Fortinet black logo

Release Notes

Home FortiSIEM 6.5.1 Release Notes

What's New in 6.5.1

6.5.1
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0
6.6.5
6.6.4
6.6.3
6.6.2
6.6.1
6.6.0
6.5.3
6.5.2
6.5.1
6.5.0
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.3.0
6.2.1
6.2.0
6.1.2
6.1.1
6.1.0
5.4.0
5.3.3
5.3.2
5.3.1
5.3.0
5.2.8
5.2.7
5.2.6
5.2.5
5.2.5
5.2.1
5.1.2
5.1.1
5.1.0
5.0.1
4.10.0
4.9.0
Copy Link
Copy Doc ID 39fdc735-2238-11ed-9eba-fa163e15d75b:822785
Download PDF

What's New in 6.5.1

This document describes the additions for the FortiSIEM 6.5.1 release.

Rocky Linux 8.6 OS Updates

This release contains OS updates published until Sept 1, 2022. See the list below for the patches included by Red Hat and picked up by Rocky Linux.

https://access.redhat.com/errata-search/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&portal_product=Red%20Hat%20Enterprise%20Linux&portal_product_version=8.6

Bug Fixes and Minor Enhancements

Bug ID

Severity

Module

Description

835978

Major

App Server

After the 6.5.0 upgrade, custom rules defined for specific Orgs need to be re-enabled for them to trigger.

831456

Major

App Server

When there is a very large number of Malware IOCs (~2 Million), then upgrade may fail due to Java out of memory. App Server restart may also fail for the same reason.

824607

Major

App Server

Incidents may not show after 6.5.0 upgrade, when there are Low severity Incidents.

821804

Major

App Server

AppSvr restart may show heap errors and it is not fixed by re-deploying.

838600

Minor

App Server

Device name change does not take effect on collectors, other than the one that discovers and monitors the device.

830438

Minor

App Server

Incidents may trigger from 'System Collector Event Delayed' rule despite events being received.

825752

Minor

App Server

Malware Domain update does not work with AlienVault.

821197

Minor

App Server

Retention policy table still contains references from a deleted Organization after an organization is deleted.

816492

Minor

App Server

Opensaml library conflict causes OKTA authentication portal failed login.

815030

Minor

App Server

Update Glassfish CA Certificate store with Java CA cert store.

825764

Minor

App Server, Query

For a large event archive database in NFS, query on one Org may result in timeout because all Org directories are scanned.

835339

Minor

App Server, Rule Engine

Security Incidents triggering from custom rules may be cleared by system.

729023

Minor

App Server, ClickHouse

SQLite header and source version mismatch causes upgrade failure.

837950

Minor

ClickHouse

If supervisor IP changes after ClickHouse has been configured, IP updates to ClickHouse does not occur.

821110

Minor

Event Pulling Agents

CrowdStrike Falcon Data Replicator is unable to ingest logs due to unzipping incomplete package.

818548

Minor

Event Pulling Agents

AWS Kinesis log collection may fail due to sync shards and leases on connection.

817081

Minor

Event Pulling Agents

AWS Kinesis Event pull may fail caused by small buffer size.

829644

Minor

GUI

Admin > Health > Collector Health page hangs when sorting by organization.

826450

Minor

GUI

Unable to validate or save a cloned system parser that contains '&' character.

825383

Minor

GUI

Unable to export configurations of FortiGate device from CMDB.

825068

Minor

GUI

In HTTP(S) notification, protocol https is incorrectly parsed as https: which causes request to default to http.

814430

Minor

GUI-Admin

The username field at user creation does not allow dot character.

819517

Minor

H5_Admin

Searching for specific collector returns multiple pages of results.

822029

Minor

Parser

Reduce the scope of logon and logoff events to UEBA AI engine to reduce pressure on AI engine.

827264

Minor

Query Engine

Query using IN operator doesn't return proper results when name contains '-'.

833618

Minor

System

Missing dos2unix package causes config discoveries to fail in some devices (h3c).

833411

Minor

System

On hardware appliances, "execute shutdown" command may sometime fail when run repeatedly.

825072

Minor

System

Cloud Health > Calculation of Disk I/O Read and Write Wait times are wrong.

823098

Enhancement

Data

Checkpoint device is discovered as Linux since Checkpoint sysObjectID are not built in. Workaround is to define them from GUI.

Known Issues

Currently, Policy based retention for EventDB does not cover two event categories: (a) System events with phCustId = 0, e.g. a FortiSIEM External Integration Error, FortiSIEM process crash etc., and (b) Super/Global customer audit events with phCustId = 3, e.g. audit log generated from a Super/Global user running an adhoc query. These events are purged when disk usage reaches high watermark.

Previous
Next

What's New in 6.5.1

This document describes the additions for the FortiSIEM 6.5.1 release.

Rocky Linux 8.6 OS Updates

This release contains OS updates published until Sept 1, 2022. See the list below for the patches included by Red Hat and picked up by Rocky Linux.

https://access.redhat.com/errata-search/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&portal_product=Red%20Hat%20Enterprise%20Linux&portal_product_version=8.6

Bug Fixes and Minor Enhancements

Bug ID

Severity

Module

Description

835978

Major

App Server

After the 6.5.0 upgrade, custom rules defined for specific Orgs need to be re-enabled for them to trigger.

831456

Major

App Server

When there is a very large number of Malware IOCs (~2 Million), then upgrade may fail due to Java out of memory. App Server restart may also fail for the same reason.

824607

Major

App Server

Incidents may not show after 6.5.0 upgrade, when there are Low severity Incidents.

821804

Major

App Server

AppSvr restart may show heap errors and it is not fixed by re-deploying.

838600

Minor

App Server

Device name change does not take effect on collectors, other than the one that discovers and monitors the device.

830438

Minor

App Server

Incidents may trigger from 'System Collector Event Delayed' rule despite events being received.

825752

Minor

App Server

Malware Domain update does not work with AlienVault.

821197

Minor

App Server

Retention policy table still contains references from a deleted Organization after an organization is deleted.

816492

Minor

App Server

Opensaml library conflict causes OKTA authentication portal failed login.

815030

Minor

App Server

Update Glassfish CA Certificate store with Java CA cert store.

825764

Minor

App Server, Query

For a large event archive database in NFS, query on one Org may result in timeout because all Org directories are scanned.

835339

Minor

App Server, Rule Engine

Security Incidents triggering from custom rules may be cleared by system.

729023

Minor

App Server, ClickHouse

SQLite header and source version mismatch causes upgrade failure.

837950

Minor

ClickHouse

If supervisor IP changes after ClickHouse has been configured, IP updates to ClickHouse does not occur.

821110

Minor

Event Pulling Agents

CrowdStrike Falcon Data Replicator is unable to ingest logs due to unzipping incomplete package.

818548

Minor

Event Pulling Agents

AWS Kinesis log collection may fail due to sync shards and leases on connection.

817081

Minor

Event Pulling Agents

AWS Kinesis Event pull may fail caused by small buffer size.

829644

Minor

GUI

Admin > Health > Collector Health page hangs when sorting by organization.

826450

Minor

GUI

Unable to validate or save a cloned system parser that contains '&' character.

825383

Minor

GUI

Unable to export configurations of FortiGate device from CMDB.

825068

Minor

GUI

In HTTP(S) notification, protocol https is incorrectly parsed as https: which causes request to default to http.

814430

Minor

GUI-Admin

The username field at user creation does not allow dot character.

819517

Minor

H5_Admin

Searching for specific collector returns multiple pages of results.

822029

Minor

Parser

Reduce the scope of logon and logoff events to UEBA AI engine to reduce pressure on AI engine.

827264

Minor

Query Engine

Query using IN operator doesn't return proper results when name contains '-'.

833618

Minor

System

Missing dos2unix package causes config discoveries to fail in some devices (h3c).

833411

Minor

System

On hardware appliances, "execute shutdown" command may sometime fail when run repeatedly.

825072

Minor

System

Cloud Health > Calculation of Disk I/O Read and Write Wait times are wrong.

823098

Enhancement

Data

Checkpoint device is discovered as Linux since Checkpoint sysObjectID are not built in. Workaround is to define them from GUI.

Known Issues

Currently, Policy based retention for EventDB does not cover two event categories: (a) System events with phCustId = 0, e.g. a FortiSIEM External Integration Error, FortiSIEM process crash etc., and (b) Super/Global customer audit events with phCustId = 3, e.g. audit log generated from a Super/Global user running an adhoc query. These events are purged when disk usage reaches high watermark.

Previous
Next