Special Notices
This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.0.0.
Secret Store Support Discontinued
FortiSOAR 7.0.0 has discontinued support for 'Secret Store'. The Secret Store was deprecated from version 5.0.0 onwards, but it was yet available from the FortiSOAR UI in the 6.x.x series. However, from 7.0.0 onwards you will not be able to use Secret Store and neither will it be available from the FortiSOAR UI.
Arrow Library Update
FortiSOAR 7.0.0 workflow engine has updated the arrow library due to which the timestamp
attribute has been changed to int_timestamp
for DateTime
jinja expressions. For example, to get the current timestamp, use {{arrow.utcnow().int_timestamp}}
.
For more information see, https://arrow.readthedocs.io/en/latest/releases.html#id4.
New playbooks must use the |
The workflow engine does a best effort handling of auto converting .timestamp
to .int_timestamp
before running playbooks on FortiSOAR version 7.0.0 and later, so not all playbooks will fail. However, some jinja expressions used might not match the regular expression causing such playbooks to fail; therefore, therefore you need to know which playbooks are impacted due to this change, so that you can update those playbook steps either before or after you upgrade your FortiSOAR instance. To know which playbooks have been playbooks have been impacted by this change in your FortiSOAR system, so that you can review and update those playbooks, see the Technical Note: How to know which playbooks are impacted due the Arrow Library update in FortiSOAR 7.0.0 which has changed the timestamp attribute article.
API Framework upgrade
FortiSOAR 7.0.0 has revamped its API layer for improved performance, security and adherence to latest api specifications. Due to this upgrade, you will observe the following behavior changes when you make API calls in FortiSOAR:
- The 'Pagination' response has changed as follows:
-
Sample old pagination spec keys that have been deprecated:
hydra:firstPage: "/api/query/alerts?%24limit=30"
hydra:itemsPerPage: 30
hydra:lastPage: "/api/query/alerts?%24limit=30" -
New
hydra:view
key has pagination information, if the response has multiple pages:"hydra:totalItems": 39,
"hydra:view": {
"@id": "/api/query/alerts?%24limit=30&%24page=1",
"@type": "hydra:PartialCollectionView",
"hydra:first": "/api/query/alerts?%24limit=30&%24page=1",
"hydra:last": "/api/query/alerts?%24limit=30&%24page=2",
"hydra:next": "/api/query/alerts?%24limit=30&%24page=2"
} - The '
Type
' agnostic API, i.e./api/3
, now displays 'failure' and 'success' per item. Earlier, a single flush was performed, i.e., used to display either complete failure or complete success. -
The '
Retry
' API for retrying failed configuration for agent and router has now been changed to simple 'PUT
' requests with change values of the configuration status. -
The support for getting the count of related records by passing the
$relationshipCount
flag (api/3/<module>/uuid/<associateModule>?Countonly=true
) on only queries has been removed. Now, to get relationships count, FortiSOAR has provided alternate route of aggregation support on/api/query/module
, which is much faster. Similar update has been made for getting the count of workflows from the workflow collection. -
The bulk API response has been changed to 'success' or 'failure', compared to earlier releases where multistage single, failed, and bad requests were passed.
Integrations API call changes
The Integrations API call has been changed in version 7.0.0 to support only POST
calls; earlier GET
calls were also supported. Therefore, if you have any existing playbooks that uses the GET calls, then that playbook will fail. To resolve this issue, you have to manually change the method from GET
to POST
in your playbooks.
Change in the behavior of linking relationships
The behavior of linking records relationships has changed in version 7.0.0 for some performance enhancements. Now, the maximum number of records that can be linked to a record, for example, indicators linked to an alert has been capped at 99 for a single request.
Requirement to install SCP if you want to move files from or to FortiSOAR systems
If you want to move any file from and to a FortiSOAR system, then you must install SCP (yum install openssh-clients -y
) or any SCP client. This is required since the openssh-clients
package has been removed from FortiSOAR for security compliance.