Fortinet black logo

Upgrade Guide

Home FortiSOAR 7.2.0 Upgrade Guide
7.2.0
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0

Post-Upgrade Tasks

Post-Upgrade Tasks

Assign appropriate permissions for Content Hub

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, appropriate permissions must be assigned to users who require to work with Content Hub, i.e., solution packs, widgets, and connectors. For users who need to work with all the components assign the 'FSR Content Hub' role ; however, users who need to work only with an individual component such as widgets or connectors, appropriate permissions should be assigned for 'Content Hub' and individually for 'Widgets' or 'Connectors'.

Assign appropriate permissions to the Playbook Appliance

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, if you observe that connectors that were installed prior to the upgrade are missing from the Content Hub, due to some issues or if you do not have a default 'Playbook Appliance', do the following:

  • Assign appropriate permissions on the Solution Pack module to the 'Playbook Appliance'. FortiSOAR synchronizes Content Hub content at the thirtieth minute of every hour (for example, 1:30, 2:30); therefore, after you have given the permissions, in around thirty minutes, you should be able to see the connectors that were installed prior to the upgrade in both the Discover as well as Manage tabs on Content Hub.
  • If you want to see the missing connectors instantaneously in Content Hub, then run the following command:
    /opt/cyops/configs/scripts/api_caller.py --endpoint "https://localhost/api/3/solutionpack/sync" --method GET

Perform a manual synchronization for Content Hub data if your FortiSOAR instance does not have a default playbook appliance

If your FortiSOAR does not have a default Playbook Appliance or if the Playbook Appliance is renamed before you upgrade to release 7.2.0, then post upgrade you must update roles with appropriate Content Hub permissions for the used Appliance. Once you have updated the roles, you have to perform a manual synchronization to get Content Hub data using an API call:
/opt/cyops/configs/scripts/api_caller.py --endpoint "https://localhost/api/3/solutionpack/sync" --method GET

After this, FortiSOAR automatically synchronizes Content Hub data using the scheduled API call.

Retrain your Machine Learning Model

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, you might observe that errors are being displayed for field suggestions and record similarity. In such cases, you must retrain your Machine Learning model.

Deactivation of notification system playbooks and customization of notification rules

If you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, then users will receive two emails for a single notification. This is because the upgraded FortiSOAR system would have both the new notification rules and the system playbooks that triggered notifications prior to 7.2.0. To resolve this issue, the earlier system playbooks that used to send the notifications emails must be deactivated and the notification rules must be customized to suit your requirements. For details on Notification Framework, see the System Configuration chapter in the "Administration Guide."

Following is a list of system playbooks that can be deactivated:

  • In the Approval/Manual Task Playbooks collection, you can deactivate the following playbooks:
    • Approval > Notify Owners
    • Approval > Notify Updated Owners
    • In the System Notification and Escalation Playbooks collection, you can deactivate the following playbooks:
    • Alert > Notify Creation (Email)
    • Alert > Notify Creation (System)
    • Alert > Notify Updation(System)
    • Incident > Notify Creation (Email)
    • Incident > Notify Creation (System)
    • Incident > Notify Updation
    • Task > Notify Creation (Email)
    • Task > Notify Creation (System)
    • Task > Notify Updation

Tasks to be performed if you have enabled Multihoming

If you have enabled 'Multihoming' on FortiSOAR, and you are upgrading FortiSOAR 7.0.2 MP2 to FortiSOAR 7.2.0, then you have to redo the configurations that are required for multihoming in the /opt/cyops-rabbitmq/configs/ssl/openssl.cnf file:

Add the service and management interface DNS names in alt_names section in the /opt/cyops-rabbitmq/configs/ssl/openssl.cnf file.
For example,
The original alt_names section in the openssl.cnf file:
[alt_names]
DNS.1 = fortisoar.myorgdomain

After adding the service and management interface DNS names:
[alt_names]
DNS.1 = fortisoar-management.myorgdomain
DNS.2 = fortisoar.myorgdomain
Note: If you use signed certificates, ensure that the certificate resolves both the service and management interface names.

For more information on setting up multihoming on FortiSOAR, see the High Availability chapter in the "Administration Guide."

Updates needed to the Task Management Widget

Once you have upgraded to release 7.2.0 from release 7.0.0, you will observe that the task management widget does not work as expected in War Rooms (or any other modules where it is configured).

Resolution

  1. Use the Export Wizard to export the Tasks, War Rooms, and any other module that is configured with task management from your upgraded 7.2.0 instance.
  2. Use the Import Manager to import these modules back into your upgraded 7.2.0 instance.
Previous
Next

Post-Upgrade Tasks

Assign appropriate permissions for Content Hub

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, appropriate permissions must be assigned to users who require to work with Content Hub, i.e., solution packs, widgets, and connectors. For users who need to work with all the components assign the 'FSR Content Hub' role ; however, users who need to work only with an individual component such as widgets or connectors, appropriate permissions should be assigned for 'Content Hub' and individually for 'Widgets' or 'Connectors'.

Assign appropriate permissions to the Playbook Appliance

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, if you observe that connectors that were installed prior to the upgrade are missing from the Content Hub, due to some issues or if you do not have a default 'Playbook Appliance', do the following:

  • Assign appropriate permissions on the Solution Pack module to the 'Playbook Appliance'. FortiSOAR synchronizes Content Hub content at the thirtieth minute of every hour (for example, 1:30, 2:30); therefore, after you have given the permissions, in around thirty minutes, you should be able to see the connectors that were installed prior to the upgrade in both the Discover as well as Manage tabs on Content Hub.
  • If you want to see the missing connectors instantaneously in Content Hub, then run the following command:
    /opt/cyops/configs/scripts/api_caller.py --endpoint "https://localhost/api/3/solutionpack/sync" --method GET

Perform a manual synchronization for Content Hub data if your FortiSOAR instance does not have a default playbook appliance

If your FortiSOAR does not have a default Playbook Appliance or if the Playbook Appliance is renamed before you upgrade to release 7.2.0, then post upgrade you must update roles with appropriate Content Hub permissions for the used Appliance. Once you have updated the roles, you have to perform a manual synchronization to get Content Hub data using an API call:
/opt/cyops/configs/scripts/api_caller.py --endpoint "https://localhost/api/3/solutionpack/sync" --method GET

After this, FortiSOAR automatically synchronizes Content Hub data using the scheduled API call.

Retrain your Machine Learning Model

Once you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, you might observe that errors are being displayed for field suggestions and record similarity. In such cases, you must retrain your Machine Learning model.

Deactivation of notification system playbooks and customization of notification rules

If you have upgraded to release 7.2.0 or later from a release prior to 7.2.0, then users will receive two emails for a single notification. This is because the upgraded FortiSOAR system would have both the new notification rules and the system playbooks that triggered notifications prior to 7.2.0. To resolve this issue, the earlier system playbooks that used to send the notifications emails must be deactivated and the notification rules must be customized to suit your requirements. For details on Notification Framework, see the System Configuration chapter in the "Administration Guide."

Following is a list of system playbooks that can be deactivated:

  • In the Approval/Manual Task Playbooks collection, you can deactivate the following playbooks:
    • Approval > Notify Owners
    • Approval > Notify Updated Owners
    • In the System Notification and Escalation Playbooks collection, you can deactivate the following playbooks:
    • Alert > Notify Creation (Email)
    • Alert > Notify Creation (System)
    • Alert > Notify Updation(System)
    • Incident > Notify Creation (Email)
    • Incident > Notify Creation (System)
    • Incident > Notify Updation
    • Task > Notify Creation (Email)
    • Task > Notify Creation (System)
    • Task > Notify Updation

Tasks to be performed if you have enabled Multihoming

If you have enabled 'Multihoming' on FortiSOAR, and you are upgrading FortiSOAR 7.0.2 MP2 to FortiSOAR 7.2.0, then you have to redo the configurations that are required for multihoming in the /opt/cyops-rabbitmq/configs/ssl/openssl.cnf file:

Add the service and management interface DNS names in alt_names section in the /opt/cyops-rabbitmq/configs/ssl/openssl.cnf file.
For example,
The original alt_names section in the openssl.cnf file:
[alt_names]
DNS.1 = fortisoar.myorgdomain

After adding the service and management interface DNS names:
[alt_names]
DNS.1 = fortisoar-management.myorgdomain
DNS.2 = fortisoar.myorgdomain
Note: If you use signed certificates, ensure that the certificate resolves both the service and management interface names.

For more information on setting up multihoming on FortiSOAR, see the High Availability chapter in the "Administration Guide."

Updates needed to the Task Management Widget

Once you have upgraded to release 7.2.0 from release 7.0.0, you will observe that the task management widget does not work as expected in War Rooms (or any other modules where it is configured).

Resolution

  1. Use the Export Wizard to export the Tasks, War Rooms, and any other module that is configured with task management from your upgraded 7.2.0 instance.
  2. Use the Import Manager to import these modules back into your upgraded 7.2.0 instance.
Previous
Next