Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiSIEM 6.5.1 Release Notes
    6.5.1
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.5
    5.2.1
    5.1.2
    5.1.1
    5.1.0
    5.0.1
    4.10.0
    4.9.0

    What's New in 6.5.1

    What's New in 6.5.1

    This document describes the additions for the FortiSIEM 6.5.1 release.

    Rocky Linux 8.6 OS Updates

    This release contains OS updates published until Sept 1, 2022. See the list below for the patches included by Red Hat and picked up by Rocky Linux.

    https://access.redhat.com/errata-search/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&portal_product=Red%20Hat%20Enterprise%20Linux&portal_product_version=8.6

    Bug Fixes and Minor Enhancements

    Bug ID

    Severity

    Module

    Description

    835978

    Major

    App Server

    After the 6.5.0 upgrade, custom rules defined for specific Orgs need to be re-enabled for them to trigger.

    831456

    Major

    App Server

    When there is a very large number of Malware IOCs (~2 Million), then upgrade may fail due to Java out of memory. App Server restart may also fail for the same reason.

    824607

    Major

    App Server

    Incidents may not show after 6.5.0 upgrade, when there are Low severity Incidents.

    821804

    Major

    App Server

    AppSvr restart may show heap errors and it is not fixed by re-deploying.

    838600

    Minor

    App Server

    Device name change does not take effect on collectors, other than the one that discovers and monitors the device.

    830438

    Minor

    App Server

    Incidents may trigger from 'System Collector Event Delayed' rule despite events being received.

    825752

    Minor

    App Server

    Malware Domain update does not work with AlienVault.

    821197

    Minor

    App Server

    Retention policy table still contains references from a deleted Organization after an organization is deleted.

    816492

    Minor

    App Server

    Opensaml library conflict causes OKTA authentication portal failed login.

    815030

    Minor

    App Server

    Update Glassfish CA Certificate store with Java CA cert store.

    825764

    Minor

    App Server, Query

    For a large event archive database in NFS, query on one Org may result in timeout because all Org directories are scanned.

    835339

    Minor

    App Server, Rule Engine

    Security Incidents triggering from custom rules may be cleared by system.

    729023

    Minor

    App Server, ClickHouse

    SQLite header and source version mismatch causes upgrade failure.

    837950

    Minor

    ClickHouse

    If supervisor IP changes after ClickHouse has been configured, IP updates to ClickHouse does not occur.

    821110

    Minor

    Event Pulling Agents

    CrowdStrike Falcon Data Replicator is unable to ingest logs due to unzipping incomplete package.

    818548

    Minor

    Event Pulling Agents

    AWS Kinesis log collection may fail due to sync shards and leases on connection.

    817081

    Minor

    Event Pulling Agents

    AWS Kinesis Event pull may fail caused by small buffer size.

    829644

    Minor

    GUI

    Admin > Health > Collector Health page hangs when sorting by organization.

    826450

    Minor

    GUI

    Unable to validate or save a cloned system parser that contains '&' character.

    825383

    Minor

    GUI

    Unable to export configurations of FortiGate device from CMDB.

    825068

    Minor

    GUI

    In HTTP(S) notification, protocol https is incorrectly parsed as https: which causes request to default to http.

    814430

    Minor

    GUI-Admin

    The username field at user creation does not allow dot character.

    819517

    Minor

    H5_Admin

    Searching for specific collector returns multiple pages of results.

    822029

    Minor

    Parser

    Reduce the scope of logon and logoff events to UEBA AI engine to reduce pressure on AI engine.

    827264

    Minor

    Query Engine

    Query using IN operator doesn't return proper results when name contains '-'.

    833618

    Minor

    System

    Missing dos2unix package causes config discoveries to fail in some devices (h3c).

    833411

    Minor

    System

    On hardware appliances, "execute shutdown" command may sometime fail when run repeatedly.

    825072

    Minor

    System

    Cloud Health > Calculation of Disk I/O Read and Write Wait times are wrong.

    823098

    Enhancement

    Data

    Checkpoint device is discovered as Linux since Checkpoint sysObjectID are not built in. Workaround is to define them from GUI.

    Known Issues

    Currently, Policy based retention for EventDB does not cover two event categories: (a) System events with phCustId = 0, e.g. a FortiSIEM External Integration Error, FortiSIEM process crash etc., and (b) Super/Global customer audit events with phCustId = 3, e.g. audit log generated from a Super/Global user running an adhoc query. These events are purged when disk usage reaches high watermark.

    Previous
    Next

    What's New in 6.5.1

    What's New in 6.5.1

    This document describes the additions for the FortiSIEM 6.5.1 release.

    Rocky Linux 8.6 OS Updates

    This release contains OS updates published until Sept 1, 2022. See the list below for the patches included by Red Hat and picked up by Rocky Linux.

    https://access.redhat.com/errata-search/#/?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&portal_product=Red%20Hat%20Enterprise%20Linux&portal_product_version=8.6

    Bug Fixes and Minor Enhancements

    Bug ID

    Severity

    Module

    Description

    835978

    Major

    App Server

    After the 6.5.0 upgrade, custom rules defined for specific Orgs need to be re-enabled for them to trigger.

    831456

    Major

    App Server

    When there is a very large number of Malware IOCs (~2 Million), then upgrade may fail due to Java out of memory. App Server restart may also fail for the same reason.

    824607

    Major

    App Server

    Incidents may not show after 6.5.0 upgrade, when there are Low severity Incidents.

    821804

    Major

    App Server

    AppSvr restart may show heap errors and it is not fixed by re-deploying.

    838600

    Minor

    App Server

    Device name change does not take effect on collectors, other than the one that discovers and monitors the device.

    830438

    Minor

    App Server

    Incidents may trigger from 'System Collector Event Delayed' rule despite events being received.

    825752

    Minor

    App Server

    Malware Domain update does not work with AlienVault.

    821197

    Minor

    App Server

    Retention policy table still contains references from a deleted Organization after an organization is deleted.

    816492

    Minor

    App Server

    Opensaml library conflict causes OKTA authentication portal failed login.

    815030

    Minor

    App Server

    Update Glassfish CA Certificate store with Java CA cert store.

    825764

    Minor

    App Server, Query

    For a large event archive database in NFS, query on one Org may result in timeout because all Org directories are scanned.

    835339

    Minor

    App Server, Rule Engine

    Security Incidents triggering from custom rules may be cleared by system.

    729023

    Minor

    App Server, ClickHouse

    SQLite header and source version mismatch causes upgrade failure.

    837950

    Minor

    ClickHouse

    If supervisor IP changes after ClickHouse has been configured, IP updates to ClickHouse does not occur.

    821110

    Minor

    Event Pulling Agents

    CrowdStrike Falcon Data Replicator is unable to ingest logs due to unzipping incomplete package.

    818548

    Minor

    Event Pulling Agents

    AWS Kinesis log collection may fail due to sync shards and leases on connection.

    817081

    Minor

    Event Pulling Agents

    AWS Kinesis Event pull may fail caused by small buffer size.

    829644

    Minor

    GUI

    Admin > Health > Collector Health page hangs when sorting by organization.

    826450

    Minor

    GUI

    Unable to validate or save a cloned system parser that contains '&' character.

    825383

    Minor

    GUI

    Unable to export configurations of FortiGate device from CMDB.

    825068

    Minor

    GUI

    In HTTP(S) notification, protocol https is incorrectly parsed as https: which causes request to default to http.

    814430

    Minor

    GUI-Admin

    The username field at user creation does not allow dot character.

    819517

    Minor

    H5_Admin

    Searching for specific collector returns multiple pages of results.

    822029

    Minor

    Parser

    Reduce the scope of logon and logoff events to UEBA AI engine to reduce pressure on AI engine.

    827264

    Minor

    Query Engine

    Query using IN operator doesn't return proper results when name contains '-'.

    833618

    Minor

    System

    Missing dos2unix package causes config discoveries to fail in some devices (h3c).

    833411

    Minor

    System

    On hardware appliances, "execute shutdown" command may sometime fail when run repeatedly.

    825072

    Minor

    System

    Cloud Health > Calculation of Disk I/O Read and Write Wait times are wrong.

    823098

    Enhancement

    Data

    Checkpoint device is discovered as Linux since Checkpoint sysObjectID are not built in. Workaround is to define them from GUI.

    Known Issues

    Currently, Policy based retention for EventDB does not cover two event categories: (a) System events with phCustId = 0, e.g. a FortiSIEM External Integration Error, FortiSIEM process crash etc., and (b) Super/Global customer audit events with phCustId = 3, e.g. audit log generated from a Super/Global user running an adhoc query. These events are purged when disk usage reaches high watermark.

    Previous
    Next