New Features and Improvements
ITSM Installation from the Pandora FMS Console
Starting with this version, administrators can install Pandora ITSM directly from Pandora FMS Web Console, fully configured and ready to use. The installation takes place entirely within Pandora FMS, requiring no additional server or extra configuration.
Incident Creation in Pandora ITSM from SIEM Events
Since SIEM monitoring is a key component in security operations, new options have been added to allow incidents in PITSM to be created or associated directly from SIEM events generated in Pandora FMS. Combined with the installation feature mentioned above, this feature enables more efficient and user-friendly case management within the environment.
Automatic Default Monitoring for New Agents
To simplify and streamline the deployment of basic monitoring, newly created agents from the Web Console will now automatically include default monitoring. This option can be disabled at the time of agent creation if preferred.
Default Policies for Log Collection
Log collection is a powerful feature in Pandora FMS, especially when paired with SIEM monitoring. For that reason, we have included default policies with the most common log collection modules for MS Windows® and Linux® systems.
More Default Decoders and Rules for SIEM Monitoring
To further enhance SIEM monitoring capabilities, this version includes additional default decoders and rules capable of generating SIEM events from the logs collected by agents.
New Default Log Alerts
Several default alerts for collected logs have also been included. These alerts help automatically generate events when relevant and common conditions take place in monitored systems.
OpenSearch® Index Management View from the Console
As part of improvements to log collection and SIEM monitoring, and considering that this data is stored in OpenSearch® servers, two new views have been added to manage the generated indexes for both cases.
IoT Monitoring from the Console
In the previous version, a new Discovery plugin was added for IoT monitoring that required a separate service to be installed. Starting with this version, that service is now included in Pandora FMS packages and can be easily started and configured right away from the Console.
New VMware® Horizon Plugin for Discovery
To expand the capabilities of the Discovery server, a new plugin has been developed to monitor VMware® Horizon environments.
New JMX® Plugin for Discovery
Similarly, a new plugin has been developed to monitor JMX® environments from Discovery.
Improvements and small changes
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
13704
|
Added partitioning support for large database tables. |
|
N/A |
15029 |
Added the option to exclude specific databases from monitoring in Discovery PFMS (MS SQL Server®). |
|
N/A |
15082 |
Added two new sections for managing indexes in log collection with OpenSearch® (Operation → SIEM → Index Interface and Operation → Logs → Index Interface). |
|
N/A |
15100 |
Enabled rule and decoder activation and operation in Pandora SIEM. |
|
N/A |
15313 |
Allowed optional creation of online detection and latency modules when creating agents through the Web Console (including agents created using CSV files). |
|
N/A |
15418 |
Integrated Pandora ITSM installation directly from Pandora FMS Web Console. |
|
N/A |
15657 |
Added the option to select columns in the SIEM event filter. |
|
N/A |
15669 |
Added the ability to remove individual conditions or clear all filtering conditions in element filtering interfaces. |
|
N/A |
15689
|
Enabled IoT monitorin from the Web Console. |
|
N/A |
15942 |
Added log rules for critical events in MS Windows® and Linux® operating systems (e.g., kernel panic, RAM exhaustion). |
|
N/A |
15958
|
Enabled VMware Horizon monitoring via REST API using Discovery PFMS. |
|
N/A |
15959
|
Developed a new plugin for monitoring Java Management Extensions (JMX) using Discovery PFMS. |
|
N/A |
15968
|
Included monitoring policies with the most common modules for MS Windows® and Linux® operating systems. |
|
N/A |
15989
|
Enabled incident creation in Pandora ITSM directly from SIEM events. |
|
N/A |
16011 |
Refined and improved the Software Agent installer for MS Windows®. |
|
N/A |
16036 |
Added side filters in the Log Viewer. |
Known Changes and Limitations
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
15701 |
Enabled URL selection for Warp Update PFMS based on different geographic regions. |
|
N/A |
15658 |
Improved and unified the date and time selection interface across the entire PFMS Web Console. |
|
20043 |
15702 |
Extended the character limit for the Target agent field in Oracle® monitoring with Discovery PFMS. |
|
N/A |
15704
|
Added online help support for the French language. |
|
N/A |
15801 |
Visually updated the numbered step system in wizards (for Log alerts, event alerts, etc.). |
|
20225 |
15950 |
Changed the SNMP check method to improve performance and efficiency (bandwidth plugin). |
|
N/A |
16014 |
Removed the Netlogon module for MS Windows® monitoring from the default element list. |
Feature Extinction
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
16657 |
The elastic_query_size token is removed from the configuration because queries are performed in a single block. |
Bug Fixes
| Case# | GitLab# | Description |
|---|---|---|
|
N/A |
14175 |
Fixed connection parameter saving process in the QuickShell feature. |
|
N/A |
14512 |
Corrected the Agent Event Report to return only events from the selected agents. |
|
19124 |
14746 |
Reviewed and fixed Tentacle Server dependencies for various OS versions; the server was also updated and recompiled. |
|
19666 |
15347 |
Fixed data saving and reuse in SNMP monitoring to correctly distinguish port numbers across different agent modules. |
|
N/A |
15454 |
Corrected and removed autorecursion in SIEM server logs when debugging level is elevated; also removed unnecessary elements in debug modes. |
|
N/A |
15464 |
Fixed both local and HTTP/HTTPS URLs in reports to ensure correct display. |
|
N/A |
15546 |
Implemented a file access check in remote configuration editing of the Satellite Server to avoid corruption when Apache lacks proper permissions. |
|
19817 |
15557 |
Fixed access to secondary services in both Nodes and Command Center for users without permission to access the primary service. |
|
N/A |
15639
|
Corrected Tree View in the Command Center to properly display node services. |
|
N/A |
15652 |
Solved filtering and display issues in Log viewer for logs containing spaces and numbers in their names. |
|
20026 |
15684 |
Added two new tokens in monitoring policies (Nodes and Command Center) to manage and correct applied and completed elements. |
|
19585 |
15726
|
Fixed discovery, checks, and exception handling in VMware® monitoring with Discovery PFMS. |
|
20020 |
15730 |
Fixed sender display in Web Console notifications when the sender lacks a full name, or in system notifications, defaulting to "Pandora FMS." |
|
N/A |
15743 |
Corrected plugin update from Web Console so that changes are properly reflected in the agent’s remote configuration file. |
|
20115 |
15760 |
Fixed selection process for all or specific elements in Module Template Management prior to deletion. |
|
20116 |
15762 |
Disallowed unnamed elements in Dashboards (Nodes and Command Center) while preserving name duplication handling. |
|
N/A |
15767 |
Fixed permissions in Visual Consoles to allow users with appropriate rights to copy and/or delete elements. |
|
20140 |
15792 |
Fixed Advanced ACL System to ensure proper access to Visual Consoles (user’s Home Screen case). |
|
N/A |
15802 |
Corrected operator handling in the log alert editor for languages other than English. |
|
N/A |
15805 |
Fixed alert email display of alert status images. |
|
N/A |
15906 |
Corrected persistent storage of passwords in WMI modules, if applicable. |
|
N/A |
15908
|
Fixed naming process when creating new log alerts and event alerts. |
|
N/A |
15926 |
Corrected the log alert macros _agentcustomfield_n_, _data_ and _secondarygroups_ to return the correct replaced values. |
|
N/A |
15935 |
Fixed SQL error in Nodes and Command Center when deleting the last stored collection. |
|
20086 |
16088 |
Corrected the Group Event Report to show agent names for each event (and node name when requested from the Command Center). |
|
18188, 20321 |
16098 |
Fixed event alerts for cases involving disabling or stopping conditions. |
|
N/A |
16184
|
Fixed filters in the Log viewer and SIEM. |
|
20333 |
16123 |
Fixed Monthly SLA report export to PDF when using a non-English language. |
|
N/A |
16241
|
Fixed the parse_siem_log command in PFMS CLI (rules and MITRE integration). |
|
N/A |
16267 |
Added new decoders and rules for SELinux in SIEM. |
|
N/A |
16318 |
Fixed left sidebar visibility in Visual Consoles. |
|
N/A |
16378 |
Fixed dynamic field filters in the SIEM event feature. |
|
N/A |
16382 |
Corrected scrollbar display in the Tactical View. |
|
N/A |
16384 |
Fixed advanced search in the detailed agent view. |
|
N/A |
16453 |
Fixed character encoding in monitoring policy application (agent configuration file parsing). |
|
N/A |
16447 |
Fixed agent view display when Pandora ITSM integration is misconfigured or connection is lost. |
|
20609 |
16452 |
Corrected agent display with secondary groups in Active-Active cluster environments. |
|
20642 |
16498 |
Fixed string module comparisons to evaluate all lines returned by each check. |
|
N/A |
16570 |
Corrected script editing and side menu performance in Pandora RMM. |
|
20747 |
16574
|
Fixed bulk editing feature for both modules and agents. |
|
N/A |
16584 |
Fixed license renewal process at the end of the demo period and for users with superadmin roles. |
