Fortinet black logo

Release Notes

Home FortiEDR/XDR 5.2.1 Release Notes
5.2.1
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.3
5.0.2
5.0.1
4.2.2
4.1.1
4.1.0

What's new

What's new

This section identifies new features and enhancements available with FortiEDR 5.2.1.

Note

If you upgrade from FortiEDR 5.0.0 to 5.2.1, see also the following for additional new features introduced in FortiEDR 5.1.0 and 5.2.0:

Enhancements to user management and access control

FortiEDR 5.2.1 adds more predefined user roles for better access control and enhances the user management process.

Choose from the following roles when creating users or defining LDAP and SAML authentication. For roles that are not authorized for certain tasks or devices, FortiEDR hides or disables the related menu items, items in content pages, and buttons.

Role

New/Changed?

Description
Admin No change in privilege but no more distinction of Local Admin and Admin in multi-tenancy: Admin access to one or all organizations is now defined in the Organization field. Highest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
Senior Analyst Renamed from User Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.
Analyst New SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

IT

New

IT staff who can define settings related to the FortiEDR integration with the customer echo system.

Read-Only

New

Basic role with read-only access to all functions except system configuration.
Note

For Multi-tenancy (Organizations) systems, you can also configure the user with role-specific access to all organizations.

In addition to the roles changes, enhancements are also made in the user creation and editing process and LDAP and SAML authentication settings.

XDR extended data lakes support: Google Security Command Center and Amazon GuardDuty

FortiEDR 5.2.1 extends FortiXDR detection and response with the following new data lakes:

  • Google Security Command Center (Google SCC)

  • Amazon (AWS) GuradDuty

FortiXDR now automatically collects activity logs from the two data lakes. By leveraging Fortinet Cloud Services (FCS) advanced analytics, artificial intelligence, and correlation capabilities, FortiXDR can generate fine-grained alerts based on Google SCC and AWS GuardDuty logs. This new capability is license-dependent.

Zero Trust incident response capabilities

FortiEDR 5.2.1 extends FortiXDR detection and response with new out-of-the-box capability to tag a device as Zero Trust device with FortiClient EMS using a new out-of-the-box Identity Management Connector.

User access incident response capabilities

FortiEDR 5.2.1 extends FortiXDR response actions with the new out-of-the-box user access-related capabilities of resetting a user’s password and disabling a user’s account using the new User Access Connector support Active Directory.

Licensing restrictions removal for Forensics > Events

FortiEDR 5.2.1 no longer requires a specific type of license to access the Forensics > Events page. All user roles with Forensics permission can now access the Forensics > Events page, regardless of the license type.

Threat Hunting scheduled queries trigger Incident Response actions

FortiEDR 5.2.1 allows you to enable incident response actions upon custom detection that Threat Hunting scheduled queries rules trigger.

New time filter in Event Viewer

You can now filter security events by time to narrow down the results to a certain period, such as the last 7 days. Use the time filter to handle events more efficiently.

FortiGate Connector supports virtual domains

In FortiEDR 5.2.1, you can integrate incident response actions with FortiGate and FortiManager virtual domains (VDOMs).

Previous
Next

What's new

This section identifies new features and enhancements available with FortiEDR 5.2.1.

Note

If you upgrade from FortiEDR 5.0.0 to 5.2.1, see also the following for additional new features introduced in FortiEDR 5.1.0 and 5.2.0:

Enhancements to user management and access control

FortiEDR 5.2.1 adds more predefined user roles for better access control and enhances the user management process.

Choose from the following roles when creating users or defining LDAP and SAML authentication. For roles that are not authorized for certain tasks or devices, FortiEDR hides or disables the related menu items, items in content pages, and buttons.

Role

New/Changed?

Description
Admin No change in privilege but no more distinction of Local Admin and Admin in multi-tenancy: Admin access to one or all organizations is now defined in the Organization field. Highest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
Senior Analyst Renamed from User Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.
Analyst New SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

IT

New

IT staff who can define settings related to the FortiEDR integration with the customer echo system.

Read-Only

New

Basic role with read-only access to all functions except system configuration.
Note

For Multi-tenancy (Organizations) systems, you can also configure the user with role-specific access to all organizations.

In addition to the roles changes, enhancements are also made in the user creation and editing process and LDAP and SAML authentication settings.

XDR extended data lakes support: Google Security Command Center and Amazon GuardDuty

FortiEDR 5.2.1 extends FortiXDR detection and response with the following new data lakes:

  • Google Security Command Center (Google SCC)

  • Amazon (AWS) GuradDuty

FortiXDR now automatically collects activity logs from the two data lakes. By leveraging Fortinet Cloud Services (FCS) advanced analytics, artificial intelligence, and correlation capabilities, FortiXDR can generate fine-grained alerts based on Google SCC and AWS GuardDuty logs. This new capability is license-dependent.

Zero Trust incident response capabilities

FortiEDR 5.2.1 extends FortiXDR detection and response with new out-of-the-box capability to tag a device as Zero Trust device with FortiClient EMS using a new out-of-the-box Identity Management Connector.

User access incident response capabilities

FortiEDR 5.2.1 extends FortiXDR response actions with the new out-of-the-box user access-related capabilities of resetting a user’s password and disabling a user’s account using the new User Access Connector support Active Directory.

Licensing restrictions removal for Forensics > Events

FortiEDR 5.2.1 no longer requires a specific type of license to access the Forensics > Events page. All user roles with Forensics permission can now access the Forensics > Events page, regardless of the license type.

Threat Hunting scheduled queries trigger Incident Response actions

FortiEDR 5.2.1 allows you to enable incident response actions upon custom detection that Threat Hunting scheduled queries rules trigger.

New time filter in Event Viewer

You can now filter security events by time to narrow down the results to a certain period, such as the last 7 days. Use the time filter to handle events more efficiently.

FortiGate Connector supports virtual domains

In FortiEDR 5.2.1, you can integrate incident response actions with FortiGate and FortiManager virtual domains (VDOMs).

Previous
Next