Release notes for IBM Cloud Monitoring

Terminology related to alerts has been updated:

• Metric Alerts are now called Threshold Alerts.
• Threshold Alerts now include a Duration setting, specifying how long an alert condition must be continuously satisfied before triggering the alert rule.
• PromQL Alerts are now called Prometheus Alerts.
• Standarized terminology:
  • Range refers to the time period over which a metric is aggregated. The Alert Editor still refers to this field with “over the last”.
  • Duration refers to how long an alert condition must be continuously met to trigger an alert rule.

With unified search you can search across name, description, and scope values in a single, unified search bar.

For alert events you can search the condition, state, threshold, alert type, and the alert notification title.

Filtering by event titles lets you quickly filter events by title.

You can bookmark and keep a history of searches.

For more information, see Filter and Search Events

IBM Cloud Monitoring has deprecated the Graduated Tier - Sysdig Secure + Monitor pricing plan. Users can maintain the same functionality by configuring an IBM Cloud Monitoring instance connected to an IBM Cloud Security and Compliance Center Workload Protection instance by 18 August 2024.

For more information, see Can IBM Cloud Monitoring and IBM Cloud Security and Compliance Center Workload Protection be used together? and The Graduated Tier - Sysdig Secure + Monitoring plan is deprecated. How do I keep using Workload Protection functionality?

The Python library for IBM Cloud Monitoring is deprecated.

Users using the library will need to migrate to Terraform or the REST API before the library is removed on 18 January 2025.

The IBM Cloud Monitoring legacy Metrics Explorer is deprecated and will be removed on 18 January 2025.

Users should use the new Metrics Explorer.

The IBM Cloud Monitoring legacy Alerts Editor is deprecated and will be removed on 18 April 2024.

Users should use the new Alerts Editor.

IBM Cloud Security and Compliance Center Workload Protection can be used in conjunction with IBM Cloud Monitoring. The Workload Protection Scanning Engine V1 is deprecated and replaced with a new scanning engine wih better performace and capabilities.

New instances will automatically have the new scanning engine deployed. Existing instances will need to be migrated to the new scanning engine by 18 January 2025. Learn more

When migrating, customers need to migrate from the legacy node-analyzer to the new node-analyzer. In some cases uninstalling and reinstalling using Helm is the simplest approach. Customers using Pipeline or Registry Scanning need to start using the new scanning components.

Documentation has been updated to include the following:

• Information on using IBM Cloud® Monitoring to monitor VMware vCenter Server deployments.

• Information on a new method to monitor Windows environments using the Windows Prometheus Bundle.

The documentation for the IBM Cloud® Monitoring Workload Protection service has moved from the IBM Cloud® Monitoring documentation to the IBM Cloud Security and Compliance Center Workload Protection documentation.

Links to the IBM Cloud Security and Compliance Center Workload Protection documentation are included in the IBM Cloud® Monitoring documentation as appropriate.

The alerts editor has been changed. The legacy alerts editor is still available, but requires the follow steps to access it:

1. Launch IBM Cloud Monitoring.

2. Click the center of the UI and open the frame as a new tab. How to open the frame in a new tab will be determined by the browser you are using.

3. In the URL replace the value beginning with # with #/alerts/legacy-editor/new. The legacy editor will be displayed.

For example, change https://us-east.monitoring.cloud.ibm.com/#/alerts/rules?direction=asc&sortBy=name to https://us-east.monitoring.cloud.ibm.com/#/alerts/legacy-editor/new

The UI now displays IBM Cloud® Monitoring Secure functions under the new name Workload Protection.

• The Secure icon has changed and now includes the text Workload Protection.

• To access the Secure UI, select Workload Protection instead of Secure.

• All instructions in the IBM Cloud® Monitoring documentation referring to Secure apply to Workload Protection.

The following changes have been made:

• New user interface to manage alerts.

  You can still manage alerts by using the legacy editor. However, notice that new features are only available through the new editor.

• New configuration settings to help you troubleshoot issues. You can configure a dashboard and a runbook with an alert.

Deprecated features:

• Deprecation of the Anomaly Detection and Group Outlier alert types. You can view and manage existing alerts but you cannot define new ones.

For more information, see Configure alerts.

The following changes have been made:

• Metrics and labels are stored and displayed in a Prometheus compatible naming convention.

• Some metrics and labels have been deprecated. Deprecated metrics and labels will no longer be available 30 days after this release. See Discontinued Metrics and Labels.

• Classic metrics have been replaced with context-explicit metrics. See Mapping Classic Metrics with PromQL Metrics.

• Troubleshooting metrics are collected at 10s intervals and stored for 4 days for program metrics, connection-level network metrics, and Kubernetes troubleshooting metrics. See Troubleshooting Metrics.

• You can use PromQL to query the metrics in the time series database.

  • You can run queries that handle larger volumes of data and perform faster.

  • You can reference the scope of a dashboard in PromQL queries by using $__scope. See Scope Variable in PromQL Dashboard.

• You can view the latest value of an entity in number panels, tables, histograms, and toplist panels. See Single Stat Panels Displays Latest Value

• In the Overview section, you can view the latest data as opposed to an aggregated value for widgets over the time window that is selected.

• You can display metrics that are scraped at different intervals on the same graph. See Mixed-Metric Granularity and Improved Granularity for PromQL panels.

• Realignment of time selections has been removed. See Removed Re-Alignment.

The following are known limitations in this release:

• Querying labels as metrics is limited to Infrastructure labels in Table panels.
• Panels that are not timecharts, such as Number panels, might not display aggregated data for the full requested time range.

Deprecated features:

• Topology Maps are deprecated due to their incompatibility with the new data store.
• Agent derived percentiles are deprecated.

For more information, see Removed features.

Impact to your environment:

• Your existing dashboards, alerts and notifications will be automatically migrated to the new metric naming convention.
• Notifications that are sent by alerts (webhooks, PagerDuty, and so on) will use the new metric and label convention. If you are doing further processing to parse metrics or labels, you will need to update your scripts accordingly.
• Terraform or configuration scripts that are used for dashboards, alerts and notifications might need updating.

For more information, see Enhanced metric store.

New and updates compliance standards are supported.

• Updates to PCI DSS V3.2.1.
• New NIST 800-171 rev2 compliance.

You can monitor integrations using PromCat.

The following alert enhancements are available:

• The alert library provides a recommended list of alerts you can configure based on the services running in your infrastructure.

• The alerts page has been enhanced. Visual cues have been added to identify alerts that have not been resolved. Alerts can also be grouped based on the service they represent.

The following Kubernetes dashboard enhancements have been made:

• Workload dashboards are refreshed.
• Changes to the panel location and color coding.
• Workflow simplification.
• Improved capacity planning.
• Easier to read text boxes.

V2.4.4 is supported including the following updates:

• Security fixes.
• Adding a retry mechanism when pulling images from registries.
• Adding the ability to write a JSON log to a file.
• Fixed a malware scan issue.
• Fixed issue when getting images for registries not supporting tag listing.

Updates include:

• Moving Network from under Policies in the menu.
• Grouping Activity Audit and Captures into the Investigation menu item.
• Runtime scope moved in Activity Audit to allow more space for activity data.
• Activity types can be filtered directly from the graph.
• Displayed element attributes can be filtered from the list.

Changes include:

• New configuration panel allowing you to include or exclude a set of labels for a cluster or namespace.
• Adding the ability to label IPs not mapped to Kubernetes or OpenShift entities.
• Adding the ability to to configure internal subnets for clusters.
• Adding additional information when hovering over a network connection or network node.
• Adding unresolved IP filtering.
• Adding Network as an item in the navigation.

Functional updates include:

• The ability to scan hosts in addition to container images.
• Host benchmarks have been updated with additional checks and cluster aggregation.
• Image scanning is updated to automatically scan images if they have not been scanned.

You can silence alert notifications for a given scope or period of time.

The following labels have been added that can be used to scope dashboards and configure groups.

• kubernetes.workload.name
• kubernetes.workload.type

A number of new Kubernetes dashboards are available in beta.

An extended label set is available for PromQL queries.

You can use Microsoft Teams as a notification channel.

S3 compatible storage can be used for capture files.

The following updates have been made to webhook integration:

• TLS verification can be skipped.
• The ability to add custom headers to append to the alert format.

V2.4.0 is supported with the following changes:

• Security fixes.
• Addition of HTTP_PROXY and HTTPS_PROXY environment variables to retrieve the malware database inline behind a proxy.
• Addition of support for the .dockercfg repository authorization method.
• Use of HTTP1.1 by default.
• Fix for when a Docker UID is not 1000.

V3 of the image scanning reports is available in beta. Functional changes include:

• Allowing scheduling of reports and sending them through notification channels.
• Allowing a preview of the report structure in the UI.
• Adding an advanced query builder.
• Adding more data columns and filters.
• Adding two report types: vulnerability and policy.

The following changes have been made:

• Updates have been made to the scan results list.
• New table design for the vulnerabilities list.
• Ability to open individual vulnerabilities and display additional information.

The following features are deprecated for Secure:

• Commands Audit has been deprecated in favor of Activity Audit.
• Policy Events is deprecated in favor of the Events feed.

V2.3 is supported with the following changes:

• Removes the prefixing of image names with localbuild when unneccessary.
• Improved version detection for Logback, SpringFramework, and Tomcat Java.
• Allows setting openssl using the OPENSSL_SECLEVEL environment variable to support old certificates.
• Creation of a more robust image ID to avoid unnecessary image rescans.
• Added malware detection.

You can now import Prometheus alert rules.

The following dashboard enhancements have been released:

• You can edit the dashboard scope within the panel editor.
• You can set a dashboard template as the team entry point.

V0.1.9 is available with the following changes:

• Added support for running the analyzer in non-Kubernetes environments.
• Fixed an issue scanning images processed on GKE clusters using Docker and Containerd.
• Fixed an issue that prevented images without full tags from being processed on OpenShift.
• Improved version detection for Logback, SpringFramework, and Tomcat Java packages.
• Fixed issues when an incorrect Docker socket path was provided.

Plug-in V2.1 is available with the following changes:

• Improved scanning performance and execution.
• Proxy support for master and worker nodes.

V0.1.6 is available with the following changes:

• Proxy configuration support to run the analyzer behind a proxy.
• Support to scan images without a Repo tag.

V2.2 is available with the following changes:

• Vulnerability report added to the container output.
• Scanned images using the digest pullstring is stored using the truncated digest as a tag.
• Users running other than as root have a permission issue resolved.

V2.1 is available with the following changes:

• The ability to analyze scratch-based images.
• Fixes for retrieved PDF output for previously scanned images.
• Fixes for container vulnerabilities.

A new grouping editor helps you create and manage infrastructure groupings.

You can now transfer dashboard ownership to another user.

The following dashboard enhancements are now available:

• The ability the dashboard menu to the sidebar.
• The ability to specify your preference for open or closed categories.

New functionality to improve the editing experience and add new ways to visualize and consume data. Functional changes include:

• Addition of a form-based and PromQL method of building dashboards.
• Adding the ability to share dashboards with team members.
• Customizing time series names and exes values on the legend.
• The ability to configure multiple queries in a single panel.
• Adding the ability to create a unified view of both metrics and events.
• Availability of dashboard templates.
• The ability to map values to text.

PromQL support for querying Prometheus metrics has been added for a subset of users.

The following major changes are made in this release:

• Topology maps are no longer available in dashboards. Topology maps can be accessed through the Explore option.
• My Dashboards are no longer available under Explore.
• The dashboard wizard has been removed. Use the dashboard templates in place of thd dashboard wizard.
• History and summary metrics have been deprecated.
• Ability to configure scope variables on a dashboard to quickly filter metrics.
• Addition of intelligent auto-completion and syntax highlighting.
• The ability to define a default role when a new member is added to a team.
• Enhanced RBAC support.

Functional enhancements include:

• Metrics prioritized by event count and severity.
• Dashboards for insights.
• Added new default dashboards while retaining some existing dashboards and removing others.

Events can be filtered by scope to show the most relevant events. Filtering is available in the Explore and Dashboards views.

Functional enhacements in beta include:

• Support of native Prometheus time series ingestion.
• Addition of a PromQL dashboard.
• New dashboard functionality for greater configuration flexibility and query support.

The ability to mark a dashboard as a "favorite" has been added.

The ability to segment metrics by the following have been added:

• file.bytes.in
• file.bytes.out
• file.mount
• file.name

Groupings for Kubernetes have been modified.

The ability to customize the subject and body of an alert notification with variables has been extended.

Introduction of a common metrics format to ease comparison.

The instance name is now visible when creating and editing the instance name.

Kubernetes cluster and node capacity dashboards now have actual CPU and memory usage compared to requests, limits, and capacity that can be allocated.

In addition the Kubernetes health dashboard has been updated with metric aggregation across all containers running on the node.

Addition of a menu where you can add new dashboards and search for existing ones.

Added the ability to customize messages sent with alert notifications.

Added the ability to collect Prometheus metrics from remote endpoints.

The following additional enhancements were added.

• Kafka integration support for authentication and SSL/TLS.

• Addition of new Kubernetes metrics for pod counts.