Fortinet black logo

Release Notes

Home FortiSIEM 7.0.3 Release Notes
7.0.3
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0
6.6.5
6.6.4
6.6.3
6.6.2
6.6.1
6.6.0
6.5.3
6.5.2
6.5.1
6.5.0
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.3.0
6.2.1
6.2.0
6.1.2
6.1.1
6.1.0
5.4.0
5.3.3
5.3.2
5.3.1
5.3.0
5.2.8
5.2.7
5.2.6
5.2.5
5.2.5
5.2.1
5.1.2
5.1.1
5.1.0
5.0.1
4.10.0
4.9.0

What's New in 7.0.3

What's New in 7.0.3

This release fixes an important security issue described in Fortinet PSIRT Advisory FG-IR-23-130 impacting Supervisor and Worker nodes.

This release includes published Rocky Linux OS updates until January 16, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until January 16, 2024. Therefore, FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

This release also includes the following bug fixes and enhancements.

Bug ID

Severity

Module

Description

914974

Major

App Server

User created Security Incidents auto clear after 24 hours.

991851

Major

Performance Monitoring

phPerfMonitor module crashes when both STM and perf monitoring are defined.

993070

Minor

App Server

FortiGuard IOC download may fail because of inability to update malware update history.

992940

Minor

App Server

Incident Resolution Recommendation Engine is learning from its own actions, instead of only learning from user actions.

937174

Minor

App Server

During Upgrade and Content Update, GUI shows many Collector status as 'inwaiting'.

927843

Minor

App Server

Discovering a Windows machine both via FortiSIEM Agent and Fortinet EMS/FGT integration results in duplicate CMDB entries.

968983

Minor

Content Update

Content update fails if there are dashboard widgets in the content update package.

974448

Minor

Disaster Recovery

phMonitor may time out if DR configuration takes more than 1 hour.

970075

Minor

Discovery

GitLab discovery failure: Need to use host name as IP does not work during SSL handshake.

958820

Minor

Event Pulling Agents

Agent Manager has high memory usage when reading large files for Generic AWS S3 integration.

971557

Minor

GUI

NullPointerException in the POST SAML response after modifying the idle timeout for Azure user.

966730

Minor

GUI

Name field from External Authentication shouldn't allow 'space' when the protocol is SAML.

966728

Minor

GUI

SAML Organization field for SAML Role configuration doesn't accept space and umlaut characters.

955478

Minor

Linux Agent

Linux Agent is auditing its own processes and system calls - this may result in a very high number of useless events.

963550

Minor

Parser

Collector may stop writing event to buffer after 2 hours if Collectors are unable to offload.

961619

Minor

System

Incorrect /etc/hosts configuration during Worker addition may result in larger than normal DNS traffic.

958991

Minor

System

The factoryreset procedure on hardware appliances may cause all directories under /opt installed from the FSM rpm to be owned by root.

965077

Enhancement

App Server

Handle AlienVault new native STIX/TAXII 2.1 API.

967927

Enhancement

ClickHouse Backend

Use ZSTD for ClickHouse compression.

958363

Enhancement

Event Pulling Agents

Proofpoint integration misses some events due to Proofpoint API internal JSON structure changes.
Previous
Next

What's New in 7.0.3

This release fixes an important security issue described in Fortinet PSIRT Advisory FG-IR-23-130 impacting Supervisor and Worker nodes.

This release includes published Rocky Linux OS updates until January 16, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until January 16, 2024. Therefore, FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

This release also includes the following bug fixes and enhancements.

Bug ID

Severity

Module

Description

914974

Major

App Server

User created Security Incidents auto clear after 24 hours.

991851

Major

Performance Monitoring

phPerfMonitor module crashes when both STM and perf monitoring are defined.

993070

Minor

App Server

FortiGuard IOC download may fail because of inability to update malware update history.

992940

Minor

App Server

Incident Resolution Recommendation Engine is learning from its own actions, instead of only learning from user actions.

937174

Minor

App Server

During Upgrade and Content Update, GUI shows many Collector status as 'inwaiting'.

927843

Minor

App Server

Discovering a Windows machine both via FortiSIEM Agent and Fortinet EMS/FGT integration results in duplicate CMDB entries.

968983

Minor

Content Update

Content update fails if there are dashboard widgets in the content update package.

974448

Minor

Disaster Recovery

phMonitor may time out if DR configuration takes more than 1 hour.

970075

Minor

Discovery

GitLab discovery failure: Need to use host name as IP does not work during SSL handshake.

958820

Minor

Event Pulling Agents

Agent Manager has high memory usage when reading large files for Generic AWS S3 integration.

971557

Minor

GUI

NullPointerException in the POST SAML response after modifying the idle timeout for Azure user.

966730

Minor

GUI

Name field from External Authentication shouldn't allow 'space' when the protocol is SAML.

966728

Minor

GUI

SAML Organization field for SAML Role configuration doesn't accept space and umlaut characters.

955478

Minor

Linux Agent

Linux Agent is auditing its own processes and system calls - this may result in a very high number of useless events.

963550

Minor

Parser

Collector may stop writing event to buffer after 2 hours if Collectors are unable to offload.

961619

Minor

System

Incorrect /etc/hosts configuration during Worker addition may result in larger than normal DNS traffic.

958991

Minor

System

The factoryreset procedure on hardware appliances may cause all directories under /opt installed from the FSM rpm to be owned by root.

965077

Enhancement

App Server

Handle AlienVault new native STIX/TAXII 2.1 API.

967927

Enhancement

ClickHouse Backend

Use ZSTD for ClickHouse compression.

958363

Enhancement

Event Pulling Agents

Proofpoint integration misses some events due to Proofpoint API internal JSON structure changes.
Previous
Next