What's new
This section identifies new features and enhancements available with FortiEDR 5.1.0.
Application Control
This new capability enables blocking a provided blocklist of applications for reducing the attack surface and the exposure to threat. Different applications can be blocked across the entire organization or can be configured by a Collector group. Exceptions can be set for specific applications and specific groups. The capability requires the use of v5.1 Windows Collector.
Threat Hunting for Linux
Advanced and extensive behavior-based threat hunting, with the support of process-based threat hunting of files, log and network related activities. The capabilities include granular collection policies and collection exclusions for better control of the magnitude of the collected data in the Linux OS (RedHat, Centos). The capability is included and requires the use of v5.1 FortiEDR Linux Collector for RedHat or Centos.
Process Exclusions
Reducing TCO by providing the ability to exclude a known to be good process from FortiEDR monitoring. The capability requires the use of v5.1 Windows Collector.
NGAV Exclusions
Reducing TCO by providing the ability to exclude trusted files/folders from NGAV scan, wither periodic or on file execution. The capability requires the use of v5.1 Windows Collector.
Keylogging Activity Detection
New blocking options for process attempts to record keystrokes or mouse activity in a suspicious manner. The capability requires the use of v5.1 Windows Collector.
Threat Hunting enhanced data collection
New Activity Events types are now collected: Screen Capture and Keystroke Consumption of Process category, Direct Volume Access of File category, Socket Statistics, DNS Query and HTTP Request of Network category.
Threat Hunting terminology change
Threat Hunting settings as for which Activity Events should be collected are now called “Collection Profiles”. Exclusions to such profiles are now called “Collection Exclusions”.
Customer FortiEDR Serial Number
The serial number now appears in the FortiEDR Console at the Licensing page.