March 2026 Platform Releases

Generally Available

• Alerts dashboard updates

  • Alert summary view:

    • New alert frequency interface to better visualize the frequency of alerts by severity.

    • Total alert count now displayed in the Alert Summary view.

  • Alerts data table:

    • Default sorting updated to sort by Severity.

    • Consistent secondary sorting: Start Time is always the secondary sort key, even when you sort by other columns, keeping ordering stable and predictable.

    • Default page size is now 100 (the maximum supported by the data table).

    • Filterable fields now show a filter icon on hover, replacing the previous tag-style (such as Category, Sub-category, and so on).

    • Bulk-selected items are cleared whenever filters or the date and time picker are updated, preventing actions on out-of-scope selections.

  • AI Assist

    • Expanded quick actions to three, adding a third AI Assist quick action, giving you more targeted options when reviewing alerts:

      • Triage: Provides a fast assessment to help you validate whether an alert is likely a false positive (FP) or a true positive (TP)—and, most importantly, whether the alert requires attention right now with score out of 10.

      • Summarize renamed to Incident Report to better match what it delivers: a more detailed, structured report that is grounded in the alert context and facts (for example, based on the alert details and supporting signals, not generic guidance).

• Improved FortiGate integration in Explorer and Attack Path

  Explorer now integrates FortiGate firewalls into the Explorer graph and attack path view, giving you comprehensive visibility across both managed and unmanaged attack surfaces.

  Using the graph, you can now:

  • Visualize FortiGate firewalls directly in the Explorer graph to better understand your attack surface.

  • Identify situations where FortiGates are deployed but resources are still reachable through alternate paths.

  • Prioritize unmanaged attack paths to reduce overall exposure.

  • Use edge color indicators to quickly see whether a resource is protected by FortiGate.

  Supported network topologies:

  • AWS

    • Transit Gateway

    • High Availability

  • GCP

    • High Availability

  • Azure

    • Single FortiGate

    • Active/Passive SDN

    • Active/Passive ELB-ILB

• RiskWatch: Runtime Vulnerability Detection and Prioritization

  RiskWatch combines real-time visibility with vulnerability intelligence to detect and prioritize exploitable runtime vulnerabilities by:

  • Probing endpoint activity, monitoring binaries, libraries, and processes.

  • Integrating CVE data for accurate vulnerability assessment.

  • Analyzing network reachability to identify exposed systems.

  View active probes and results in the Agents > Probes dashboard.

  For more information, see Probes in the FortiCNAPP Administration Guide.

• New Azure service coverage added

  The following Azure services and related datasources are now available:

  Cost Managment:

  • microsoft.costmanagement/exports

  Hybrid Network:

  • microsoft.hybridnetwork/publishers

  Advisor:

  • microsoft.advisor/configurations

  For more information, see Datasource Metadata. Note that the introduction of new services may require you to modify the privileges of the FortiCNAPP user in your cloud accounts. For more information, see Maintain Cloud Integrations with Terraform.

• New AWS service coverage added

  The following AWS service and related datasources are now available:

  • Route 53 Resolver

  For more information, see Datasource Metadata. Note that the introduction of new services may require you to modify the privileges of the FortiCNAPP user in your cloud accounts. For more information, see Maintain Cloud Integrations with Terraform.

• AWS Terraform, Cloudformation, and Control Tower configuration module upgrades

  These releases add or update permissions to scan the following AWS services and APIs:

  • AWS Keyspaces

    • list_keyspaces

    • get_keyspace

    • list_tables

    • get_table

    • get_table_auto_scaling_settings

    • list_types

    • get_type

  The following new versions of these modules have been released:

  • Terraform terraform-aws-config version 0.25.0

  • CloudFormation lacework-aws-cfg version 0.8.0

  • Config+CloudTrail CloudFormation lacework-aws-ct-cfg version 0.7.0

  • Control Tower lacework-control-tower-cfn version 3.3.3 or 4.0.1

  • AWS Organizations aws-org-cf-lacework version 1.1.6

  You should upgrade to the latest release for the appropriate module you use to manage your AWS configuration integration.

  For more information about Terraform, see Maintain Cloud Integrations with Terraform.

  For more information about CloudFormation, see AWS Integration Using CloudFormation.

  For more information about Control Tower, see AWS Control Tower Integration Using CloudFormation.

• Cursor IDE extension

  Code Security offers a Cursor extension through the VSX marketplace. See Cursor.

Public Preview

• Configure policy exceptions for all codespaces

  Policy exceptions can be configured and applied to all codespaces and repositories within an account. See Configuring exceptions.

• Data Security Posture Management (DSPM)

  FortiCNAPP DSPM continuously discovers, classifies, and monitors sensitive data across your cloud environments to reduce data exposure risk. Using DSPM you can scan your cloud accounts for:

  • Credit card information.

  • Bank account information including IBAN and SWIFT numbers.

  • Personally identifying information (PII) including social security numbers and their variations for different countries, email addresses, phone numbers, and date of birth information.

  See DSPM.