Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiSIEM 7.1.5 Release Notes
    7.1.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.5
    5.2.1
    5.1.2
    5.1.1
    5.1.0
    5.0.1
    4.10.0
    4.9.0

    What's New in 7.1.5

    What's New in 7.1.5

    This document describes the content on the FortiSIEM 7.1.5 release.

    Key Enhancements

    Rocky Linux Update

    This release includes published Rocky Linux OS 8.9 updates until April 9, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until April 9, 2024. FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

    PostGreSQL Update

    FortiSIEM 7.1.5 includes PostGreSQL v13.14 containing the patch for CVE-2024-0985.

    • If you are doing a fresh install of FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

    • If you are upgrading to FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

    • If you want to remain on an earlier version of FortiSIEM, then you can't get this patch by running yum upgrade, since Postgres changed the repo gpg key as per this change
      (https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/). To get this Postgres patch, on the Supervisor, run the following script:

    curl -s https://os-pkgs-cdn.fortisiem.fortinet.com/postgres/misc/switch-pgdg-repo-and-upgrade-to-pg13.14.sh | bash -xe

    Bug Fixes

    This release contains the following fixes.

    Bug Id

    Severity

    Module

    Description

    1013839

    Major

    App Server

    Elasticsearch based deployments - The Trend Histogram in Search results is not granular.

    1012448

    Major

    Event Pulling Agents

    GCP event pulling sometimes gets duplicate events.

    1010197

    Major

    Report

    PDF export containing multibyte characters will not display correctly.

    1013071

    Minor

    App Server

    During Incident HTTP Notification, special characters (e.g. &, >, < etc.) in Incident attributes are not escaped, resulting in invalid XML when incident attribute values contains such special characters.

    1012404

    Minor

    App Server

    Org level admin cannot create exceptions to system rules.

    1009809

    Minor

    Collector

    ClickHouse Server incorrectly installed on FortiSIEM Collectors.

    1016072

    Minor

    Discovery

    Discovering a collector via SNMPv3 in its own Org doesn't update CMDB and performance jobs.

    986119

    Minor

    Event Packager

    phEventPackager module on Collector restarts crashes if it can't communicate with Worker (after retries).

    1015740

    Minor

    Event Pulling Agents

    FortiEMS Vuln Scan API called too frequently, creating high EPS for large environments.

    1010975

    Minor

    Event Pulling Agents

    When AWS S3 SQS File name contains special characters, then FortiSIEM may fail to get logs from that file.

    1013844

    Minor

    GUI

    Elasticsearch based deployments - When a user hovers over a single trend bar in the UI display Search results, the displayed trend interval is not correct.

    1014757

    Minor

    Parser

    phParser module does not properly handle a JSON field when it is an array.

    1009300

    Minor

    Parser

    User, target user and target user group not parsed for certain Windows XML formatted logs from FortiSIEM Windows Agent 7.1.5 and above.

    1005694

    Enhancement

    App Server

    App Server handling of updating Collector and Worker health need to be optimized.

    Post-Upgrade ClickHouse IP Index Rebuilding

    If you are upgrading ClickHouse based deployment from pre-7.1.1 to 7.1.5, then after upgrading to 7.1.5, you need to run a script to rebuild ClickHouse indices. If you are running 7.1.2, 7.1.3 or 7.1.4, and have already executed the rebuilding steps, then nothing more needs to be done.

    For details about this issue, see Release Notes 7.1.3 Known Issue.

    The rebuilding steps are available in Release Notes 7.1.4 - Script for Rebuilding/Recreating pre-7.1.1 ClickHouse Database Indices Involving IP Fields.

    Previous
    Next

    What's New in 7.1.5

    What's New in 7.1.5

    This document describes the content on the FortiSIEM 7.1.5 release.

    Key Enhancements

    Rocky Linux Update

    This release includes published Rocky Linux OS 8.9 updates until April 9, 2024. The list of updates can be found at https://errata.rockylinux.org/. FortiSIEM Rocky Linux Repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs-r8.fortisiem.fortinet.com) have also been updated to include fixes until April 9, 2024. FortiSIEM customers in versions 6.4.1 and above, can upgrade only their Rocky Linux versions by following the procedures described in FortiSIEM OS Update Procedure.

    PostGreSQL Update

    FortiSIEM 7.1.5 includes PostGreSQL v13.14 containing the patch for CVE-2024-0985.

    • If you are doing a fresh install of FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

    • If you are upgrading to FortiSIEM 7.1.5, then the patch is included and there is nothing to do.

    • If you want to remain on an earlier version of FortiSIEM, then you can't get this patch by running yum upgrade, since Postgres changed the repo gpg key as per this change
      (https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/). To get this Postgres patch, on the Supervisor, run the following script:

    curl -s https://os-pkgs-cdn.fortisiem.fortinet.com/postgres/misc/switch-pgdg-repo-and-upgrade-to-pg13.14.sh | bash -xe

    Bug Fixes

    This release contains the following fixes.

    Bug Id

    Severity

    Module

    Description

    1013839

    Major

    App Server

    Elasticsearch based deployments - The Trend Histogram in Search results is not granular.

    1012448

    Major

    Event Pulling Agents

    GCP event pulling sometimes gets duplicate events.

    1010197

    Major

    Report

    PDF export containing multibyte characters will not display correctly.

    1013071

    Minor

    App Server

    During Incident HTTP Notification, special characters (e.g. &, >, < etc.) in Incident attributes are not escaped, resulting in invalid XML when incident attribute values contains such special characters.

    1012404

    Minor

    App Server

    Org level admin cannot create exceptions to system rules.

    1009809

    Minor

    Collector

    ClickHouse Server incorrectly installed on FortiSIEM Collectors.

    1016072

    Minor

    Discovery

    Discovering a collector via SNMPv3 in its own Org doesn't update CMDB and performance jobs.

    986119

    Minor

    Event Packager

    phEventPackager module on Collector restarts crashes if it can't communicate with Worker (after retries).

    1015740

    Minor

    Event Pulling Agents

    FortiEMS Vuln Scan API called too frequently, creating high EPS for large environments.

    1010975

    Minor

    Event Pulling Agents

    When AWS S3 SQS File name contains special characters, then FortiSIEM may fail to get logs from that file.

    1013844

    Minor

    GUI

    Elasticsearch based deployments - When a user hovers over a single trend bar in the UI display Search results, the displayed trend interval is not correct.

    1014757

    Minor

    Parser

    phParser module does not properly handle a JSON field when it is an array.

    1009300

    Minor

    Parser

    User, target user and target user group not parsed for certain Windows XML formatted logs from FortiSIEM Windows Agent 7.1.5 and above.

    1005694

    Enhancement

    App Server

    App Server handling of updating Collector and Worker health need to be optimized.

    Post-Upgrade ClickHouse IP Index Rebuilding

    If you are upgrading ClickHouse based deployment from pre-7.1.1 to 7.1.5, then after upgrading to 7.1.5, you need to run a script to rebuild ClickHouse indices. If you are running 7.1.2, 7.1.3 or 7.1.4, and have already executed the rebuilding steps, then nothing more needs to be done.

    For details about this issue, see Release Notes 7.1.3 Known Issue.

    The rebuilding steps are available in Release Notes 7.1.4 - Script for Rebuilding/Recreating pre-7.1.1 ClickHouse Database Indices Involving IP Fields.

    Previous
    Next