Fortinet black logo

Release Notes

Home FortiNDR 7.4.0 Release Notes
7.4.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.1
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

New features and enhancements

New features and enhancements

The following is a summary of new features and enhancements in version 7.4.0. For details, see the FortiNDR 7.4.0 Administration Guide in the Document Library.

System

  • Introduced Sensor and Center modes. The default and original FortiNDR mode is now called Standalone mode. For information, see Standalone, Center and Sensor operating mode.

  • Enhanced CTS API for enrichment of IOCs returned from WebFilter as Phishing, Malicious Websites, and Spam categories to increase lookup speed.

  • Introduced proxy support for FortiGuard as a CLI feature. For more information, see config system fortiguard update.

  • FortiNDR is OT (operational technology) aware, meaning that NDR can now detect Industrial IPS attacks, detect OT type malware (Industroyer), and learn OT applications and apply ML to detect anomalies. For more information, see File types and protocols.

GUI

  • The Log & Report > Malware Log page, now supports batch download for detected malware. For more information, see Malware Log.

  • Change 1000F default sniffer to port3 and port4.

  • Backup now includes NFS file shares.

  • Auto submission now supports False Positive malware detection.

Netflow

  • The Netflow Botnet widget is now the Netflow Suspicious Activity widget. The widget has been enhanced to display Spam, Phishing, Tor and Proxy detections. For more information, see Netflow Dashboard.

Network

  • FortiNDR VM now supports multiple interface sniffering (port2 and port5).
  • FortiNDR has the ability to mute certain detections. For more information, see NDR Muting.

  • Introduced MITRE information support for network attack. To view the MITRE attack information, go to Network Insights > Network Attacks, then open an entry and click the Explore Attack Name. For more information, see Network Insights.

Machine Learning (ML)

  • ML configuration now includes vlanID.
  • ML configuration supports source IP grouping for different baselines.

For more information, see ML Configuration.

Log & Report

  • Introduced sending syslog of all detections including upload and Network share.

CLI

Note

Most of the existing CLIs from FortiNDR v7.2.1 are available in Standalone, Center, and Sensor modes unless indicated otherwise in the FortiNDR CLI Reference Guide.

  • Introduced an option to backup network share configuration for standalone and sensor modes.

  • Added new CLI to update FortiNDR data retention settings for Center mode only.

  • The following new CLI commands are available in FortiNDR 7.4.0:
    • diagnose fds list for Standalone/Center/Sensor modes.
    • diagnose autoupdate status for Standalone/Center/Sensor modes.
    • config system ndr settings for loading SCADA DB.
  • The following new options were added for Standalone/Center/Sensor modes:
    • configure system fortiguard update
    • set tunneling-status {enable | disable}
    • set tunneling-address {web_proxy_address}
    • set tunneling-port {web_proxy_port}
    • set tunneling-username {proxy_user_name}
    • set tunneling-password {proxy_user_password}
Previous
Next

New features and enhancements

The following is a summary of new features and enhancements in version 7.4.0. For details, see the FortiNDR 7.4.0 Administration Guide in the Document Library.

System

  • Introduced Sensor and Center modes. The default and original FortiNDR mode is now called Standalone mode. For information, see Standalone, Center and Sensor operating mode.

  • Enhanced CTS API for enrichment of IOCs returned from WebFilter as Phishing, Malicious Websites, and Spam categories to increase lookup speed.

  • Introduced proxy support for FortiGuard as a CLI feature. For more information, see config system fortiguard update.

  • FortiNDR is OT (operational technology) aware, meaning that NDR can now detect Industrial IPS attacks, detect OT type malware (Industroyer), and learn OT applications and apply ML to detect anomalies. For more information, see File types and protocols.

GUI

  • The Log & Report > Malware Log page, now supports batch download for detected malware. For more information, see Malware Log.

  • Change 1000F default sniffer to port3 and port4.

  • Backup now includes NFS file shares.

  • Auto submission now supports False Positive malware detection.

Netflow

  • The Netflow Botnet widget is now the Netflow Suspicious Activity widget. The widget has been enhanced to display Spam, Phishing, Tor and Proxy detections. For more information, see Netflow Dashboard.

Network

  • FortiNDR VM now supports multiple interface sniffering (port2 and port5).
  • FortiNDR has the ability to mute certain detections. For more information, see NDR Muting.

  • Introduced MITRE information support for network attack. To view the MITRE attack information, go to Network Insights > Network Attacks, then open an entry and click the Explore Attack Name. For more information, see Network Insights.

Machine Learning (ML)

  • ML configuration now includes vlanID.
  • ML configuration supports source IP grouping for different baselines.

For more information, see ML Configuration.

Log & Report

  • Introduced sending syslog of all detections including upload and Network share.

CLI

Note

Most of the existing CLIs from FortiNDR v7.2.1 are available in Standalone, Center, and Sensor modes unless indicated otherwise in the FortiNDR CLI Reference Guide.

  • Introduced an option to backup network share configuration for standalone and sensor modes.

  • Added new CLI to update FortiNDR data retention settings for Center mode only.

  • The following new CLI commands are available in FortiNDR 7.4.0:
    • diagnose fds list for Standalone/Center/Sensor modes.
    • diagnose autoupdate status for Standalone/Center/Sensor modes.
    • config system ndr settings for loading SCADA DB.
  • The following new options were added for Standalone/Center/Sensor modes:
    • configure system fortiguard update
    • set tunneling-status {enable | disable}
    • set tunneling-address {web_proxy_address}
    • set tunneling-port {web_proxy_port}
    • set tunneling-username {proxy_user_name}
    • set tunneling-password {proxy_user_password}
Previous
Next