Update Release: Oracle Management Pack V1.3.18.0

Update Release: Oracle Management Pack V1.3.18.0

We’re happy to announce a new update release of our Oracle Management Pack for SCOM 2012/2016. The 1.3.18.0 release contains the following important changes:

  • Due to several issues using the managed ODAC we had to revert back to the unmanaged ODAC
  • We’ve added a process and session count utilization monitor and performance collection rule
  • Oracle Container discovery no longer discovers non-Container databases
  • On the configuration dashboard, it’s possible to export/import currently configured connections
  • We’ve added a ‘Tablespace Used’  based on MB monitor

For more additions, changes, and fixes please refer to release notes.

Please note, due to the updated report extensions, please remove the “OpsLogix IMP – Oracle Reports Management Pack” before importing the new Report MP version.

Team OpsLogix

 

REQUEST A TRIAL HERE

 

First Name (required)

Last Name (required)

Your Company Email – Important: trials cannot be created for public email addresses (required)

Your Company Name (required)

Country

Your Phone Number (required)

Your Oracle version(s)

Your SCOM Version

Number of Oracle instances you would like to monitor

Your SCOM Management Group Name
(Required for generating a trial key – Case, Space & Symbol sensitive!)

How Did You Find Us? (required)

Your Message

By using this form you agree with the storage and handling of your data by this website.

Join us at the MP University next Wednesday

Join us at the MP University next Wednesday

Join OpsLogix at the MP University with Silect, Microsoft & more

Silect along with OpsLogix, Microsoft and other industry-leading partners are proud to present MP University. Join us for this free 1 day online session to learn about SCOM, Management Packs, Azure and much more.

This event is being held in Central European Time (CET) November 21 9AM – 4PM.

If you are unable to attend on Nov. 21 or if the time is inconvenient, a live rebroadcast will be held Wednesday, Nov. 28 from 9AM4PM CET. Register for MP University and you will be notified of the rebroadcast.

OpsLogix session: Cookdown your Management Pack in SCOM

This session will not only show why using cookdown in Management Packs will help dramatically reduce resource usage in SCOM, but also how to implement cookdown in your own Management Packs. An example will also be given how cookdown is implemented in the OpsLogix VMware Management Pack.

Click here to reserve your spot!

New Update: OpsLogix VMware Management Pack V1.3.9.9

New Update: OpsLogix VMware Management Pack V1.3.9.9

We’re happy to announce a new update release of our VMware Management Pack for SCOM 2012/2016. We’ve fixed the vSphere 6.x connection issue and some other minor bugs. Also, we’ve changed the hardware monitoring to lower the monitoring footprint.

Note: Please be sure .NET 4.5 or higher is installed on the MS server.

This latest release is upgradable starting from V1.3.0.0 or later.

The update is downloadable from the customer download area.

For more additions, changes, and fixes please refer to release notes.

Update Instructions

  1. Import the updated management packs.
  2. When imported wait +/- 10 minutes to get the updated MPs distributed in your SCOM environment.
  3. In the SCOM console, go to the “Administration” folder -> “Resource Pools” and select the resource pool(s) that is responsible for the VMware monitoring.
  4. Select the “view resource pool members..”. For every member, access to the server and follow the step below:
  5. Restart the SCOM agent

Thanks!

Team OpsLogix

Our Ping Management Pack Just Got An Update – V 3.0.14.0

Our Ping Management Pack Just Got An Update – V 3.0.14.0

We’re happy to announce a new update release of our Ping Management Pack V 3.0.14.0 for SCOM 2012/2016. We’ve added three more Performance Monitors and reworked all the previous monitors in the Management Pack.

The full list of the changes we’ve made to the Ping Management Pack V 3.0.14.0:

  • Replaced the WMI with a managed module to be able to handle a larger load
  • Added a performance monitor for average jitter
  • Added a performance monitor for average latency
  •  Added A performance monitor for average packet loss
  •  Reworked all monitors so the TTL, Payload, and number of an averaging point can be configured
  •  Improved configuration UI

Update Instructions

  1. Go the Ping Management Pack Product Page & download the Management Pack.
  2. Import the updated management packs.
  3. When imported wait +/- 10 minutes to get the updated MPs distributed in your SCOM environment.
  4. Restart the SCOM agent
  5. If you still don’t see the dashboard please follow the instructions here.

Team OpsLogix

New Update: OpsLogix VMware Management Pack V1.3.8.46

New Update: OpsLogix VMware Management Pack V1.3.8.46

We’re happy to announce a new update release of our VMware Management Pack for SCOM 2012/2016. We’ve added a lot of new great reporting & datastore capacity functionalities to the Management Pack, improving investigative analysis and giving more insight into the monitoring of your VMware environment.

This latest release is upgradable starting from V1.3.0.0 or later.

The update is downloadable from the customer download area.

VMware Management Pack V1.3.8.46

Datastore Capacity

The new VMware Management Pack has the following additions regarding Datastore Capacity:

  • Datastore Capacity dashboard
  • Datastore Capacity performance collection
  • Host to datastore performance collection for Highest latency
  • Host to datastore performance collection for Storage I/O Control aggregated
  • Host to datastore performance collection for Storage I/O Control active time
  • Host to datastore performance collection for Storage I/O Control normalized latency
  • Host to datastore performance collection for Storage I/O Control datastore maximum queue depth

Reporting Galore!

So what are the new reporting additions of our OpsLogix VMware Management Pack?

  • A new generic Matrix and TopN Reports. Generally usable for every performance counter in SCOM.
  • Linked report: VMware Datacenter Availability
  • Linked report: VMware Datastore Availability
  • Linked report: VMware Datastore Usage Matrix
  • Linked report: VMware Host CPU and Memory Usage Matrix
  • Linked report: VMware Host CPU and Memory Usage TopN
  • Linked report: VMware VM CPU and Memory Usage Matrix
  • Linked report: VMware VM CPU and Memory Usage TopN

For more additions, changes, and fixes please refer to release notes.

Update Instructions

  1. Import the updated management packs.
  2. When imported wait +/- 10 minutes to get the updated MPs distributed in your SCOM environment.
  3. In the SCOM console, go to the “Administration” folder -> “Resource Pools” and select the resource pool(s) that is responsible for the VMware monitoring.
  4. Select the “view resource pool members..”. For every member, access to the server and follow the step below:
  5. Restart the SCOM agent

Team OpsLogix

Why Are Less Than 1% Of Critical Alerts Investigated?

Why Are Less Than 1% Of Critical Alerts Investigated?

Many organizations seem to be suffering from alert fatigue. In a recent EMA report, according to Infosecurity, 80% of organizations that receive 500 or more severe/critical alerts per day, happen to investigate less than 1% of them. A shocking number to say the least! But what are the obstacles organizations are facing that allows such neglect?

From the EMA report, we can conclude that organizations face four major issues when it comes down to their ability to tackle these severe/ critical alerts.

 

 

Issues Organizations Face

Alert Volume

Recent surveys from the EMA report indicate that 92% of organizations receive up to 500 alerts a day. From all the organizations that took part in the survey, 88% said they receive up to 500 “critical” or “severe” alerts per day. Yet, 93% of those respondents would rate their endpoint prevention program as “competent”, “strong”, or even as “very strong”. So there either seems to be a big gap between perception and reality or alerts that are considered to be “severe” or “critical” should not be categorized as such. Either way alert management does not seem to be representative.

Capacity

Even if organizations have detection systems in place that create massive alert volumes, what they often lack is human resources to manage the alerts. Organizations are clearly dealing with a large capacity gap. Of the surveyed organizations that receive 500 to 900 severe/critical alerts per day, 60% have only 3-5 FTE’s working on the alerts.

On top of that, 67% of those surveyed indicate that only 10 or fewer sever/critical alerts are investigated per day and 87% of the participants told that their teams have the capacity to only investigate 25 or fewer severe/critical events per day. For most of the participants the alert volumes are high, however, the resources at their disposal are critically low. As a result, less than 1% of the incidents end up being investigated.

Priority

The research assumes a need for prioritization and classification into severe/critical buckets, which is understandable given the traditional, manual approach to Incident Response.

“In truth, any prioritization is a compromise, and the act of classifying by priority is merely a justification to ignore alerts.”

However, in doing so, the numbers are even worse and new questions arise. If less than 1% of severe/critical alerts are ever investigated, what percent of all alerts are investigated? What percentage of alerts are incorrectly categorized and how many alerts are classified as benign and ignored completely, yet warrant follow-up?

In truth, any prioritization is a compromise, and the act of classifying by priority is merely a justification to ignore alerts.

Incident Response

The three prior problems seem to indicate a substandard, broken incident response process. If there are too many alerts to investigate, but not nearly enough people to follow-up and the need to classify all alerts is maintained. All of this just to be able to act on less than 1% of the total number of alerts. However, 92% of respondents indicated that their Incident Response programs for endpoint incidents were “competent” or better.

The only way this makes sense is if respondents felt that when their Incident Response teams were finally able to actually take action on the small percentage of alerts that get to this point and they were successful in addressing the issue.

 

 

Conclusions

  • Detailed analysis showed that in aggregate 80% of the organizations were only able to investigate 11 to 25 events per day, leaving them a huge, and frankly insurmountable, daily gap.
  • Either due to a lack of tools to collect data or a lack of tools with the ability to analyze data, this issue is created by a lack of high-fidelity security information.
  • Information isn’t the problem. This and similar surveys show the depth and breadth of the problem facing cybersecurity teams today. However, simply gathering more information to hand off to analysts isn’t the answer.

 

 

The Solution

Automation is a key aspect of creating an effective and mature security program. It improves productivity and, given the lack of staff and the abundance of incidents in most organizations, automation should be a priority in the evolution of prevention and detection.

“Automation is the answer!”

When asked about automation of tasks such as data capture and/or analysis as they related to prevention, detection, and response for both network and endpoint security programs, 85% of the respondents said it was either important or very important.

Thus the only viable approach to the increase in alerts and scarcity of capacity is to use security orchestration and automation tools to:

  • Automatically investigate every alert as an alternative to prioritizing alerts to match capacity, use a solution to investigate every alert.
  • Gather additional context from other systems by automating the collection of contextual information from other network detection systems, logs, etc.
  • Exonerate or incriminate threats by using both known threat information and by inspection, decide whether what was detected is benign or malicious.
  • Automate the remediation process, once a verdict has been made, automatically remediate (quarantine a file, kill a process, shut down a CNC connection, etc.).

While we’re biased, this approach is the only way.

Hexadite, the only agentless intelligent security orchestration and automation platform for Global 2000 companies also states that automation is the only real answer by saying “it is impossible for organizations to hire enough people to create an adequate context for the data – and thus provide high fidelity security information.”

 

 

 

References

  • “Less Than 1% of Severe/Critical Security Alerts Are Ever Investigated” By Tara Seals for InfoSecurityMagazine.com, Retrieved April 8, 2018.
  • “White Paper: EMA Report Summary: Achieving High-Fidelity Security” EMA Research, Retrieved April 8, 2018.