Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiSIEM 7.0.3 Release Notes
    7.0.3
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.5
    5.2.1
    5.1.2
    5.1.1
    5.1.0
    5.0.1
    4.10.0
    4.9.0

    What's New in 7.0.3

    What's New in 7.0.3

    This release fixes an important security issue described in Fortinet PSIRT Advisory FG-IR-23-130 impacting Supervisor and Worker nodes.

    This release includes published Rocky Linux OS updates until January 16, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until January 16, 2024. Therefore, FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

    This release also includes the following bug fixes and enhancements.

    Bug ID

    Severity

    Module

    Description

    914974

    Major

    App Server

    User created Security Incidents auto clear after 24 hours.

    991851

    Major

    Performance Monitoring

    phPerfMonitor module crashes when both STM and perf monitoring are defined.

    993070

    Minor

    App Server

    FortiGuard IOC download may fail because of inability to update malware update history.

    992940

    Minor

    App Server

    Incident Resolution Recommendation Engine is learning from its own actions, instead of only learning from user actions.

    937174

    Minor

    App Server

    During Upgrade and Content Update, GUI shows many Collector status as 'inwaiting'.

    927843

    Minor

    App Server

    Discovering a Windows machine both via FortiSIEM Agent and Fortinet EMS/FGT integration results in duplicate CMDB entries.

    968983

    Minor

    Content Update

    Content update fails if there are dashboard widgets in the content update package.

    974448

    Minor

    Disaster Recovery

    phMonitor may time out if DR configuration takes more than 1 hour.

    970075

    Minor

    Discovery

    GitLab discovery failure: Need to use host name as IP does not work during SSL handshake.

    958820

    Minor

    Event Pulling Agents

    Agent Manager has high memory usage when reading large files for Generic AWS S3 integration.

    971557

    Minor

    GUI

    NullPointerException in the POST SAML response after modifying the idle timeout for Azure user.

    966730

    Minor

    GUI

    Name field from External Authentication shouldn't allow 'space' when the protocol is SAML.

    966728

    Minor

    GUI

    SAML Organization field for SAML Role configuration doesn't accept space and umlaut characters.

    955478

    Minor

    Linux Agent

    Linux Agent is auditing its own processes and system calls - this may result in a very high number of useless events.

    963550

    Minor

    Parser

    Collector may stop writing event to buffer after 2 hours if Collectors are unable to offload.

    961619

    Minor

    System

    Incorrect /etc/hosts configuration during Worker addition may result in larger than normal DNS traffic.

    958991

    Minor

    System

    The factoryreset procedure on hardware appliances may cause all directories under /opt installed from the FSM rpm to be owned by root.

    965077

    Enhancement

    App Server

    Handle AlienVault new native STIX/TAXII 2.1 API.

    967927

    Enhancement

    ClickHouse Backend

    Use ZSTD for ClickHouse compression.

    958363

    Enhancement

    Event Pulling Agents

    Proofpoint integration misses some events due to Proofpoint API internal JSON structure changes.
    Previous
    Next

    What's New in 7.0.3

    What's New in 7.0.3

    This release fixes an important security issue described in Fortinet PSIRT Advisory FG-IR-23-130 impacting Supervisor and Worker nodes.

    This release includes published Rocky Linux OS updates until January 16, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until January 16, 2024. Therefore, FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

    This release also includes the following bug fixes and enhancements.

    Bug ID

    Severity

    Module

    Description

    914974

    Major

    App Server

    User created Security Incidents auto clear after 24 hours.

    991851

    Major

    Performance Monitoring

    phPerfMonitor module crashes when both STM and perf monitoring are defined.

    993070

    Minor

    App Server

    FortiGuard IOC download may fail because of inability to update malware update history.

    992940

    Minor

    App Server

    Incident Resolution Recommendation Engine is learning from its own actions, instead of only learning from user actions.

    937174

    Minor

    App Server

    During Upgrade and Content Update, GUI shows many Collector status as 'inwaiting'.

    927843

    Minor

    App Server

    Discovering a Windows machine both via FortiSIEM Agent and Fortinet EMS/FGT integration results in duplicate CMDB entries.

    968983

    Minor

    Content Update

    Content update fails if there are dashboard widgets in the content update package.

    974448

    Minor

    Disaster Recovery

    phMonitor may time out if DR configuration takes more than 1 hour.

    970075

    Minor

    Discovery

    GitLab discovery failure: Need to use host name as IP does not work during SSL handshake.

    958820

    Minor

    Event Pulling Agents

    Agent Manager has high memory usage when reading large files for Generic AWS S3 integration.

    971557

    Minor

    GUI

    NullPointerException in the POST SAML response after modifying the idle timeout for Azure user.

    966730

    Minor

    GUI

    Name field from External Authentication shouldn't allow 'space' when the protocol is SAML.

    966728

    Minor

    GUI

    SAML Organization field for SAML Role configuration doesn't accept space and umlaut characters.

    955478

    Minor

    Linux Agent

    Linux Agent is auditing its own processes and system calls - this may result in a very high number of useless events.

    963550

    Minor

    Parser

    Collector may stop writing event to buffer after 2 hours if Collectors are unable to offload.

    961619

    Minor

    System

    Incorrect /etc/hosts configuration during Worker addition may result in larger than normal DNS traffic.

    958991

    Minor

    System

    The factoryreset procedure on hardware appliances may cause all directories under /opt installed from the FSM rpm to be owned by root.

    965077

    Enhancement

    App Server

    Handle AlienVault new native STIX/TAXII 2.1 API.

    967927

    Enhancement

    ClickHouse Backend

    Use ZSTD for ClickHouse compression.

    958363

    Enhancement

    Event Pulling Agents

    Proofpoint integration misses some events due to Proofpoint API internal JSON structure changes.
    Previous
    Next