New features and improvements
SIEM: Reporting, Dynamic Field Search, and Log Parsing via CLI
Three new reporting times are incorporated to display SIEM information:
- Events list: A table-formatted list of the generated SIEM events.
- Events graph: Various graphical representations of SIEM events, allowing grouping by agent, severity, level, etc.
- Statistics: Aggregate counters showing the total number of SIEM events generated, grouped by severity.
Search filters have also been improved, allowing for more precise filtering using dynamic fields.
A new feature has been added to the Pandora FMS CLI, allowing administrators to evaluate a single log line and obtain the resulting SIEM events it would generate. This significantly simplifies the management of decoders and rules.
Revamped Agent View
The main agent view has been redesigned to provide a clearer overview of the most relevant data, such as module status counters, generated events, triggered alerts, key agent information, and other monitoring metrics.
Enhanced Module Graphs
Simple module graphs now include an additional information box, providing useful context for quick visualization and analysis.
Updated Filters in Event and Agent Views
In line with the new Pandora FMS Console design, the event and agent views have been updated to leverage the new filtering system.
OAuth Support for Gmail
For enhanced security, it is now possible to configure email delivery via Gmail using OAuth authentication.
Custom CSS Support
To provide greater customization of the Pandora FMS Console, users can now apply custom styles through an additional CSS file.
This allows users who require a more tailored interface to achieve it with ease.
Automatic load balancing in remote checks
We have implemented that in environments with multiple servers, an agent can be configured so that the execution of its modules is automatically balanced between any of the available remote servers, it can also be forced to a specific server.
Regarding High Availability (HA), it is now possible to enable or disable HA on a per-agent basis, offering greater configuration flexibility in distributed environments.
Improvements in Agent Auto-Provisioning
In Command Center environments, the agent auto-provisioning system has been enhanced and optimized to prevent duplication of remote configurations in software agents and to ensure monitoring starts as quickly as possible, in a transparent manner for the user.
IoT Discovery Plugin
A new IoT monitoring plugin has been added to the Discovery server options. It enables monitoring of messages from an MQTT server and generating modules under various conditions.
VMware Horizon Discovery Plugin
A new monitoring plugin for VMware Horizon has also been added to the Discovery server.
Groups for Satellite Servers
Administrators in distributed environments can now assign satellite servers to specific groups. This makes it possible to limit configuration access to specific users without granting full server management permissions.
SSL Support for Pandora FMS Database
The entire Pandora FMS architecture now includes options to configure MySQL databases with SSL for all database components used by the application.
Removal of Certain .disco Packages from Auto Distribution
To reduce the size of Pandora FMS installation packages, some Discovery packages have been removed from the automatic distribution.
This does not mean these packages are no longer available — they can still be accessed via the Pandora FMS library.
However, their code will no longer be updated automatically with each new release and must be manually updated from the Pandora FMS Console.
The affected packages are:
- pandorafms.digitalocean
- pandorafms.openshift
- pandorafms.proxmox
- pandorafms.db2
- pandorafms.gcp.ce
SIEM Event Grouping
As with normal events, SIEM events can now be grouped together when they are repeated.
Improved user editing
The user editing interface has been rewritten, improving the search system and the display of data compared to the previous version.
Deprecation of XML Reports
As announced in version 780, XML reports have now been officially deprecated and removed from the Pandora FMS Console in this release.
Improvements and small changes
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
10814 |
Added new Pandora IoT Server feature, including a plugin for IoT monitoring and the necessary components for this purpose. |
|
16289 |
12084
|
Enabled selection of either all or specific modules of an agent when creating "Disable Only Alerts" type planned downtimes. |
|
N/A |
13906 |
Released new JMX Querier plugin for monitoring Java applications. |
|
N/A |
14338
|
Implemented data and information auditing in Pandora RMM. |
|
N/A |
14967 |
Added feature to edit a custom CSS for the Web Console, which is preserved across updates. |
|
18717 |
15004 |
Allowed disabling of the recognition interval parameter in the VMware® monitoring plugin. |
|
N/A |
15010
|
Added OAuth 2.0 configuration support for Gmail® in the email system. |
|
N/A |
15103 |
Created new SIEM reports: SIEM Events List, SIEM Events Graph, and SIEM Statistics. |
|
N/A |
15111
|
Added new alert template for unknown status (only available in new PFMS installations). |
|
N/A |
15112
|
Added new macros: «_modulelaststatustime_», «_lastdatatimestamp_», «_lastdatatime_». |
|
N/A |
15161 |
Added self-monitoring of the PFMS server's data input directory size. |
|
19552 |
15265
|
Added silent status indication on agents when alerts are disabled on their primary or secondary groups, or when the event storm protection token is applied. |
|
19560 |
15282 |
Added blue icon with dynamic information about the latest scheduled downtime on agents and modules. |
|
N/A |
15364 |
Added new connector in PFMS Discovery for monitoring MS SQL Server® databases, including new connection parameters and auto-generated modules for the corresponding agents. |
|
N/A |
15365 |
Introduced new experimental plugin for VMware Horizon® (Omnissa Horizon®) monitoring. |
|
N/A |
15516
|
Revamped the entire log visualization functionality. The access menu has been moved to Operations → Logs. |
|
N/A |
15522
|
Added new parse_siem_log command in the PFMS CLI to support SIEM operation. |
|
N/A |
15578 |
Added compatibility with CEF logs in PFMS SIEM. |
|
N/A |
15745 |
Optimized rule evaluation in PFMS SIEM by reducing the number of rules processed, excluding those filtered out by directly verifiable initial criteria. |
Known Changes and Limitations
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
2905
|
Added basic and advanced fields to log alerts, event alerts, and SIEM alerts, enabling the storage of more complex structures (such as email message payloads) for triggered actions. |
|
N/A |
9752
|
Enabled load balancing support for remote modules at the agent level. |
|
11950 |
7600
|
Extended the add_agent_to_policy command (PFMS CLI) to work in Command Center. |
|
18852 |
8977
|
Rewrote and revamped the agent auto-provisioning system in Command Center. |
|
N/A |
13763 |
Modified the Metasetup in Command Center to ensure MySQL database connections use SSL. |
|
N/A |
14182 |
Updated the user visualization section to include more information and additional features. |
|
N/A |
14337 |
Expanded the help and information pop-up in the Web Console, now featuring a vertical scrollbar. |
|
N/A |
14359 |
Added the option to duplicate RMM scripts. |
|
N/A |
14340 |
Enabled SaaS Satellite Server management by groups and ACLs directly from the Web Console. |
|
N/A |
14523 |
Added important information alerts when enabling or disabling nodes in Command Center. |
|
N/A |
14700
|
Redesigned the agent view in the Web Console. |
|
N/A |
14751 |
Implemented a data loading indicator in NetFlow® and sFlow® monitoring views. |
|
N/A |
15026 |
Excluded httpd-init service monitoring from the autodiscover plugin. Deep search has been explicitly limited, improving data collection speed. |
|
N/A |
15046 |
Added advanced search and filtering options in SIEM event views. |
|
N/A |
15079
|
Removed XML report format from the Web Console. |
|
N/A |
15108 |
Added download links for Software Agents and Satellite Servers in the Web Console. |
|
N/A |
15124 |
Displayed an alert and link to configuration when SIEM is disabled in the Web Console. |
|
N/A |
15162 |
Moved the PFMS IPAM functionality menu to its own section under Management. |
|
N/A |
15442 |
Added OS version details in agent detail views and the main inventory. |
|
N/A |
15483
|
Redesigned the agent menu with quick-access shortcuts to various subsections. |
|
N/A |
15511 |
Expanded the agent graph window (specific to Opera web browser). |
|
N/A |
15520 |
Enabled SIEM dashboard widgets to use custom filters. |
|
N/A |
15545 |
Displayed last login, current login, and (if password policy is active) expiration date in each user's profile settings. |
|
N/A |
15554 |
Updated the list of applications available for monitoring in PFMS Discovery. |
|
N/A |
15577 |
Updated support links in the Web Console (nodes and Command Center). |
|
N/A |
15588 |
Added basic information to module graphs in agent management, such as module type, last contact, operating system, etc. |
|
N/A |
15673 |
Introduced a new side-panel filter system in the event view. |
|
N/A |
15690
|
Redesigned the agent detail view and added side filters (nodes and Command Center). |
|
19986 |
15714
|
Added help messages in LDAP configuration when TLS is enabled. |
|
N/A |
15789 |
Made SIEM rule evaluation case-insensitive. |
|
N/A |
16005
|
Grouped SIEM events by default, displaying the number of repeated items per entry. |
Fixed Vulnerabilities
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
15139 |
Secured connections between nodes and the Command Center. |
Bug Fixes
| Case# | GitLab# | Description |
|---|---|---|
|
12867 |
8396 |
Fixed agent filter reset in bulk operations when copying modules. |
|
N/A |
9385
|
Corrected DNS server handling for Tentacle server in proxy mode; compiled new version for MS Windows® environments. |
|
N/A |
13691 |
Fixed Module Event Report. |
|
N/A |
13703 |
Added compatibility between MADE PFMS and HA PFMS. |
|
17634 |
13722 |
Fixed get_collections_policy call in PFMS 1.0 API. |
|
17669 |
13745
|
Corrected module editing process for modules created through remote components. |
|
17684 |
13933
|
Fixed visual scroll bar issues in the following Dashboard widgets: General Group Status, Global Health Info, Agents Hive, Top N Events by agent, Top N Events by module. |
|
N/A |
13958 |
Fixed multiple filtering issues in the Log Viewer section. |
|
18187 |
14084 |
Fixed bulk deletion of agents from Command Center to nodes. |
|
N/A |
14169 |
Fixed pagination in the Data Matrix Dashboard widget. |
|
N/A |
14176 |
Corrected event count by severity in the Event Cardboard widget. |
|
N/A |
14207
|
Fixed periodic executions (CRON) in PFMS Discovery. |
|
N/A |
14231
|
Rewritten and improved remote execution modules for SSH on the PFMS server. |
|
18305 |
14259 |
Corrected service monitoring agent intervals. |
|
N/A |
14275 |
Solved SQL error in the "Agents Inventory" report (agents with remote configuration). |
|
N/A |
14297 |
Fixed global search functionality in Command Center Web Console. |
|
N/A |
14302 |
Restored editing for Inventory Changes reports. |
|
N/A |
14506
|
Added exception handling in NetFlow explorer when executing required files. |
|
N/A |
14644 |
Fixed HA mode server status display in Manage servers view (primary/secondary). |
|
19071 |
14715
|
Fixed link to Visual Console on each user’s Home screen. |
|
N/A |
14757 |
Refactored custom graph templates. |
|
N/A |
15015 |
Updated Tentacle server certificates for proper data encryption on Ubuntu. |
|
N/A |
15158 |
Corrected Web Console access rights for users with Operator (Read) profile. |
|
N/A |
15159 |
Refined visual details in Command Center for Operator (Read) users interacting with alerts. |
|
N/A |
15160 |
Fixed search filter in Visual Consoles. |
|
19361 |
15034 |
Fixed node unique identifier retrieval in Command Center and reduced unnecessary DB records. |
|
N/A |
15086 |
Corrected log alert editing cancellation through return link. |
|
N/A |
15090
|
Fixed PFMS server statistics display with multiprocessing enabled. |
|
N/A |
15109 |
Corrected SIEM logs view in the Log viewer. |
|
N/A |
15114 |
Resolved SNMP trap info not being retrieved in Tactical View. |
|
N/A |
15123 |
Fixed collection search in Command Center's monitoring policy feature. |
|
N/A |
15141
|
Corrected icons in Tree view feature in Command Center. |
|
N/A |
15142 |
Fixed MD5 file search for generated XMLs in Unix Software Agents. |
|
N/A |
15143 |
Corrected event severity filter from Tactical view in Command Center. |
|
N/A |
15151 |
Fixed agent name search containing spaces in Web Console. |
|
20310 |
15155 |
Corrected module types in services from generic_data and generic_proc to async_data and async_proc for accurate SLA calculations. |
|
19314 |
15250
|
Fixed pagination of results in Group View. |
|
N/A |
15279 |
Included Command Center events in the Acoustic Console for alarm monitoring. |
|
N/A |
15312 |
Fixed memory monitoring thresholds (and others) in Unix® Software Agents. |
|
19437 and 19627 |
15331 |
Added exception handling in SNMP modules for interface counter resets; also added automatic detection of interface speed (100/1000) regardless of current execution parameters. |
|
N/A |
15352 |
Corrected character encoding for Japanese when Change remote config encoding token is enabled and language is policy-assigned. |
|
N/A |
15393 |
Fixed time selection in System Audit Log time filter. |
|
N/A |
15400 |
Converted Web Console date and time to UTC before sending search parameters in Log viewer to OpenSearch. |
|
N/A |
15412 |
Fixed recalculation of next execution time for re-enabled periodic Console Tasks in Discovery PFMS. |
|
N/A |
15451 |
Fixed PFMS SysLogServer to handle new "metadata" and "source type" variables. |
|
N/A |
15472 |
Corrected auto-creation of users on nodes via Command Center (LDAP authentication). |
|
N/A |
15405 |
Corrected local authentication to allow dynamic switching between LDAP, SAML, and AD methods. |
|
N/A |
15515 |
Fixed cascading protection by module selection in agent configuration. |
|
N/A |
15524 |
Configured Heatmap Dashboard widget to load agent groups by default. |
|
18805 |
15530 |
Updated VMware® plugin in PFMS Discovery to version 1.8, resolving agent duplication and ensuring unique naming. |
|
20042 |
15592 |
Fixed module info display (e.g., str_critical, str_warning) in Tree view. |
|
N/A |
15618
|
Increased maximum password length in password policies to 150 characters. |
|
N/A |
15645 |
Adjusted modal window size for adding alert actions. |
|
N/A |
15651 |
Marked SNMP Agent IP address field in SNMP alerts as optional in Web Console—accepts any IP if left blank. |
|
20017 |
15655 |
Fixed real-time AJAX counting of agents in unknown state in Tactical view. |
|
N/A |
15656 |
Improved visual rendering of event/SIEM graphs. |
|
N/A |
15671 |
Reviewed and corrected the Event Storm Protection token's behavior. |
N/A |
15682 |
Resolved zoom feature and data loading in the Log viewer. |
|
N/A |
15748 |
Ensured correct display of OID info in SNMP Browser when running PFMS on Ubuntu Server. |
|
N/A |
15784 |
Fixed Warp Update download progress bar display—now updates every five seconds. |
|
N/A |
15806 |
Resolved four decoders in PFMS SIEM that mishandled special characters due to improper escaping. |
|
N/A |
15939 |
Corrected character encoding in group names for Log Collector. |
|
N/A |
15978
|
Fixed database structure for Recon Tasks in Discovery PFMS. |
|
N/A |
16051 |
Fixed Agent Detail view display in the Command Center. |
|
N/A |
16126 |
Made group selection mandatory when creating monitoring policies. |
