IANN Monitor Release Notes – 6.4

Contents -
Introduction
1. New Features:
2. Security Fixes
3. Known Constraints

Introduction

This release introduces multiple enhancements across the IANN Monitor platform, improving user experience, system monitoring, and customization capabilities. Below are the key updates and improvements delivered in version 6.4.

1. New Features:

1. Graph Resizing & Drag & Drop
Graph Resizing

  1. Allows users to resize graphs directly in the Manage Dashboard.
  2. To resize, place the cursor on the bottom-right corner of a graph to activate the resize handle.

Graph Drag & Drop

  1. Users can now reposition graphs within the same panel.
  2. To move a graph, drag it by its name. The updated position is saved instantly

2. Notification Channel Restrictions

  1. Leading and trailing spaces are now restricted for:
    • Notification Channel Name
  2. This ensures data integrity and prevents accidental formatting issues.

3. Index Dropdown Enhancements

  1. Index list dropdown now:
    • Displays only environment-specific indices to reduce clutter.

4. Alert Notification Enhancements

Remainder Alerts

  1. The email subject now explicitly states [REMAINDER] for remainder alerts for more clarity.
    Example:
    [REMAINDER] CRITICAL: IANN URL heartbeat with filter – test1 – IANN
  2. Channel Name is now included in the email body.

No Data Alerts

  1. Alert Message now displays “No Data” instead of returning the exact same message configured for alerts.
  2. The alert subject has been updated from “INFO: IANN URL heartbeat with filter – test1 – IANN” to “NODATA: IANN URL heartbeat with filter – test1 – IANN” to prevent any misinterpretation for no data alerts.

Dynamic Alert Messages

  1. Use @fieldname to include dynamic values from Elasticsearch.
  2. GroupBy alerts show multiple values as comma-separated.

5. Weekly Reports

Weekly Report includes performance summaries and metrics over the past 7 days.

Monitored Data Points:

  1. Pod & Node Metrics
  2. DB CPU & RAM Usage
  3. Read/Write Latency
  4. Server & PVC Metrics
  5. Database Usage
  6. Archive, Index, Purge Counts
  7. QueueWatcher Stats

Real-Time Metrics:

  1. Node Uptime
  2. Adapter Uptime
  3. Critical Alerts Raised (Last 7 Days)

6. Table Graph Enhancements

  1. Drag-and-Drop Headers
    Reorder table columns dynamically via drag-and-drop.
  1. Dynamic Headers
    Modify headers live using UI input elements.
  1. Enable/Disable Columns
    Toggle column visibility dynamically for a streamlined view.

7. Legends for Graphs

Added visual legends to graphs on both Edit and View pages.

Improves readability and data interpretation.

 Sorting and Filtering:

Sort legends by value or category.

Filter legends to display only relevant data.

8. Dashboard Backup

  1. Download dashboards using the dropdown arrow next to each name.
  2. Upload dashboards using the Upload Dashboard
  3. All actions are handled through the YAML-configured path.

Note: After downloading a dashboard, it cannot be directly uploaded to the same environment.
To restore or move it within the same environment:

  1. First, upload it to a different environment.
  2. Then re-download and upload it back to the target environment.

9. Time Zone Fix for CSV Download

Timestamps in CSV exports now reflect the system’s local time zone.

10. Azure Monitoring –Service Principal / Service Account Enhancements

Enhancements have been introduced to improve the monitoring and management of Azure Service Principals and Service Accounts:

  1. App Registration Management
    Streamlined integration with Azure services through improved management of app registrations.
  1. Certificates & Secrets Lifecycle Management:
    Enhanced capabilities for managing certificates and secrets associated with service principals.
  2. Expiry Alerts:
    Automated alerts are configured to trigger 90 days prior to the expiry of certificates or secrets, enabling timely renewals and uninterrupted operations.

11.Operator Certificate Expiry Monitoring

  1. Monitors certificates for installed operators.
  2. Notifies before expiry for timely renewals.

12. OpenShift – Operator Certificate Expiry Monitoring

  1. Enables proactive monitoring of certificates used by installed OpenShift operators.
  2. Alerts are triggered prior to expiry to ensure timely renewal and continued operational security.

13. OpenShift – PVC (Persistent Volume Claim) Status Monitoring

Real-time monitoring of PVC states (Bound / Not Bound) has been implemented to improve visibility and reliability of storage provisioning in OpenShift.

14. QueueWatcher for Multiple Nodes

Unified script now supports multiple node monitoring.

15. Shard Usage Alerts

  1. Real-time alerts for Elasticsearch shard usage.
  2. Helps optimize performance and prevent overutilization.

16. Access Limit

The IANN Monitor VM now supports up to 25 users concurrently, ensuring robust performance under moderate user load.

2. Security Fixes

The following security vulnerabilities have been identified and fixed in this release:

S. NoVulnerability DescriptionFix
1Privilege Escalation via Local Storage Role ChangeLocal storage has been cleared.
2No rate limiting on Forgot Password featureCAPTCHA is added
3Username and Password Enumeration via Brute Force

Daily Logging Limit (per user)

  • Limit: 50 login attempts per user per day.
  • Response: Once the limit is reached, further attempts will be blocked for that day
  • User Blocking:
  • Trigger: 5 consecutive failed login attempts from the same device.
  • Block Duration: 10 minutes.

 

IP Blocking:

  • Trigger: 10 failed login attempts from the same IP address.
  • Block Duration: 10 minutes.
  • Note: If this happens, all users behind this IP may experience restricted access temporarily.

 

4UserID Enumeration on Forgot Password featureCAPTCHA is added
5Improper Access Control on Environment SwitchAccess control has been implemented for environment switching.
6Lack of Rate Limiting on Validate OTP FeatureRate limiting has been implemented for OTP validation. If a user enters an invalid OTP more than 5 times, their IP address will be blocked for 10 minutes.
7Business Logic Vulnerability in Session ManagementProper session expiration handling has been implemented.
8IDOR discloses environment access namesRemoved the total environments list from the local storage
9No Input Validation during User CreationInput validation has been added during user creation. Only alphanumeric characters, along with “@” and “.” (dot) symbols, are allowed.
10Old Session remains active after logoutSessions are now being validated.
11Old Session remains active after password changeSessions are now invalidated after a password change to enhance security.
12Weak Password Policy

We have updated the password policy with the following requirements:

  • Password must be at least 12 characters long.
  • Password must include at least one number (0–9).
  • Password must include at least one special character (e.g., @, $, !, %, *, ?, &).

 

13Lack of Verification EmailDuring user creation, an activation email is now sent to the user for email verification.
14Missing CSP (Content Security Policy) HeadersSecurity headers have been added to the application for enhanced security.
15Excess Data ExposureHave encrypted the data and system sensitive information using crypto JS
16Concurrent Sessions AllowedWe now allow only a single active session per user’s credentials. If a user attempts to log in again with the same credentials while a session is already active, they will receive a pop-up prompting them to either close the previous session or cancel the current login attempt.

3. Known Constraints

  1. GroupBy Alert Behavior
    • When using GroupBy alerts, if any one result meets the alert condition, an alert will be raised.
    • If other values in the group change but don’t meet the condition, no new alert will be triggered.
  1. Line Graph Alert Limitation
    While multiple alerts can be configured on a line graph, only the first three alerts will be visually displayed on the graph.
  1. Table Graph Filter Limitation:
    The Filter By function may not return exact results when filtering values that contain spaces or hyphens.
  1. Alert Check Reset on Graph Type Change
    When a user switches from a graph to a table view, the alert check is automatically reset too false. If the user switches back to the original graph type, they must navigate to the Alert page and update the graph for the alert check to be re-enabled and alerts function as expected.