Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    21.2.0
    21.2.0
    21.1.0
    6.4.0
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    Introduction

    Introduction

    This document provides the following information for FortiInsight version 21.2:

    What's new in FortiInsight Cloud version 21.2

    The following table lists new features and enhancements in FortiInsight Cloud version 21.2.

    Feature

    Description

    Enhanced User Profile / Timeline
    • User Context Dashboard. A dashboard giving a high level overview of user activity.
    • User Context Timeline
    • User Context Details
    • User Context Tracking

    Updated Polices

    The following policies have been updated to reduce noise: File Downloaded Through a LOLBAS Binary

    PSExec Executed On All Machines In Domain

    Enhanced User Profile / Timeline

    User Context Dashboard

    For example, from Threat Hunting > Live, right click on the user and select View User Profile. This now displays the user profile in a widget style, like the FortiInsight Dashboard. Widget data can be exported to file, maximised for viewing or drill down to view the low-level data.

    User Context Timeline

    From Contexts > Users on the navigation pane. User activity is shown on a new timeline chart, detailing the number of active users at a given time.

    Hovering over the bar will highlight the number of users.

    Double clicking on the bar will display enhanced user information for those users.

    Such as:

    • Department—Corporate department the user works in.
    • Manager—Full name of the user's manager. Click to navigate to the manager's user profile.
    • Status—Whether the user's account is active, disabled.

    User Context Details

    From Contexts > Users on the navigation pane. Previously, hovering over the user's name displayed the user context details. Now, clicking on the user name field displays the details in a standardized view.

    User Context Tracking

    The LDAP agent allows you to sync your Active Directory to FortiInsight. Its aim is to increase the effective searches based on individual users, their managers, department and location.

    To install the agent

    1. Go to Contexts.
    2. Select Users.
    3. Select Download LDAP Client.
    4. Click Download.

    FortiInsight Agents

    Feature

    Description

    MAC Connector[DH1]

    • Adds support for MacOSX 11 “Big Sur”
    • Integrates with Endpoint security framework provided by MacOSX
    • All “new process created” activities will now report the command line arguments used to start the process

    Windows Connector
    • Support for “shift-delete” on files, or folders, has now been added ensuring these are reported correctly as “file deleted” events.
    • You can now ensure that the endpoint agent will verify SSL/TLS certificates before attempting to send data.
    • Added further enhancements to “file uploaded” and “file downloaded” events.
    • Support added for very short-lived process, to ensure that collection is not disrupted.
    Mac Connector
    Endpoint Security Framework

    The MacOSX connector now supports directly with the Endpoint Security Framework provided by Apple. Internally, this ensure that all events are now collected via this method rather than utilising a custom Kext module. It also allows support for MacOSX 11 (Big Sur).

    Command Line Arguments

    Command line arguments, if applicable, are now shown for each Mac event, to standardise agent collection of data.

    Windows Connector
    Files Deleted Event for Shift Delete

    Shift delete operations and removable media deletes have been added to the windows connector and are shown as File Deleted operations in FortiInsight.

    Verify SSL Certificate

    When installing the windows agent, if the Verifiy host TLS/SSL certificate box is ticked any connection to the host will be blocked if the SSL/TLS certificate is invalid or the url does not match the certificate. This is disabled by default.

    Related resources

    The following resources provide more information about FortiInsight:

    Previous
    Next

    Introduction

    Introduction

    This document provides the following information for FortiInsight version 21.2:

    What's new in FortiInsight Cloud version 21.2

    The following table lists new features and enhancements in FortiInsight Cloud version 21.2.

    Feature

    Description

    Enhanced User Profile / Timeline
    • User Context Dashboard. A dashboard giving a high level overview of user activity.
    • User Context Timeline
    • User Context Details
    • User Context Tracking

    Updated Polices

    The following policies have been updated to reduce noise: File Downloaded Through a LOLBAS Binary

    PSExec Executed On All Machines In Domain

    Enhanced User Profile / Timeline

    User Context Dashboard

    For example, from Threat Hunting > Live, right click on the user and select View User Profile. This now displays the user profile in a widget style, like the FortiInsight Dashboard. Widget data can be exported to file, maximised for viewing or drill down to view the low-level data.

    User Context Timeline

    From Contexts > Users on the navigation pane. User activity is shown on a new timeline chart, detailing the number of active users at a given time.

    Hovering over the bar will highlight the number of users.

    Double clicking on the bar will display enhanced user information for those users.

    Such as:

    • Department—Corporate department the user works in.
    • Manager—Full name of the user's manager. Click to navigate to the manager's user profile.
    • Status—Whether the user's account is active, disabled.

    User Context Details

    From Contexts > Users on the navigation pane. Previously, hovering over the user's name displayed the user context details. Now, clicking on the user name field displays the details in a standardized view.

    User Context Tracking

    The LDAP agent allows you to sync your Active Directory to FortiInsight. Its aim is to increase the effective searches based on individual users, their managers, department and location.

    To install the agent

    1. Go to Contexts.
    2. Select Users.
    3. Select Download LDAP Client.
    4. Click Download.

    FortiInsight Agents

    Feature

    Description

    MAC Connector[DH1]

    • Adds support for MacOSX 11 “Big Sur”
    • Integrates with Endpoint security framework provided by MacOSX
    • All “new process created” activities will now report the command line arguments used to start the process

    Windows Connector
    • Support for “shift-delete” on files, or folders, has now been added ensuring these are reported correctly as “file deleted” events.
    • You can now ensure that the endpoint agent will verify SSL/TLS certificates before attempting to send data.
    • Added further enhancements to “file uploaded” and “file downloaded” events.
    • Support added for very short-lived process, to ensure that collection is not disrupted.
    Mac Connector
    Endpoint Security Framework

    The MacOSX connector now supports directly with the Endpoint Security Framework provided by Apple. Internally, this ensure that all events are now collected via this method rather than utilising a custom Kext module. It also allows support for MacOSX 11 (Big Sur).

    Command Line Arguments

    Command line arguments, if applicable, are now shown for each Mac event, to standardise agent collection of data.

    Windows Connector
    Files Deleted Event for Shift Delete

    Shift delete operations and removable media deletes have been added to the windows connector and are shown as File Deleted operations in FortiInsight.

    Verify SSL Certificate

    When installing the windows agent, if the Verifiy host TLS/SSL certificate box is ticked any connection to the host will be blocked if the SSL/TLS certificate is invalid or the url does not match the certificate. This is disabled by default.

    Related resources

    The following resources provide more information about FortiInsight:

    Previous
    Next