26 June 2023 version 2023.6
New Functionality
FortiEDR integration
Integration with FortiEDR is available and can be enabled from the Account Management page in the Modules tab. Once the integration is enabled, you can view the FortiEDR information in the Entity Panel from any events table in the portal.
Enhanced functionality
Pivot to Detections Table from the default dashboard
In the Resolved Detections widget, you can click a data point in the chart or the Total detections to view all the resolved detections in the Detections Table.
The Detections Table displays the resolved detections reported in the widget.
Enhanced date filtering
The date filter now includes an option to only show resolved detections within the selected time range.
Enabling this option will disable the buttons in the Severity filter until you disable it again.
Enhanced tagging
A new Activities column has been added to the Investigate tab. This column indicates the investigation was tagged, as well the number of tags, and the tag label.
Tags are also visible in the Search Timeline tab.
You can filter the page to show only tagged Investigations, or tagged investigations by tag label.
As you drill down in the investigation, you are able to hide notes.
GUI improvements: Detections Table
A color-coded bar has been added to the left side of the Detections Table. A red bar indicates Resolved events and a green bar indicates Active events.
New detection rules and observations
The following table lists the new detections rules and observations in FortiNDR Cloud:
|
Name |
Analytic Type |
Description |
|---|---|---|
| Unusually High Bandwidth RDP Activity | Observation |
This observation identifies a higher-than-normal volume of data exiting the device the user RDP'd into. This could indicate a user is trying to extract information from the system in an abusive use case. |