Documentation forSecurity Event Manager

SEM 2023.4 release notes

Release date: October 18, 2023

These release notes were last updated on February 27, 2024.

Here's what's new in Security Event Manager 2023.4.

Learn more

New features and improvements in SEM

Web-based regulatory and compliance reports

You can now generate web-based reports from historical search queries in the Historical Events and Reports tab. The reports convert your historical search queries into pie charts and tables to help you identify potential issues and make informed decisions about your network activity.

You can schedule the reports to be sent automatically to all stakeholders as an email attachment or an external server using a secure file transfer protocol (SFTP) connection. This new feature replaces the SEM Reports application included in version 2023.2.1 and earlier used to generate your reports.

You can save a report as a CSV or PDF file. The PDF file includes additional bookmarked report views, such as Top 10 Event Types and Top 10 IP Addresses. The report also includes a Details view that consolidates the report details into columned tables.

In the Historical Events screen, you can view your queries by name or scheduled query and group the queries by type, category, or tag. This option allows you to identify specific user activity in your deployment and generate on-demand or scheduled reports for your IT and management personnel based on your selected view option.

SolarWinds recommends that you begin creating your on-demand and scheduled reports from within the Historical Events & Reports tab. The SEM Reports application will be deprecated in a future release.

See Create regulatory and compliance reports for details.

Enhanced tag management

This release enables tag management shared between rules and queries. You can also choose a tag used in other parts of the system in rules.

The Tag management screen will display which tags are used by other queries or rules. When a tag is added to the rule, the Tag management screen will increase with the number of rules and rule templates associated to each tag displayed in the screen. Administrators can filter the tag list using the Refine Results panel.

See Create and manage tags for details.

Secure SFTP connections to external servers

You can now save your SEM reports to one or more Microsoft Windows servers using a secure file transfer protocol (SFTP) connection. This option ensures that you can deliver large reports that may exceed your email requirements to one or more Windows servers in your organization.

SFTP uses SSH to ensure that all reports sent to an external server are secure in transit from unauthorized users.

See Set up SFTP connections to external servers for details.

Email attachment size setting

You can now restrict the email attachment size to conform with your email provider restrictions. This setting will alert you when a scheduled or generated report exceeds the maximum attachment size up to 10 GB.

If your generated reports exceed your email provider restrictions, you can deliver your reports directly to your stakeholders using a secure connection to one or more Windows servers.

See Set the maximum email attachment size for details.

Time of day groups

Time of day groups are groups of hours that you associate with rules and filters to execute different actions at various times of the day. You can create as many groups as required to reflect your business needs.

For example, if you create time of day groups for both normal and after business hours, you can assign separate rules to each group. For normal business hours, you can create a new rule to alert your system administrator using email. For after business hours, you can assign a rule to alert a night shift administrator and automatically shut down the offending system.

SEM includes templates highlighted with the template icon to help you get started.

See Create time of day groups for details.

Updated OpenJDK LTS

This release includes Open Java Development Kit (OpenJDK) 17.0.8 Long Term Support (LTS) on the SEM Manager appliance. OpenJDK is an open source implementation of the Oracle Java platform.

Return to top

Fixes

Case number Description

00435647

01291452

01366691

01373573

01385438

The SAN certificates now support a hostname and fully qualified domain name (FQDN).

00870961

You can now import a Certificate of Authority (CA) certificate to the SEM Appliance.

01134704

You can now configure a report to generate between 12 AM and 11:59 PM.

01293393

You can now upgrade SEM on a deployment hosted on Amazon Web Services (AWS).

01273120

SEM no longer crashes after you reboot the system hosting the SEM Appliance.

N/A

Historical Events now displays past events that occurred in your deployment.

01324708

When an event meets a rule condition, the SEM Manager now responds to the event in real time.

01401099

01414510

01438189

SEM no longer generates an error when you start the application.

01400561

01429051

01448547

You can now increase the capacity of an SEM virtual appliance without generating an error.

Return to top

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity

CVE-2019-16905

OPENSSH XMSS KEY INTEGER OVERFLOW Vulnerability

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm.

NOTE: The XMSS implementation is considered experimental in all released OpenSSH version, and there is no supported way to enable it when building portable OpenSSH.

High
CVE-2023-20867 Information Disclosure Vulnerability A fully compromised ESCi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Low
CVE-2023-20900 Privilege Escalation Vulnerability A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. High
CVE-2023-4911 Buffer overflow vulnerability

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

High

* Please Note: CVE-2023-4911 is not exploitable in previous versions because we do not allow any commands to be run outside of the CMC scripted shell menu. The patch was applied for the operating system and we have updated the release notes to reflect this change.

Return to top

Installation or upgrade

For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see the SEM Installation and Upgrade Guide.

To prevent access by unauthorized users, SolarWinds recommends setting up your SEM appliance with no access to the Internet or any public-facing network. For additional security recommendations, see Secure your SEM deployment > Review the SEM security checklists located in the SEM Administrator Guide.

For upgrades, see Upgrade SEM in the SEM Administrator Guide to determine the upgrade path, review best practices for SEM upgrades, and upgrade the SEM components.

Return to top

Before you upgrade!

Migrate the LDAP connectors (introduced in SEM 2020.4)

To facilitate a smooth migration, SolarWinds recommends that you remove any ambiguity in your Directory Service Tool connector configurations. Ensure that only one Directory Service Tool connector configuration is set up for each domain.

All Directory Service Tool connectors are removed during the migration.

Upgrade the SEM agents

For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps:

  1. Upgrade your Java installation to the latest version (Java 11 or equivalent). See the system requirements for the supported versions.

  2. Upgrade the SEM agents using the latest custom Java installer.

    After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.

Return to top

Known issues

Unable to generate a predefined query report

When you generate a predefined query report, the report fails to start.

Workaround: Remove the "/" character in the query name and regenerate the report.

There currently is no macOS agent

Workaround: Forward all syslogs from the macOS system.

Return to top

Deprecation notice

The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.

Type Details
Reports application

The SEM reports application is deprecated and should no longer be used. The application's ability to report from SEM will be removed in a future release.

SolarWinds recommends using the new integrated reports functionality included with this release. These reports include the same reporting functionality.

Return to top

End of life

Version EoL announcement EoE effective date EoL effective date
2022.4 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.4 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.4 will no longer be actively supported by SolarWinds.   November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.4.
2022.2.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.2 will no longer be actively supported by SolarWinds.   November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.2.
2022.2.1 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.1 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.1 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.1.
2022.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.
2021.4 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.4 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.4 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.4.
2021.2.1 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2.1 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2.1 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.1.
2021.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.

See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SEM versions, see SEM release history.

Return to top

Legal notices

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.