Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiNDR 7.6.4 Release Notes
    7.6.4
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.1
    7.1.0
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0

    New features and enhancements

    New features and enhancements

    This document provides information about FortiNDR version 7.6.4 build 0673.

    The following is a summary of new features and enhancements in version 7.6.4.

    For details, see the FortiNDR7.6.4 Administration Guide in the Document Library.

    System & Data Handling Updates

    • Database performance has been enhanced.
      Before upgrade, please see Upgrade information
    • The anti-virus database (AVDB) now supports patch updates.

    • Enhanced PCAP handling to improve both performance and overall usability.

    • Management port now supports LACP.

    File tagging (e.g., marking malicious files) is not supported in Center Investigations.

    Detection enhancements

    • Machine learning and NetFlow baselining are no longer started by default. You can now choose when to begin baselining, reducing unnecessary noise and alarms.

    • FortiNDR can now submit files to FortiSandbox for additional analysis. This extends the current integration, where FortiSandbox is able to use FortiNDR as a pre‑scan stage.

    Muting enhancements

    • You can now combine ML‑based discovery, traditional detections, and observation types within a single rule.

    • Multiple ML features can now be added as a single combined rule.

    • FortiNDR muting now applies to both historical traffic and new detections entering the network.

    GUI and navigation improvements

    • Replaced the term Anomaly with Detection and Observation, in Network Insights, Log & Report and throughout FortiNDR.

    • Device Name has been replaced with IP Tag and MAC Tag. These tags are configurable and can be used in scenarios where a firewall with many IP addresses sits behind a single MAC address.

    • Introduced a new sliding‑pane navigation method for accessing Profile Pages, making it easier for users to reach a device’s profile page.

    • A demo indicator has been added to the top‑right banner to show when demo mode is active.

    • Users are required to enter their current password when changing to a new one.

    CLI

    For detailed information about CLI commands, please refer to the FortiNDR CLI Reference.

    New CLI:

    • config system fortisandbox: Use this command to configure FortiSandbox settings. FortiNDR can send suspicious malware files to FortiSandbox and receive verdicts to validate whether they are false positives. For more informaiton, see FortiSandbox in the FortiNDR Administration Guide.

    • execute db sample_process_summary: Use this command to get the processing status of FortiNDR within a specific time period.

    • execute factoryreset-shutdown: Use this command to reset FortiNDR to its factory default settings for the current installed firmware version and shut down.

    • execute factoryreset-shutdown config: Use this command to reset FortiNDR to its factory default configurations for the current installed firmware version.

    • execute expandspooldisk: Use this command to expand /var/spool and `/var/log` disks on VM without losing pre-existing data.

    • execute cleanup pcap: Use this command to clean up PCAP related information in database and files in disk.

    • execute db migrate: Use this command to migrate or cleanup legacy table data (max of 7 days data at a time) when you upgrade FortiNDR to 7.6.4GA.

    Updated CLI:
    • config system interface: Added set type {aggregate} and set redundant-member <member-interface_name>.

    • config system global: Added set remoteauthtimeout <seconds> to set the global timeout (in seconds) for remote authentication transactions.

    • execute tac report: Updated pre-defined CLI commands
    Previous
    Next

    New features and enhancements

    New features and enhancements

    This document provides information about FortiNDR version 7.6.4 build 0673.

    The following is a summary of new features and enhancements in version 7.6.4.

    For details, see the FortiNDR7.6.4 Administration Guide in the Document Library.

    System & Data Handling Updates

    • Database performance has been enhanced.
      Before upgrade, please see Upgrade information
    • The anti-virus database (AVDB) now supports patch updates.

    • Enhanced PCAP handling to improve both performance and overall usability.

    • Management port now supports LACP.

    File tagging (e.g., marking malicious files) is not supported in Center Investigations.

    Detection enhancements

    • Machine learning and NetFlow baselining are no longer started by default. You can now choose when to begin baselining, reducing unnecessary noise and alarms.

    • FortiNDR can now submit files to FortiSandbox for additional analysis. This extends the current integration, where FortiSandbox is able to use FortiNDR as a pre‑scan stage.

    Muting enhancements

    • You can now combine ML‑based discovery, traditional detections, and observation types within a single rule.

    • Multiple ML features can now be added as a single combined rule.

    • FortiNDR muting now applies to both historical traffic and new detections entering the network.

    GUI and navigation improvements

    • Replaced the term Anomaly with Detection and Observation, in Network Insights, Log & Report and throughout FortiNDR.

    • Device Name has been replaced with IP Tag and MAC Tag. These tags are configurable and can be used in scenarios where a firewall with many IP addresses sits behind a single MAC address.

    • Introduced a new sliding‑pane navigation method for accessing Profile Pages, making it easier for users to reach a device’s profile page.

    • A demo indicator has been added to the top‑right banner to show when demo mode is active.

    • Users are required to enter their current password when changing to a new one.

    CLI

    For detailed information about CLI commands, please refer to the FortiNDR CLI Reference.

    New CLI:

    • config system fortisandbox: Use this command to configure FortiSandbox settings. FortiNDR can send suspicious malware files to FortiSandbox and receive verdicts to validate whether they are false positives. For more informaiton, see FortiSandbox in the FortiNDR Administration Guide.

    • execute db sample_process_summary: Use this command to get the processing status of FortiNDR within a specific time period.

    • execute factoryreset-shutdown: Use this command to reset FortiNDR to its factory default settings for the current installed firmware version and shut down.

    • execute factoryreset-shutdown config: Use this command to reset FortiNDR to its factory default configurations for the current installed firmware version.

    • execute expandspooldisk: Use this command to expand /var/spool and `/var/log` disks on VM without losing pre-existing data.

    • execute cleanup pcap: Use this command to clean up PCAP related information in database and files in disk.

    • execute db migrate: Use this command to migrate or cleanup legacy table data (max of 7 days data at a time) when you upgrade FortiNDR to 7.6.4GA.

    Updated CLI:
    • config system interface: Added set type {aggregate} and set redundant-member <member-interface_name>.

    • config system global: Added set remoteauthtimeout <seconds> to set the global timeout (in seconds) for remote authentication transactions.

    • execute tac report: Updated pre-defined CLI commands
    Previous
    Next