Fortinet black logo

Introduction

Copy Link
Copy Doc ID 1fa3bac2-c6c8-11ea-8b7d-00505692583a:535328
Download PDF

Introduction

FortiInsight is a unique data security and threat detection solution that delivers advanced threat hunting to help you detect, respond to, and manage risky behaviors that put your organization's business-critical data at risk. FortiInsight combines powerful and flexible machine learning with detailed forensics around user actions to provide complete visibility of activities around your organization's data. By monitoring user behavior and data movement both on and off your organization's network, and instantly alerting you to anomalous activities, FortiInsight helps you strengthen your security posture, protect your sensitive information, and support regulatory compliance.

What's new in FortiInsight version 6.2.0

The following table lists new features and enhancements in FortiInsight version 6.2.0:

Feature

Description

Increased storage of events

Due to architecture, and system improvements FortiInsight will now default to storing 30 days worth of live events, and 12 months of Archive events.

  • Previously only 7 days live, and 2 months of archive events were able to be stored. This has now seen a 4 x improvement on Live events, and a 6 x improvement for Archive events.

FortiInsight-VM initial pre-release

Support for running FortiInsight on-prem with provided distributions on MS Hyper-V, VMWare ESXI, and Linux KVM. Full release coming mid-Q3.

Command Line arguments

Command Line arguments integrated throughout the FortiInsight pipeline. This requires endpoint > 5.2 to begin to collect this new information.

  • Command-line arguments are now present on all “new process created” events where applicable.
  • You can now use these to craft policies targeting command line arguments

Support for file printed events

File printed events are now fully supported on the FortiInsight pipeline, and now contain additional meta-information such as:

  • Number of pages printed
  • Bytes printed
  • Name of the printer used
  • All the new meta-information fields are supported on policy creation, and AI will begin to learn behaviors associated with them.

Added table setting save

All table settings have been moved to behind a settings button. Here you can check/uncheck which columns you want to show, and how many rows you want to display on the table.

Event information

All policy and ai alerts will now contain all event information for the event that triggered them, including command-line arguments, and file printed information.

Date Time picker improvements

  • Added search-ability on pressing enter.
  • Restyling to show a much clearer error indication.

Update to search bar errors

Errors will no longer be visible in line, breaking the display of the search bar. They now have their own section.

System requirements

To successfully install and use FortiInsight version 6.2.0, your system must meet the following requirements.

Component

Requirements

Endpoint agent support

FortiInsight provides endpoint agents for the following platforms:

  • Windows 7 and later (32-bit and 64-bit)
  • Windows Server 2008 and later (32-bit and 64-bit)

Endpoint computers

  • 1.0 GHz CPU - x86 or x64 (agent uses 0.1% to 5%)
  • 1 GB RAM (agent uses 10 to 30 MB)
  • 20 MB free disk space (more space is needed to store compressed and encrypted offline events)

Browser

  • Google Chrome (recommended)
  • Chromium
  • Mozilla Firefox
  • Apple Safari

Other web browsers may work correctly, but FortInsight does not support them.

Input devices

The FortiInsight UI is not optimized to use with touch devices. We recommend using a keyboard and mouse as the input devices for interacting with the UI.

Related resources

The following resources provide more information about FortiInsight:

Introduction

FortiInsight is a unique data security and threat detection solution that delivers advanced threat hunting to help you detect, respond to, and manage risky behaviors that put your organization's business-critical data at risk. FortiInsight combines powerful and flexible machine learning with detailed forensics around user actions to provide complete visibility of activities around your organization's data. By monitoring user behavior and data movement both on and off your organization's network, and instantly alerting you to anomalous activities, FortiInsight helps you strengthen your security posture, protect your sensitive information, and support regulatory compliance.

What's new in FortiInsight version 6.2.0

The following table lists new features and enhancements in FortiInsight version 6.2.0:

Feature

Description

Increased storage of events

Due to architecture, and system improvements FortiInsight will now default to storing 30 days worth of live events, and 12 months of Archive events.

  • Previously only 7 days live, and 2 months of archive events were able to be stored. This has now seen a 4 x improvement on Live events, and a 6 x improvement for Archive events.

FortiInsight-VM initial pre-release

Support for running FortiInsight on-prem with provided distributions on MS Hyper-V, VMWare ESXI, and Linux KVM. Full release coming mid-Q3.

Command Line arguments

Command Line arguments integrated throughout the FortiInsight pipeline. This requires endpoint > 5.2 to begin to collect this new information.

  • Command-line arguments are now present on all “new process created” events where applicable.
  • You can now use these to craft policies targeting command line arguments

Support for file printed events

File printed events are now fully supported on the FortiInsight pipeline, and now contain additional meta-information such as:

  • Number of pages printed
  • Bytes printed
  • Name of the printer used
  • All the new meta-information fields are supported on policy creation, and AI will begin to learn behaviors associated with them.

Added table setting save

All table settings have been moved to behind a settings button. Here you can check/uncheck which columns you want to show, and how many rows you want to display on the table.

Event information

All policy and ai alerts will now contain all event information for the event that triggered them, including command-line arguments, and file printed information.

Date Time picker improvements

  • Added search-ability on pressing enter.
  • Restyling to show a much clearer error indication.

Update to search bar errors

Errors will no longer be visible in line, breaking the display of the search bar. They now have their own section.

System requirements

To successfully install and use FortiInsight version 6.2.0, your system must meet the following requirements.

Component

Requirements

Endpoint agent support

FortiInsight provides endpoint agents for the following platforms:

  • Windows 7 and later (32-bit and 64-bit)
  • Windows Server 2008 and later (32-bit and 64-bit)

Endpoint computers

  • 1.0 GHz CPU - x86 or x64 (agent uses 0.1% to 5%)
  • 1 GB RAM (agent uses 10 to 30 MB)
  • 20 MB free disk space (more space is needed to store compressed and encrypted offline events)

Browser

  • Google Chrome (recommended)
  • Chromium
  • Mozilla Firefox
  • Apple Safari

Other web browsers may work correctly, but FortInsight does not support them.

Input devices

The FortiInsight UI is not optimized to use with touch devices. We recommend using a keyboard and mouse as the input devices for interacting with the UI.

Related resources

The following resources provide more information about FortiInsight: