đšACTION REQUIRED: Upgrade Collectors to MGD 37.004 by October 27, 2025
At LogicMonitor, weâre committed to delivering the most secure, stable, and reliable monitoring experience possible. Each year, we designate a Minimum General Deployment (MGD) of the Collector to ensure consistency, stability, and access to the latest enhancements. As part of this effort, weâre pleased to announce that GD Collector 37.004 has been selected as this yearâs MGD. To maintain compatibility, receive the latest enhancements, and meet security standards, all Collectors must be upgraded to version 37.004 or higher before the automatic upgrade begins on October 27, 2025 at 10:00pm PST. đ Key Security Mandate Update: Linux Collectors MGD 37.004 includes the enforcement of our Security Mandate for Linux Collectors. If your Linux Collectors are still running as the root user, this update will automatically convert them to run as a non-root user to align with industry best practices. No action is needed if youâre already in compliance. đ MGD 37.004 Upgrade Schedule Now â> Oct 26, 2025: Voluntary upgrade window for GD Collector 37.004. Sept 22, 2025: GD Collector 37.004 officially designated as Minimum General Deployment (MGD) collector. Oct 27, 2025, 10:00 pm PST: Automatic upgrade begins. â ïž If necessary, security patches may be released, and the MGD version will be incremented. Weâll communicate any such changes to ensure transparency and readiness. â Action Required Please upgrade all LogicMonitor Collectors to version 37.004 or higher before 10:00 pm PST on October 27, 2025 to avoid disruptions and ensure compliance with the latest standards. đŹ Need Help? If you have questions or need assistance with the upgrade process: Contact LogicMonitor Support Connect with your Customer Success Manager (CSM)LogicMonitor Security Best Practices
At LogicMonitor we take the protection of customer data and cybersecurity very seriously. Security is a team effort and partnership between LogicMonitor and our valued customers. Below we have provided our recommended guidance on security best practices, and how to keep your LogicMonitor portals secure, including the 2FA authentication enablement. General Security LogicMonitor Security Corporate site: LogicMonitorâs Security corporate site provides resources for our customers who are interested in reviewing our security white papers or accessing SOC2 Type 2 and SOC3 reports. Security Best Practices: This comprehensive document offers invaluable security guidance and best practices which LogicMonitor strongly recommends be diligently followed. It also provides critical insights into how LogicMonitorsecures customer accounts, such as regular updates to strong, unique passwords and not sharing account information. Configuring Multi & Single Sign On Single Sign-On Integration Setup Guide: Single Sign-On (SSO) is a powerful mechanism for enforcing robust authentication measures, including 2FA, while simultaneously mitigating the risk of password-related issues. This guide outlines the prerequisites and initial setup steps for SSO, including how to restrict account access to SSO user accounts. Multi Sign-On Integration Setup Guide: Multi-sign on augments security by requiring multiple authentication factors. This document empowers administrators to add multiple tenants (Identity Providers), and manage users directly from their Identity Provider (IdP). Microsoft Azure Active Directory (AD) IdP for Single Sign-On (SSO) Setup Guide: Customers interested in utilizing Microsoft Azure Active Directory (AD) IdP for SSO will find this guide invaluable. It provides step-by-step instructions for integrating Azure with LogicMonitor. Additional Tools to Increase Security Account IP Whitelisting: Customers looking to restrict access to their accounts, based on specific IP addresses or subnets, can refer to point five (5) in the "Configuring the Portal Settings" section document for detailed guidance. Role Based Access Control settings: Role-Based Access Controls offer a powerful means of restricting access to security features or entire product sections for specific user groups. This document explains the numerous configurations available at the role level, ensuring that your security posture aligns seamlessly with your business requirements. Preparing for two-factor authentication (2FA) Remote Session Access Control: In preparation of implementing 2FA, this document comprehensively explains the Access Controls available for the Remote Session feature, allowing for enhanced security through customizable access restrictions or feature disabling. 2FA Setup Guide: This guide provides step-by-step instructions on configuring 2FA at various levels. LogicMonitor strongly recommends customers who are not currently using 2FA or employing Single Sign-On (SSO), without enabling the "Restrict to SSO" option, proactively enable 2FA for their non-SSO user accounts. User Reporting for 2FA: The User Report serves as a vital tool in securing your account with 2FA. It facilitates the identification of user accounts that do not currently utilize 2FA or lack associated phone numbers, which could potentially disrupt user access, if not addressed before 2FA is activated. See also 2FA FAQâs & User Reports.
Finding Cisco IOS XE CVE-2023-20198 With ConfigSources
On October 16, 2023, Cisco published a vulnerability that affects IOS XE machines running the built-in web server: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z This is tracked as https://nvd.nist.gov/vuln/detail/CVE-2023-20198 By adding a simple Config Check to an existing Cisco IOS ConfigSource, LogicMonitor can help people quickly identify which resources have the web server enabled. Here is an example: Name: Cisco-CSCwh87343-Check Check type: "Use Groovy Script" Groovy script: /* The built-in string variable 'config' contains the entire contents of the configuration file. The following example will trigger an alert when the configuration file contains the string "blue". if (config.contains("blue")) { return 1; } else { return 0; } */ if (config.contains("ip http")) { return 1; } else { return 0; } Then trigger this type of alert: Warning Description: "Search for presence of Cisco CSCwh87343 vulnerability" Caveats: -This will apply to all devices where the ConfigSource is used, even though all devices may not be affected by the vulnerability -This assumes usage of ConfigSources and specifically the Cisco_iOS ConfigSource Thanks to Todd Ritter for finding this CVE and Creating the ConfigSource
