Fortinet white logo
Fortinet white logo

What's New in 7.1.5

What's New in 7.1.5

This document describes the content on the FortiSIEM 7.1.5 release.

Key Enhancements

Rocky Linux Update

This release includes published Rocky Linux OS 8.9 updates until April 9, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until April 9, 2024. FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

PostGreSQL Update

FortiSIEM 7.1.5 includes PostGreSQL v13.14 containing the patch for CVE-2024-0985.

  • If you are doing a fresh install of FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

  • If you are upgrading to FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

  • If you want to remain on an earlier version of FortiSIEM, then you can't get this patch by running yum upgrade, since Postgres changed the repo gpg key as per this change
    (https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/). To get this Postgres patch, on the Supervisor, run the following script:

curl -s https://os-pkgs-cdn.fortisiem.fortinet.com/postgres/misc/switch-pgdg-repo-and-upgrade-to-pg13.14.sh | bash -xe

Bug Fixes

This release contains the following fixes.

Bug Id

Severity

Module

Description

1013839

Major

App Server

Elasticsearch based deployments - The Trend Histogram in Search results is not granular.

1012448

Major

Event Pulling Agents

GCP event pulling sometimes gets duplicate events.

1010197

Major

Report

PDF export containing multibyte characters will not display correctly.

1013071

Minor

App Server

During Incident HTTP Notification, special characters (e.g. &, >, < etc.) in Incident attributes are not escaped, resulting in invalid XML when incident attribute values contains such special characters.

1012404

Minor

App Server

Org level admin cannot create exceptions to system rules.

1009809

Minor

Collector

ClickHouse Server incorrectly installed on FortiSIEM Collectors.

1016072

Minor

Discovery

Discovering a collector via SNMPv3 in its own Org doesn't update CMDB and performance jobs.

986119

Minor

Event Packager

phEventPackager module on Collector restarts crashes if it can't communicate with Worker (after retries).

1015740

Minor

Event Pulling Agents

FortiEMS Vuln Scan API called too frequently, creating high EPS for large environments.

1010975

Minor

Event Pulling Agents

When AWS S3 SQS File name contains special characters, then FortiSIEM may fail to get logs from that file.

1013844

Minor

GUI

Elasticsearch based deployments - When a user hovers over a single trend bar in the UI display Search results, the displayed trend interval is not correct.

1014757

Minor

Parser

phParser module does not properly handle a JSON field when it is an array.

1009300

Minor

Parser

User, target user and target user group not parsed for certain Windows XML formatted logs from FortiSIEM Windows Agent 7.1.5 and above.

1005694

Enhancement

App Server

App Server handling of updating Collector and Worker health need to be optimized.

Post-Upgrade ClickHouse IP Index Rebuilding

If you are upgrading ClickHouse based deployment from pre-7.1.1 to 7.1.5, then after upgrading to 7.1.5, you need to run a script to rebuild ClickHouse indices. If you are running 7.1.2, 7.1.3 or 7.1.4, and have already executed the rebuilding steps, then nothing more needs to be done.

For details about this issue, see Release Notes 7.1.3 Known Issue.

The rebuilding steps are available in Release Notes 7.1.4 - Script for Rebuilding/Recreating pre-7.1.1 ClickHouse Database Indices Involving IP Fields.

What's New in 7.1.5

What's New in 7.1.5

This document describes the content on the FortiSIEM 7.1.5 release.

Key Enhancements

Rocky Linux Update

This release includes published Rocky Linux OS 8.9 updates until April 9, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until April 9, 2024. FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

PostGreSQL Update

FortiSIEM 7.1.5 includes PostGreSQL v13.14 containing the patch for CVE-2024-0985.

  • If you are doing a fresh install of FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

  • If you are upgrading to FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

  • If you want to remain on an earlier version of FortiSIEM, then you can't get this patch by running yum upgrade, since Postgres changed the repo gpg key as per this change
    (https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/). To get this Postgres patch, on the Supervisor, run the following script:

curl -s https://os-pkgs-cdn.fortisiem.fortinet.com/postgres/misc/switch-pgdg-repo-and-upgrade-to-pg13.14.sh | bash -xe

Bug Fixes

This release contains the following fixes.

Bug Id

Severity

Module

Description

1013839

Major

App Server

Elasticsearch based deployments - The Trend Histogram in Search results is not granular.

1012448

Major

Event Pulling Agents

GCP event pulling sometimes gets duplicate events.

1010197

Major

Report

PDF export containing multibyte characters will not display correctly.

1013071

Minor

App Server

During Incident HTTP Notification, special characters (e.g. &, >, < etc.) in Incident attributes are not escaped, resulting in invalid XML when incident attribute values contains such special characters.

1012404

Minor

App Server

Org level admin cannot create exceptions to system rules.

1009809

Minor

Collector

ClickHouse Server incorrectly installed on FortiSIEM Collectors.

1016072

Minor

Discovery

Discovering a collector via SNMPv3 in its own Org doesn't update CMDB and performance jobs.

986119

Minor

Event Packager

phEventPackager module on Collector restarts crashes if it can't communicate with Worker (after retries).

1015740

Minor

Event Pulling Agents

FortiEMS Vuln Scan API called too frequently, creating high EPS for large environments.

1010975

Minor

Event Pulling Agents

When AWS S3 SQS File name contains special characters, then FortiSIEM may fail to get logs from that file.

1013844

Minor

GUI

Elasticsearch based deployments - When a user hovers over a single trend bar in the UI display Search results, the displayed trend interval is not correct.

1014757

Minor

Parser

phParser module does not properly handle a JSON field when it is an array.

1009300

Minor

Parser

User, target user and target user group not parsed for certain Windows XML formatted logs from FortiSIEM Windows Agent 7.1.5 and above.

1005694

Enhancement

App Server

App Server handling of updating Collector and Worker health need to be optimized.

Post-Upgrade ClickHouse IP Index Rebuilding

If you are upgrading ClickHouse based deployment from pre-7.1.1 to 7.1.5, then after upgrading to 7.1.5, you need to run a script to rebuild ClickHouse indices. If you are running 7.1.2, 7.1.3 or 7.1.4, and have already executed the rebuilding steps, then nothing more needs to be done.

For details about this issue, see Release Notes 7.1.3 Known Issue.

The rebuilding steps are available in Release Notes 7.1.4 - Script for Rebuilding/Recreating pre-7.1.1 ClickHouse Database Indices Involving IP Fields.