the SolarWinds Platform. This allows IT admins to have a single-pane-of-glass view of the top security events and issues that they care about, and if required, they can launch-in context into SEM or ARM, reducing their mean time to identify issues.

After setting up an integration, you will gain access to a security dashboard as well as be able to add security widgets to custom dashboards by using the normal dashboard and widget management functionality of the SolarWinds Platform.

The 2023.4 release introduces a new vulnerability and risk dashboard, available for Hybrid Cloud Observability Advanced users. View vulnerability and risk severity, determined by imported CVE information from CVEs based on CVSS v3. Schedule CVE data imports, and match CVE information to individual nodes. See calculated risk scores for individual monitored nodes and an aggregated risk scored for your environment.

With 2024.1, the redesigned Risk Score widget better visualizes the Risk score state and provides information about the severity of the score, using a color spectrum rather than a single number.

A more accurate search for vulnerabilities is available with the ability to import a CPE Match Feed. Use the CVE Data Import Settings to enable and configure CPE Match Feed imports. Another improvement to the search for vulnerabilities includes better filters to search for any field in the vulnerabilities table. For example, you can filter by CVE or node name, by operating system, or by operating system version.

Vulnerability and Risk dashboards now support VMWare ESXi and VMWare vCenter servers.

Set up the security integration

In the SolarWinds Platform Web Console, navigate to Settings > All Settings > Scroll down to the Product Specific Settings section > Security Settings. Choose the product you want to integrate with Hybrid Cloud Observability.

• Integrate with ARM

• Integrate with SEM

Integrate with ARM

Follow the onscreen instructions to integrate Hybrid Cloud Observability with your ARM deployment.

1. Enter the Base URL of your ARM server

2. Enter your ARM credentials

3. Click Submit

Integrate with SEM

Follow the onscreen instructions to integrate Hybrid Cloud Observability with your SEM deployment.

1. Enter the Base URL of your SEM server

2. Enter your SEM credentials

3. Click Submit

Configure the vulnerability and risk dashboard settings

In the SolarWinds Platform Web Console, navigate to Settings > All Settings > Scroll down to the Product Specific Settings section > Security Settings. Under Vulnerabilities, access settings for CVE Data Import, CVE Nodes Matching, and CPE Node Polling.

• CVE Data Import Settings

• CVE Node Matching Settings

CVE Data Import Settings

1. Under Manage Data Sources, specify your data sources. The data sources can be either http(s), or a or file system path to a file on the Hybrid Cloud Observability server.

   • Click Add Source to add a new data source to Hybrid Cloud Observability.

   • Click Validate to validate your list of data sources.

   • Click the trash bin icon to remove the data source from the list.

2. Under CPE Match Feed, toggle the switch to either enable or disable the CPE match feed data import. After enabling, the download link of the CPE match feed is specified automatically.

3. Under Scheduler Settings, toggle the switch to either enable or disable the daily auto run of the CVE database import. When enabled, select at what time you want the scheduler to run from the Run at drop-down.

4. (Optional) Under Import Data Information, you can manually run a task to import data sources and review the latest import details.

   • Click Run now to start a new import task.

   • Click Delete All to delete all data about the CVEs from the database.

5. Click Submit.

CVE Node Matching Settings

1. Under Status, click Run Now to manually run a matching task, or review the details of the last matching task. Task details contain the following information:

   • Task status: Not run, Running, Completed

   • Run by - the account that ran the task

   • Start time - the date and time when the last matching task started

   • Finish time - the date and time when the last matching task ended (including task duration)

   • System Score - score of all the system (calculated by weighted average nodes' scores)

   • System Max Score - maximum score of node in the system

   • Count of CVEs - count of CVEs in the database during the matching run

   • Count of Nodes - the number of nodes for which the process of matching ran

   • MVN - Most Vulnerable Node

2. Under Scheduler Settings, toggle the switch to either enable or disable the daily auto run of the of vulnerability match task. When enabled, select at what time you want the scheduler to run from the Run at drop-down.

3. (Optional) Under Run History, click Open Details to review details about old tasks, or click Delete Selected to remove task data from the database.

4. Click Submit