Cybersecurity Practices for SolarWinds Platform

Questions and Answers

What information can be found in the task details of the last matching task?

• Total time taken for all CVEs to match
• The maximum score recorded in the database
• The account that initiated the task (correct)
• The number of times the task was run

What action can be performed under the Import Data Information section?

• Delete the last matching task
• Change the node matching criteria
• Toggle auto run of data imports
• Start a new import task (correct)

Which setting allows you to manage the frequency of the vulnerability match task?

• Scheduler Settings (correct)
• CVE Node Matching Settings
• Import Data Information
• Run History

What does the count of nodes indicate during the matching run?

The number of nodes processed for matching (B)

What happens when the 'Delete All' option is clicked under Import Data Information?

All CVE data will be deleted from the database (C)

What should be done to enhance security monitoring in the SolarWinds Platform environment?

Implement a mix of AV, EDR, and SIEM tools. (B)

What is the recommended action regarding SMBv1 for SolarWinds Platform users?

Disable SMBv1 as it is not used by SolarWinds Platform products. (C)

Which of the following security practices is NOT recommended for account management?

Use the same credentials indefinitely for consistency. (C)

What is the recommended key size for RSA certificates in the SolarWinds Platform?

2048 bits for reasonable security. (B)

For better security in IIS, what should users consider implementing?

Use the IP Address and Domain Restrictions Role Service. (D)

What is the recommended latency (RTT) limit between the SolarWinds Platform engine and the database server for optimal performance?

200 ms (B)

What must users running the Configuration wizard have specified as the default database schema?

DBO (A)

Which of the following Windows Server versions is not mentioned as part of the requirements?

Windows Server 2012 (B)

Which is NOT an outbound port that needs to be opened for SolarWinds Platform?

Port 80 (C)

What type of account privileges does SolarWinds recommend for administrators on the SolarWinds Platform server?

Local administrator privileges (B)

How does higher latency affect deployments according to the standard practices?

It impacts larger deployments more than smaller deployments. (C)

Which of the following processor specifications is recommended for the SolarWinds Platform server?

Processors that work at 2.4 GHz or faster. (C)

What RAID configuration is recommended for the hard drives in the SolarWinds Platform server?

RAID 1/Mirrored Settings for dual hard drives. (D)

Regarding software requirements, which of the following operating systems is NOT supported for the SolarWinds installation?

Windows 10 Pro. (C)

What should be avoided when configuring the CPU for optimal performance in the SolarWinds Platform server?

Enabling Physical Address Extension (PAE). (B)

Flashcards

Scheduler Settings

A process that automatically runs a vulnerability matching task at a specified time.

Run Now

Manually initiate a vulnerability matching task.

Task details

Provides details about the vulnerability matching task, including its status, execution time, and associated scores.

Delete All

Deletes all data related to CVEs (Common Vulnerabilities and Exposures) from the database.

Most Vulnerable Node (MVN)

The most vulnerable node in the system, as determined by the matching process.

Latency

The time it takes for data to travel between the SolarWinds Platform engine and the database server.

RAM Requirements

The amount of memory (RAM) needed for the SolarWinds Platform depends on the number of users accessing the system concurrently. More users require more RAM.

Account Privileges

SolarWinds Platform administrators need local administrator privileges on the server for full functionality of local tools. Users accessing only the web console do not need these privileges.

Ports to Open

The SolarWinds Platform requires specific ports to be open on the server for communication with other systems.

HD Space Requirements

The amount of hard drive space (HD) required by the SolarWinds Platform depends on the number of concurrent users. More users require more HD space.

Latency impact on deployments

Higher latency affects larger deployments more significantly than smaller deployments.

PAE setting for SolarWinds

A physical address extension (PAE) setting is not recommended for the SolarWinds Platform server.

SolarWinds Platform and ARM installation

SolarWinds Platform products should not be installed on the same server as SolarWinds Access Rights Manager (ARM).

Processor speed for SolarWinds

For a SolarWinds Platform server, minimum processor speed should be 2.4 GHz or higher.

Hard drive recommendation for SolarWinds

Use two 146GB 15K hard drives (RAID 1 mirroring) for the SolarWinds Platform server. One dedicated for the operating system and SolarWinds installation, the other for general data.

Security Monitoring Tools

Security monitoring tools like antivirus (AV), endpoint detection and response (EDR), security information and event management (SIEM), proxy servers, intrusion detection system (IDS), and intrusion prevention system (IPS) should always be in use, along with SolarWinds products like ARM, NCM, Patch Manager, SCM, SEM, or UDT to secure the SolarWinds platform environment and ensure compliance.

Logging and Monitoring

Regularly check and manage logs, user accounts, rogue devices, configuration changes, and security patches for all network devices and servers.

Credential Rotation

To prevent unexpected monitoring outages due to local policy restrictions, rotate credentials such as service accounts, SNMP, SSH, etc.

Debug Programs User Rights

Only the "Administrators" group should have the "Debug Programs" user right to minimize security risks.

Disable SMBv1

Disable SMBv1 (Server Message Block version 1) as it's not used by SolarWinds Platform products and is a security vulnerability.

Study Notes

SolarWinds Hybrid Cloud Observability Security Integration

• Hybrid Cloud Observability Advanced customers can integrate with SolarWinds Security Event Manager (SEM) and SolarWinds Access Rights Manager (ARM) for security dashboard visibility.
• This integration provides a single-pane view of top security events and issues for IT admins.
• It enables launching into SEM or ARM to quickly identify and resolve issues.
• Security dashboards and custom widgets are accessible via the standard SolarWinds Platform dashboard functionality.
• A new vulnerability and risk dashboard is available in 2023.4, which shows vulnerability risk severity from imported CVE information.
• Calculated risk scores are shown for monitored nodes.
• Risk scores are visualized with a color spectrum in 2024.1, providing severity information.
• Improved CPE Match Feed import allows more accurate vulnerabilities search

Setting up Security Integration

• Navigate to Settings > All Settings > Product Specific Settings > Security Settings.
• Choose the product to integrate with Hybrid Cloud Observability (e.g., ARM, SEM)
• Provide the Base URL and credentials for the chosen security product.

Vulnerability and Risk Dashboard Settings

• In SolarWinds Platform Web Console, navigate to Settings > All Settings > Security Settings > Vulnerabilities.
• Access CVE data import, CVE node matching, and CPE node polling settings.
• Manage data sources (HTTP(s) or file path) for CVE information.
• Add, validate, or remove data sources.
• Configure and enable/disable CPE match feed data import.
• Search or filter vulnerabilities by various fields (e.g., CVE, node name, operating system).
• Support for VMware ESXi and VMware vCenter servers.

Hybrid Cloud Observability and SolarWinds Observability Integration with Platform Connect

• If using Hybrid Cloud Observability Essentials or Advanced and SolarWinds Observability, Platform Connect allows viewing Hybrid Cloud Observability data within SolarWinds Observability.
• It enables Anomaly-Based Alerting for Hybrid Cloud Observability.
• This requires a commercial/temporary hybrid cloud observability license, an active SolarWinds Observability instance (full, or evaluation), and connectivity between SolarWinds Platform server and cloud service provider.
• A SolarWinds Observability API token is required.

Integrate DPA with the SolarWinds Platform

• Storage admins, network admins, and DBAs can use SolarWinds Platform integration to get a comprehensive view of performance issues affecting their infrastructure.
• The SolarWinds Platform displays DPA-specific resources which poll information directly from DPA.
• Integrating DPA improves the troubleshooting of slow response times by providing additional information such as database wait time.

SolarWinds Platform Requirements

• System requirements vary depending on deployment type (cloud vs. on-premises) and the size of the monitored environment.
• Check specific product documentation for exact requirements.
• SolarWinds recommends reviewing platform release notes for the most up-to-date information.
• Certain products cannot be installed on domain controllers (except for SolarWinds Platform Agents on domain controllers), Microsoft SharePoint, Microsoft Exchange, or BlackBerry servers.

Upgrade an existing deployment

• Upgrade from Orion Platform to SolarWinds Platform 2024.2 requires a backup of custom files in Orion installation and SDK directories, as the on-premises Orion deployment is removed.
• Requires SQL Server 2016 SP1 or later. SQL Server 2012 and 2014 are not supported.
• Legacy syslog and trap functionality is not included in 2024.2.

Collect diagnostics from the SolarWinds Platform Web Console

• Collect diagnostic information from polling engines and monitored nodes remotely for analysis or support.
• The collect diagnostics wizard lets you specify what data to collect and the time range.
• Diagnostics can be downloaded in an archive file.

Anomaly-Based Alerting in Hybrid Cloud Observability

• Anomaly-Based Alerting is a feature in SolarWinds Hybrid Cloud Observability Advanced that leverages machine learning to reduce alert noise.
• It requires an active Hybrid Cloud Observability Advanced license in conjunction with Platform Connect to SolarWinds Observability.
• Anomaly-Based Alerts can now be created using an OR operator.

Poll devices with SolarWinds Platform Agents

• SolarWinds Platform Agents connect and collect data from Windows and Linux/Unix devices.
• This facilitates polling behind firewalls, across multiple networks, or in low-bandwidth environments.

View entities on SolarWinds Platform Maps

• Display monitored entities and connections in a visual map format within SolarWinds Platform Maps.
• Map-related entities, create maps, view full-screen maps, or add maps as widgets.
• Add information to the map for related objects like traffic or percentage utilization.

SolarWinds Platform Features

• The SolarWinds Platform is the core of the SolarWinds IT Management Portfolio.
• It provides data collection, processing, storage, and presentation.
• It provides common features like user accounts, groups, views, dashboards, reporting, and alerting.
• Access these features in the SolarWinds Web Console.

Activate licenses for SolarWinds Platform products

• Activate licenses for SolarWinds using the License Manager in the platform's web console.
• Manual activation is available for offline environments.
• License activation keys are used for activation.