IANN Monitor Release Notes – 6.4

Contents -
Introduction
1. Graph Resizing & Drag & Drop
2. Notification Channel Restrictions
3. Index Dropdown Enhancements
4. Alert Notification Enhancements
5. Weekly Reports
6. Table Graph Enhancements
7. Legends for Graphs
8. Dashboard Backup
9. Time Zone Fix for CSV Download
10. Azure Monitoring –Service Principal / Service Account Enhancements
11. Operator Certificate Expiry Monitoring
12. OpenShift – Operator Certificate Expiry Monitoring
13. OpenShift - PVC (Persistent Volume Claim) Status Monitoring
14. QueueWatcher for Multiple Nodes
15. Shard Usage Alerts
16. Access Limit
17. Security Fixes
Known Constraints

Introduction

This release introduces multiple enhancements across the IANN Monitor platform, improving user experience, system monitoring, and customization capabilities. Below are the key updates and improvements delivered in version 6.4. 

1. Graph Resizing & Drag & Drop

Graph Resizing 

  • Allows users to resize graphs directly in the Manage Dashboard. 
  • To resize, place the cursor on the bottom-right corner of a graph to activate the resize handle. 

Graph Drag & Drop 

  • Users can now reposition graphs within the same panel. 
  • To move a graph, drag it by its name. The updated position is saved instantly. 

2. Notification Channel Restrictions

  • Leading and trailing spaces are now restricted for:
    • Notification Channel Name 
  • This ensures data integrity and prevents accidental formatting issues. 

3. Index Dropdown Enhancements

  • Index list dropdown now: 
    • Displays only environment-specific indices to reduce clutter. 

4. Alert Notification Enhancements

Remainder Alerts 

  • The email subject now explicitly states [REMAINDER] for remainder alerts for more clarity. 

Example: 
[REMAINDER] CRITICAL: IANN URL heartbeat with filter – test1 – IANN  

  • Channel Name is now included in the email body. 

No Data Alerts 

  • Alert Message now displays “No Data” instead of returning the exact same message configured for alerts. 
  • The alert subject has been updated from “INFO: IANN URL heartbeat with filter – test1 – IANN” to “NODATA: IANN URL heartbeat with filter – test1 – IANN” to prevent any misinterpretation for no data alerts. 

Dynamic Alert Messages 

  • Use @fieldname to include dynamic values from Elasticsearch. 
  • GroupBy alerts show multiple values as comma-separated. 

5. Weekly Reports

 Weekly Report includes performance summaries and metrics over the past 7 days. 

Monitored Data Points: 

  • Pod & Node Metrics 
  • DB CPU & RAM Usage 
  • Read/Write Latency 
  • Server & PVC Metrics 
  • Database Usage 
  • Archive, Index, Purge Counts 
  • QueueWatcher Stats 

Real-Time Metrics: 

  • Node Uptime 
  • Adapter Uptime 
  • Critical Alerts Raised (Last 7 Days) 

6. Table Graph Enhancements

Drag-and-Drop Headers 

  • Reorder table columns dynamically via drag-and-drop. 

Dynamic Headers 

  • Modify headers live using UI input elements. 

Enable/Disable Columns 

  • Toggle column visibility dynamically for a streamlined view. 

7. Legends for Graphs

  • Added visual legends to graphs on both Edit and View pages. 
  • Improves readability and data interpretation. 

Sorting and Filtering: 

  • Sort legends by value or category. 
  • Filter legends to display only relevant data. 

8. Dashboard Backup

  • Download dashboards using the dropdown arrow next to each name. 
  • Upload dashboards using the Upload Dashboard button. 
  • All actions are handled through the YAML-configured path. 

Note: 
After downloading a dashboard, it cannot be directly uploaded to the same environment. 
To restore or move it within the same environment: 

  1. First upload it to a different environment. 
  2. Then re-download and upload it back to the target environment. 

9. Time Zone Fix for CSV Download

  • Timestamps in CSV exports now reflect the system’s local time zone. 

10. Azure Monitoring –Service Principal / Service Account Enhancements

Enhancements have been introduced to improve the monitoring and management of Azure Service Principals and Service Accounts: 

  • App Registration Management: 
    Streamlined integration with Azure services through improved management of app registrations. 
  • Certificates & Secrets Lifecycle Management: 
    Enhanced capabilities for managing certificates and secrets associated with service principals. 
  • Expiry Alerts: 
    Automated alerts are configured to trigger 90 days prior to the expiry of certificates or secrets, enabling timely renewals and uninterrupted operations. 

11. Operator Certificate Expiry Monitoring

  • Monitors certificates for installed operators. 
  • Notifies before expiry for timely renewals. 

12. OpenShift – Operator Certificate Expiry Monitoring

  • Enables proactive monitoring of certificates used by installed OpenShift operators. 
  • Alerts are triggered prior to expiry to ensure timely renewal and continued operational security. 

13. OpenShift - PVC (Persistent Volume Claim) Status Monitoring

Real-time monitoring of PVC states (Bound / Not Bound) has been implemented to improve visibility and reliability of storage provisioning in OpenShift. 

14. QueueWatcher for Multiple Nodes

  • Unified script now supports multiple node monitoring. 

15. Shard Usage Alerts

  • Real-time alerts for Elasticsearch shard usage. 
  • Helps optimize performance and prevent overutilization. 

16. Access Limit

The IANN Monitor VM now supports up to 25 users concurrently, ensuring robust performance under moderate user load. 

17. Security Fixes

The following security vulnerabilities have been identified and fixed in this release: 

 

S.No Vulnerability Description Fix 
1 Privilege Escalation via Local Storage Role Change Local storage has been cleared. 
2 No rate limiting on Forgot Password feature CAPTCHA is added 
3 Username and Password Enumeration via Brute Force 

Daily Logging Limit (per user) 

  • Limit: 50 login attempts per user per day. 
  • Response: Once the limit is reached, further attempts will be blocked for that day

    User Blocking: 

  • Trigger: 5 consecutive failed login attempts from the same device. 
  • Block Duration: 10 minutes. 

 

 

IP Blocking: 

  • Trigger: 10 failed login attempts from the same IP address. 
  • Block Duration: 10 minutes. 
  • Note: If this happens, all users behind this IP may experience restricted access temporarily. 

 

4 UserID Enumeration on Forgot Password feature CAPTCHA is added 
5 Improper Access Control on Environment Switch Access control has been implemented for environment switching. 
6 Lack of Rate Limiting on Validate OTP Feature Rate limiting has been implemented for OTP validation. If a user enters an invalid OTP more than 5 times, their IP address will be blocked for 10 minutes. 
7 Business Logic Vulnerability in Session Management Proper session expiration handling has been implemented. 
8 IDOR discloses environment access names Removed the total environments list from the local storage 
9 No Input Validation during User Creation Input validation has been added during user creation. Only alphanumeric characters, along with “@” and “.” (dot) symbols, are allowed. 
10 Old Session remains active after logout Sessions are now being validated. 
11 Old Session remains active after password change Sessions are now invalidated after a password change to enhance security. 
12 Weak Password Policy 

We have updated the password policy with the following requirements: 

  • Password must be at least 12 characters long. 
  • Password must include at least one number (0–9). 
  • Password must include at least one special character (e.g., @, $, !, %, *, ?, &). 

 

13 Lack of Verification Email During user creation, an activation email is now sent to the user for email verification. 
14 Missing CSP (Content Security Policy) Headers Security headers have been added to the application for enhanced security. 
15 Excess Data Exposure Have encrypted the data and system sensitive information using crypto JS 
16 Concurrent Sessions Allowed We now allow only a single active session per user’s credentials. If a user attempts to log in again with the same credentials while a session is already active, they will receive a pop-up prompting them to either close the previous session or cancel the current login attempt. 

Known Constraints

  1. GroupBy Alert Behavior 
    • When using GroupBy alerts, if any one result meets the alert condition, an alert will be raised. 
    • If other values in the group change but don’t meet the condition, no new alert will be triggered. 
  2. Line Graph Alert Limitation 
    • While multiple alerts can be configured on a line graph, only the first three alerts will be visually displayed on the graph. 
  3. Table Graph Filter Limitation: 
    • The Filter By function may not return exact results when filtering values that contain spaces or hyphens. 
  4. Alert Check Reset on Graph Type Change 
    • When a user switches from a graph to a table view, the alert check is automatically reset too false. If the user switches back to the original graph type, they must navigate to the Alert page and update the graph for the alert check to be re-enabled and alerts function as expected.