Fortinet black logo

Release Notes

Home FortiSOAR 7.0.0 Release Notes

Special Notices

7.0.0
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0
Copy Link
Copy Doc ID d367a45c-9e87-11eb-b70b-00505692583a:472842
Download PDF

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.0.0.

Secret Store Support Discontinued

FortiSOAR 7.0.0 has discontinued support for 'Secret Store'. The Secret Store was deprecated from version 5.0.0 onwards, but it was yet available from the FortiSOAR UI in the 6.x.x series. However, from 7.0.0 onwards you will not be able to use Secret Store and neither will it be available from the FortiSOAR UI.

Arrow Library Update

FortiSOAR 7.0.0 workflow engine has updated the arrow library due to which the timestamp attribute has been changed to int_timestamp for DateTime jinja expressions. For example, to get the current timestamp, use {{arrow.utcnow().int_timestamp}}.

For more information see, https://arrow.readthedocs.io/en/latest/releases.html#id4.

Note

New playbooks must use the int_timestamp for any DateTime jinja expressions.

The workflow engine does a best effort handling of auto converting .timestamp to .int_timestamp before running playbooks on FortiSOAR version 7.0.0 and later, so not all playbooks will fail. However, some jinja expressions used might not match the regular expression causing such playbooks to fail; therefore, therefore you need to know which playbooks are impacted due to this change, so that you can update those playbook steps either before or after you upgrade your FortiSOAR instance. To know which playbooks have been playbooks have been impacted by this change in your FortiSOAR system, so that you can review and update those playbooks, see the Technical Note: How to know which playbooks are impacted due the Arrow Library update in FortiSOAR 7.0.0 which has changed the timestamp attribute article.

API Framework upgrade

FortiSOAR 7.0.0 has revamped its API layer for improved performance, security and adherence to latest api specifications. Due to this upgrade, you will observe the following behavior changes when you make API calls in FortiSOAR:

  • The 'Pagination' response has changed as follows:

    • Sample old pagination spec keys that have been deprecated:
      hydra:firstPage: "/api/query/alerts?%24limit=30"
      hydra:itemsPerPage: 30
      hydra:lastPage: "/api/query/alerts?%24limit=30"

    • New hydra:view key has pagination information, if the response has multiple pages:
      "hydra:totalItems": 39,
      "hydra:view": {
      "@id": "/api/query/alerts?%24limit=30&%24page=1",
      "@type": "hydra:PartialCollectionView",
      "hydra:first": "/api/query/alerts?%24limit=30&%24page=1",
      "hydra:last": "/api/query/alerts?%24limit=30&%24page=2",
      "hydra:next": "/api/query/alerts?%24limit=30&%24page=2"
      }

  • The 'Type' agnostic API, i.e. /api/3, now displays 'failure' and 'success' per item. Earlier, a single flush was performed, i.e., used to display either complete failure or complete success.

  • The 'Retry' API for retrying failed configuration for agent and router has now been changed to simple 'PUT' requests with change values of the configuration status.

  • The support for getting the count of related records by passing the $relationshipCount flag (api/3/<module>/uuid/<associateModule>?Countonly=true) on only queries has been removed. Now, to get relationships count, FortiSOAR has provided alternate route of aggregation support on /api/query/module, which is much faster. Similar update has been made for getting the count of workflows from the workflow collection.

  • The bulk API response has been changed to 'success' or 'failure', compared to earlier releases where multistage single, failed, and bad requests were passed.

Integrations API call changes

The Integrations API call has been changed in version 7.0.0 to support only POST calls; earlier GET calls were also supported. Therefore, if you have any existing playbooks that uses the GET calls, then that playbook will fail. To resolve this issue, you have to manually change the method from GET to POST in your playbooks.

Change in the behavior of linking relationships

The behavior of linking records relationships has changed in version 7.0.0 for some performance enhancements. Now, the maximum number of records that can be linked to a record, for example, indicators linked to an alert has been capped at 99 for a single request.

Requirement to install SCP if you want to move files from or to FortiSOAR systems

If you want to move any file from and to a FortiSOAR system, then you must install SCP (yum install openssh-clients -y) or any SCP client. This is required since the openssh-clients package has been removed from FortiSOAR for security compliance.

Previous
Next

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.0.0.

Secret Store Support Discontinued

FortiSOAR 7.0.0 has discontinued support for 'Secret Store'. The Secret Store was deprecated from version 5.0.0 onwards, but it was yet available from the FortiSOAR UI in the 6.x.x series. However, from 7.0.0 onwards you will not be able to use Secret Store and neither will it be available from the FortiSOAR UI.

Arrow Library Update

FortiSOAR 7.0.0 workflow engine has updated the arrow library due to which the timestamp attribute has been changed to int_timestamp for DateTime jinja expressions. For example, to get the current timestamp, use {{arrow.utcnow().int_timestamp}}.

For more information see, https://arrow.readthedocs.io/en/latest/releases.html#id4.

Note

New playbooks must use the int_timestamp for any DateTime jinja expressions.

The workflow engine does a best effort handling of auto converting .timestamp to .int_timestamp before running playbooks on FortiSOAR version 7.0.0 and later, so not all playbooks will fail. However, some jinja expressions used might not match the regular expression causing such playbooks to fail; therefore, therefore you need to know which playbooks are impacted due to this change, so that you can update those playbook steps either before or after you upgrade your FortiSOAR instance. To know which playbooks have been playbooks have been impacted by this change in your FortiSOAR system, so that you can review and update those playbooks, see the Technical Note: How to know which playbooks are impacted due the Arrow Library update in FortiSOAR 7.0.0 which has changed the timestamp attribute article.

API Framework upgrade

FortiSOAR 7.0.0 has revamped its API layer for improved performance, security and adherence to latest api specifications. Due to this upgrade, you will observe the following behavior changes when you make API calls in FortiSOAR:

  • The 'Pagination' response has changed as follows:

    • Sample old pagination spec keys that have been deprecated:
      hydra:firstPage: "/api/query/alerts?%24limit=30"
      hydra:itemsPerPage: 30
      hydra:lastPage: "/api/query/alerts?%24limit=30"

    • New hydra:view key has pagination information, if the response has multiple pages:
      "hydra:totalItems": 39,
      "hydra:view": {
      "@id": "/api/query/alerts?%24limit=30&%24page=1",
      "@type": "hydra:PartialCollectionView",
      "hydra:first": "/api/query/alerts?%24limit=30&%24page=1",
      "hydra:last": "/api/query/alerts?%24limit=30&%24page=2",
      "hydra:next": "/api/query/alerts?%24limit=30&%24page=2"
      }

  • The 'Type' agnostic API, i.e. /api/3, now displays 'failure' and 'success' per item. Earlier, a single flush was performed, i.e., used to display either complete failure or complete success.

  • The 'Retry' API for retrying failed configuration for agent and router has now been changed to simple 'PUT' requests with change values of the configuration status.

  • The support for getting the count of related records by passing the $relationshipCount flag (api/3/<module>/uuid/<associateModule>?Countonly=true) on only queries has been removed. Now, to get relationships count, FortiSOAR has provided alternate route of aggregation support on /api/query/module, which is much faster. Similar update has been made for getting the count of workflows from the workflow collection.

  • The bulk API response has been changed to 'success' or 'failure', compared to earlier releases where multistage single, failed, and bad requests were passed.

Integrations API call changes

The Integrations API call has been changed in version 7.0.0 to support only POST calls; earlier GET calls were also supported. Therefore, if you have any existing playbooks that uses the GET calls, then that playbook will fail. To resolve this issue, you have to manually change the method from GET to POST in your playbooks.

Change in the behavior of linking relationships

The behavior of linking records relationships has changed in version 7.0.0 for some performance enhancements. Now, the maximum number of records that can be linked to a record, for example, indicators linked to an alert has been capped at 99 for a single request.

Requirement to install SCP if you want to move files from or to FortiSOAR systems

If you want to move any file from and to a FortiSOAR system, then you must install SCP (yum install openssh-clients -y) or any SCP client. This is required since the openssh-clients package has been removed from FortiSOAR for security compliance.

Previous
Next