Supervisor will stop uploading incidents to FortiSIEM Manager if there are too many incidents backed up on Supervisor.

For ClickHouse in Disaster Recovery Environment, after switching to Secondary, historical queries may fail.

Fortinet Advisor response shows information from other organizations.

Improve phParser Syslog over TLS server processing to handle more clients.

EventDB deployments: Queries with any group by large field length value (> 4K) fails with 'Search Data Error'.

Improve RuleWorker to reduce event drops during heavy load. Event drops produce PH_DROP_EVENT_FROM_SHARED_BUFFER error events.

Sometimes for Service provider Organizations, disabled rules may trigger incidents after upgrade to 7.1.4.

Sometimes phRuleWorker crashes on workers.

phQueryWorker, phRuleWorker and phReportWorker processes may crash when group by attribute is too long.

Collector may fail to upload config events due to mod_security rules.

Raw Events in email incident notification (via custom template) is truncated when Incident contains Windows Agent events.

Optimize App Server handling of incident detail and lookup-time updates in System config for Elasticsearch deployments.

Windows Agents fail authentication with Supervisor in VDI environment.

Remove Organizations from other CMDB tables (ph_drq_scope) after an Organization is deleted from CMDB. This error can cause disabled rules to get activated if the rule was active in the deleted organization.

Investigation View doesn't load some incidents if there are 2 devices in Incident with the same name.

Improve App Server Task retrieval performance from Redis. This can cause GUI to become slow with large number of collectors.

IPS CVE Check Integration is broken - Cannot get CVE list from FortiGuard Services.

Org level admin cannot create System Rule Exception from Org scope.

After decommissioning an unmanaged device, create a new managed device with same IP and its logs are dropped.

Rule import from XML can bypass the rule name restriction that a rule name can't start with numbers.

CSV Export of Watchlist does not handle comma's inside value (even if double quoted).

phRecvDate cannot be used in GroupByAttr when using rest/query/eventQuery.

Notification policies with Remediation script is configured to run on the collector, but is running on Supervisor.

Attachments are not received in Case email notification.

During Collector Upgrade, DownloadImage task for a particular collector status may stay in Inwaiting stage and may not proceed.

ClickHouse Log Integrity Validation does not work from Supervisor Follower.

ClickHouse Server does not clean up old unused AWS S3 objects occupying storage space.

ClickHouse - Add worker > Test may fail if the disk is already formatted.

Linux agent event can't be uploaded through Docker Collector.

Duplicate 'Incident First Seen' show under CMDB Report Attribute list.

Some Lookup Tables can not be imported in Enterprise version.

Severity of more than 1 selected system rules cannot be changed WITHOUT creating a clone rule.

Incident > 'Run External Integration' Action is missing.

During rule editing, removing an attribute from GroupBy in Filter Conditions (Step 2) does not remove this attribute from Action (Step 3) - this causes rulesync issues.

Incident Explorer View is missing 'Other' Category.

User GUI timeout in background browser tab logs out active foreground tab.

GUI removes spaces between words in 'Destination Organization' and likely other attributes.

After deleting Organizations and creating new one, user sometimes fails to create archive policies for new organizations.

Linux agent on Ubuntu 22.04.3 does not start when using Supervisor FQDN. Using Supervisor IP works.

Linux agent 7.1.0 fails to parse Process names with spaces.

The Gaussian Model and Gaussian Mixture Models algorithms do not handle large data properly because of missing data normalization.

During Testing Rules, parsed event attribute values containing semicolon do not show correctly.

After cloning a JDBC Performance Object, Test may fail.

For ClickHouse, there may be result discrepancy between Search on GUI and CSV Export.

For ClickHouse, it is not possible to do a group by on event attributes with Uint64 values.

Restarting 'phMonitor' would result in the unnecessarily restarting 'ClickHouseServer'.

For phClickHouseCSVExport tool, device ip argument should mean reporting ip.

When collector upgrade fails, phMonitor.pre-upgrade should move back to phMonitor.

FortiMail Parser does not parse logs from FortiCloud FortiMail.

Win-Security-4688 is not parsing CommandLine in new WinOSXmlParser.

Interface Usage Dashboard data cannot be sorted.

Show Organization names in alphabetical order.