Fortinet black logo

Release Notes

Home FortiEDR/XDR 6.0.0 Release Notes
6.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.3
5.0.2
5.0.1
4.2.2
4.1.1
4.1.0

GA build (Central Manager - 6.0.1.0155, Core - Build 6.0.1.0071, Threat Hunting Repository - Build 6.0.1.0132)

GA build (Central Manager - 6.0.1.0155, Core - Build 6.0.1.0071, Threat Hunting Repository - Build 6.0.1.0132)

The FortiEDR 6.0.0 GA build includes the following features:

Investigation View

The main scope of Investigation View is to provide an interactive graphical view of the event details: the chain of processes, actions done by each process, files & IPs accessed by the processes and other items that are involved in a security event generation by showing the relationship between them and timeline of the occurrences.

When reviewing a security event, you can press the Investigation View () button on the graph to launch the Investigation View, which can be used as a working pane for the following purposes:

  • Enriching the graph, such as adding processes/files/IPs to the graph

  • Performing investigation actions, such as showing how many devices have communicated this IP

  • Applying incident response actions

You can also launch the Investigation View from the Threat Hunting tab of a specific activity event to start investigation of the chain of events.

Threat Hunting Query Convertor

FortiEDR Threat Hunting queries are based on the Lucene syntax.

FortiEDR 6.0 supports conversion of STIX format, JSON or XML based queries into Lucene syntax. The conversion is available via the Threat Hunting Query box and supports pasting of the STIX query or uploading it from file.

Threat Intelligence Feed integration

FortiEDR 6.0 allows you to automatically create Threat Hunting queries based on the data fetched from STIX/TAXII feed using the Threat Intelligence Feed connector. Each connector will generate one Threat Hunting query that can be accessed and scheduled via Forensics >> Threat Hunting >> Saved Queries.

Password policy setting

FortiEDR 6.0 provides the ability to set a password policy for FortiEDR Console users to match the organization general policy. Password policy refers to the restrictions on passwords such as length, complexity etc.

Following an upgrade of previous FortiEDR versions to 6.0, all existing users will need to provide a new password upon their first login, such that it will match the new default password policy.

Refer to Central Manager - Build 6.0.1.0155 for a list of resolved issues for this build.

Previous
Next

GA build (Central Manager - 6.0.1.0155, Core - Build 6.0.1.0071, Threat Hunting Repository - Build 6.0.1.0132)

The FortiEDR 6.0.0 GA build includes the following features:

Investigation View

The main scope of Investigation View is to provide an interactive graphical view of the event details: the chain of processes, actions done by each process, files & IPs accessed by the processes and other items that are involved in a security event generation by showing the relationship between them and timeline of the occurrences.

When reviewing a security event, you can press the Investigation View () button on the graph to launch the Investigation View, which can be used as a working pane for the following purposes:

  • Enriching the graph, such as adding processes/files/IPs to the graph

  • Performing investigation actions, such as showing how many devices have communicated this IP

  • Applying incident response actions

You can also launch the Investigation View from the Threat Hunting tab of a specific activity event to start investigation of the chain of events.

Threat Hunting Query Convertor

FortiEDR Threat Hunting queries are based on the Lucene syntax.

FortiEDR 6.0 supports conversion of STIX format, JSON or XML based queries into Lucene syntax. The conversion is available via the Threat Hunting Query box and supports pasting of the STIX query or uploading it from file.

Threat Intelligence Feed integration

FortiEDR 6.0 allows you to automatically create Threat Hunting queries based on the data fetched from STIX/TAXII feed using the Threat Intelligence Feed connector. Each connector will generate one Threat Hunting query that can be accessed and scheduled via Forensics >> Threat Hunting >> Saved Queries.

Password policy setting

FortiEDR 6.0 provides the ability to set a password policy for FortiEDR Console users to match the organization general policy. Password policy refers to the restrictions on passwords such as length, complexity etc.

Following an upgrade of previous FortiEDR versions to 6.0, all existing users will need to provide a new password upon their first login, such that it will match the new default password policy.

Refer to Central Manager - Build 6.0.1.0155 for a list of resolved issues for this build.

Previous
Next