Fortisiem Release Notes

Fortisiem Release Notes

Release Notes FortiSIEM 6.3.0 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/training-certification NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://www.fortiguard.com END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: [email protected] 09/21/2021 FortiSIEM 6.3.0 Release Notes TABLE OF CONTENTS Change Log 4 Whats New in 6.3.0 5 New Features 5 Customizable GUI Login Banner 5 UTC and ISO8601 Formatted Dates 6 Ability to Tags Incidents and Search Incidents by Tag 6 Report Export in RTF Format 6 Trend Chart for Hourly/Daily/weekly Aggregates 6 Email Encryption via S/MIME 7 Load Balancing Inserts across Multiple Elasticsearch Coordinator Nodes 7 Watchlist Management API 7 JSON Incident API 7 FortiSIEM Collector as Management Extension Application (MEA) on FortiAnalyzer 7 Key Enhancements 8 Infrastructure Upgrade 8 Elasticsearch 7.12.1 Support 8 MITRE ATT&CK Framework Update to V0.9 8 Authentication for Kafka based Event Forwarding 8 Report Design Template Enhancements 8 Selective Role based Raw Message Obfuscation 9 Shared Dashboard Ownership Transfer 9 Custom Elasticsearch Mapping Template 9 Elasticsearch to EventDB Archive Performance Improvement 9 Optimize PostgreSQL Incident Query 10 New Device Support 10 Device Support Extensions 10 Bug Fixes and Minor Enhancements 10 Known Issues 14 Slow Event Database Operations Using Azure Managed NFS File Share Service 14 Need to Re-Configure Open Tunnel After Upgrade/Install of 6.3.0 15 Need to set Account Environment in Azure Cloud Support Access Credentials after Upgrade 16 Cut and Paste Issue into Report Designer Text Editor 16 Rule and Report Modifications since 6.2.1 16 FortiSIEM 6.3.0 Release Notes 3 Fortinet Technologies Inc. Change Log Date Change Description 07/08/2021 Initial version of FortiSIEM 6.3.0 Release Notes. 08/17/2021 Added Known Issue "Slow Event Database Operations Using Azure Managed NFS File Share Service" to 6.3.0 Release Notes. 09/21/2021 Updated Custom Elasticsearch Mapping Template section in 6.3.0 Release Notes. FortiSIEM 6.3.0 Release Notes 4 Fortinet Technologies Inc. Whats New in 6.3.0 Whats New in 6.3.0 This document describes the additions for the FortiSIEM 6.3.0 release. l New Features l Key Enhancements l New Device Support l Device Support Extensions l Bug Fixes and Minor Enhancements l Known Issues l Rule and Report Modifications since 6.2.1 New Features l Customizable GUI Login Banner l UTC and ISO8601 Timestamp Formatted Dates l Ability to Tag Incidents and Search Incidents by Tag l Report Export in RTF Format l Trend Chart for Hourly/Daily/Weekly Aggregates l Email Encryption via S/MIME l Load Balancing Inserts across Multiple Elasticsearch Coordinator Nodes l Watchlist Management API l JSON Incident API l FortiSIEM Collector as Management Extension Application (MEA) on FortiAnalyzer Customizable GUI Login Banner FortiSIEM administrators can now define a login banner page that GUI users will view, after entering their credentials. This page displays the last successful login time, changes to the user’s account since their last successful login, along with an administrator defined message. This message is typically used to warn against unauthorized system access. A default message is provided, but users with full admin privileges can change the message, create a new message, or completely disable this banner. This system setting applies for all users. For details on how to set up and customize a login banner, located at ADMIN > Settings > System > UI, see Administrator UI Settings. Notes: l This is a system wide screen for all users. l Some simple BBCode tags are allowed in this message input - “b” - bold, “i” - italic, “u” - underline, and “url”. l HTML tags are not allowed. l Nested tags are not allowed. FortiSIEM 6.3.0 Release Notes 5 Fortinet Technologies Inc. Whats New in 6.3.0 UTC and ISO8601 Formatted Dates Earlier releases displayed dates (e.g. in the INCIDENTS page) in local time format. In this release, two other time format options are added – UTC and ISO 8601. This is a per-user setting and the chosen time format is honored in the GUI for that user as well as for report exports, and scheduled reports done by that user and Incident email notification. For details on how to set up date display format, located at User Profile > UI Settings, see User Profile UI Settings. Ability to Tags Incidents and Search Incidents by Tag This release allows you to define Tags and then associate one or more Tags to Rules. Incidents triggered by that rule will have the associated Tags attribute as an Incident attribute. You can display Tags from the INCIDENTS page and search/filter Incidents by Tags. For MSSP deployments, Tags are globally defined for all Organizations. For details on how to define tags, see Tags. For details on how to set tags in rules, see Creating a Rule: Step 3: Define Actions. For details on how to display tags in INCIDENTS, see Acting on Incidents on how to add the Tags column to the INCIDENTS page. For details on how to search Incidents by tags, see Searching Incidents. From the Actions drop-down list, click Search. Use the Incident Tag filter in the same panel to locate tags. Report Export in RTF Format In earlier releases, reports could be exported in PDF and CSV formats. This release adds Rich Text Format (RTF) format that can be viewed using Microsoft Word. For setting RTF format for adhoc reports, see Email Results, Exporting Report Results, and Exporting Results. For setting RTF format for scheduled reports, see Scheduling a Report and Scheduling CMDB Reports. For more information on creating a report template, which can be sent in RTF format, see Designing a Report Template. Trend Chart for Hourly/Daily/weekly Aggregates In earlier releases, the granularity of time axis in trend charts was chosen automatically by the system. Therefore, user cannot have hourly, daily and weekly values plotted in Report Trend Charts. This release allows users this option. Because daily, weekly queries can take a long time to run, this works best in pre-computed queries and in dashboards where results are computed inline mode. In ANALYTICS, you can choose the trend option as part of Filter conditions. See Specifying a Trend Interval. In DASHBOARD, you can select Line chart as the display type, and then choose a trend option as part of a Widget Dashboard. See Modifying Widget Display Information. Trend Attributes can be added to scheduled reports, report bundles and through a real-time search. FortiSIEM 6.3.0 Release Notes 6 Fortinet Technologies Inc. Whats New in 6.3.0 Email Encryption via S/MIME This release allows you to send encrypted emails from FortiSIEM using S/MIME. Examples of emails send from FortiSIEM includes Incident notification emails, Scheduled Report emails, Adhoc Query Result email, etc... To first set up S/MIME, see Email Settings. After the S/MIME configuration, add the S/MIME certificate for a new user or to an existing one at CMDB > Users. Load Balancing Inserts across Multiple Elasticsearch Coordinator Nodes This release enables you to add multiple Elasticsearch Coordinator nodes in GUI. Then phDataManager process on each Worker will load balance event inserts across multiple Elasticsearch Coordinator nodes. This design allows faster parallel inserts and also protects against Coordinator node failures. The Coordinator nodes can be configured in the URL field for Native Elasticsearch configuration. Watchlist Management API This release allows you to view, add, edit Watchlist folders and entries (RESOURCES > Watchlist). See Watchlist Integration in the API Integration Guide. JSON Incident API This release allows you to integrate incidents from FortiSIEM with a JSON REST API. This is used for the ServiceNow SecOps integration. See JSON API Incident Integration in the API Integration Guide. FortiSIEM Collector as Management Extension Application (MEA) on FortiAnalyzer You can now run a FortiSIEM Collector as a management extension application (MEA) image on FortiAnalyzer 7.0.1 or higher. This alleviates the need for a separate FortiSIEM Collector node (Virtual machine or appliance), when you already have a FortiAnalyzer deployed, and it has sufficiently spare CPU, Memory and Disk available to run a FortiSIEM Collector. A FortiSIEM MEA Collector functionally works the same way as a regular virtual machine based FortiSIEM Collector or a hardware appliance 500F, but the set up and upgrade processes are slightly different. For general setup, troubleshooting, event collection, discovery and performance monitoring using a FortiSIEM MEA Collector, see the FortiSIEM MEA Collector Administration Guide in FortiAnalyzer 7.0 docs. The FortiSIEM MEA Administration Guide also covers upgrade issues and general differences between a FortiSIEM MEA Collector and a virtual machine/hardware appliance Collector. Note: To collect FortiSIEM Windows or Linux Agent logs via FortiSIEM MEA Collector, you need to run Windows Agent 4.1.2 or higher and Linux Agent 6.3.0 or higher. FortiSIEM 6.3.0 Release Notes 7 Fortinet Technologies Inc. Whats New in 6.3.0 Key Enhancements l Infrastructure Upgrade l Elasticsearch 7.12.1 Support l MITRE ATT&CK Framework Update to V0.9 l Authentication for Kafka based Event Forwarding l Report Design Template Enhancements l Selective Role based Raw Message Obfuscation l Shared Dashboard Ownership Transfer l Custom Elasticsearch Mapping Template l Elasticsearch to EventDB Archive Performance Improvement l Optimize PostgreSQL Incident Query Infrastructure Upgrade This release upgrades the underlying CentOS version to 8.4.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    19 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us