Fortinet black logo

Release Notes

Home FortiSOAR 7.3.0 Release Notes

New Features and Enhancements

7.3.0
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0
Copy Link
Copy Doc ID 108b06fe-4eae-11ed-9d74-fa163e15d75b:269885
Download PDF

New Features and Enhancements

Upgraded the FortiSOAR OS platform from CentOS to Rocky Linux or RHEL

  • FortiSOAR release 7.3.0 has upgraded its OS platform to Rocky Linux release 8.6 or RHEL 8.6) systems and support for the CentOS operating system has been discontinued. CentOS is going to be EOL in 2024, so now the FortiSOAR appliance is embedded with a newer, stable OS. For more information, see the "Upgrading FortiSOAR" chapter in the FortiSOAR Upgrade Guide.

Added support for deploying FortiSOAR on Docker platforms

  • FortiSOAR release 7.3.0 adds support for deploying FortiSOAR on Docker platforms such as VMware ESX or AWS. This allows you to easily provision FortiSOAR into your microservice's architecture and use it as cloud-native and DevOps-enabled.

Ability to run unauthenticated manual inputs in segmented networks using FSR agents

  • FortiSOAR in release 7.3.0 can temporarily host the manual input form on a page on the FSR agent's network, and then send an email containing the link to the input form page to users that are external to your FortiSOAR network. Prior to FortiSOAR release 7.3.0, when inputs were required from users outside FortiSOAR, an email containing a link to provide inputs was sent to the user. The URL link created for the manual input was from the originating instance, i.e., the instance where the playbook is running. Due to this, organizations were required to add their FortiSOAR instance for external IP’s to their 'allowlist' of their firewall or proxy servers, which could have some implications for organization policies. To overcome these issues, FortiSOAR release 7.3.0 introduces the ability to run unauthenticated manual inputs in segmented networks using FSR agents.

Introduction of a FortiSOAR Licensing option that enables unrestricted FortiGuard threat feeds and premium Threat Intelligence Management features

  • FortiSOAR release 7.3.0 introduces a new licensing option that allows for unrestricted ingestion of FortiGuard threat feeds and premium Threat Intelligence Management (TIM) features. To get this new SKU, you need to contact Fortinet Support. For more information, see the Licensing FortiSOAR chapter in the "Deployment Guide."

Optimized the FortiSOAR Backup and Restore processes

  • Release 7.3.0 optimizes the FortiSOAR backup and restore process, enhancing its performance and making it more time-efficient and effective. The backup process now includes backups for files such as JWT keys, and the Elasticsearch database.

Improvements made to the 'Add Block' functionality for playbooks

  • In the playbook designer, while deleting a block in a playbook, FortiSOAR provides you with a choice of whether you want to only delete the block and not the playbook steps that are part of that block OR delete the block and the playbook steps that are part of that block. Earlier, you could only delete the block and not the playbook steps that were part of that block.
  • Enhanced the 'Block' options in the 'Executed Playbook Log' to display metrics such as the total execution time for each block, and you can also view the time taken by individual steps within a block in its 'Step Output'. This helps in determining the ROI of automation with a granular lens.

Improvements in FortiSOAR UI usability

  • An 'Advanced Filter' option has been provided on the module's listing page that enables you to apply conditional filters to the grid columns in a list view. You can achieve complex sorting and filtering of records as well as set a default view per user using the advanced filter.
  • An option to render tabs on the record’s view panel based on visibility conditions has been enhanced to support relational fields.

Improvements in working with playbooks

  • Enhanced the 'Fetch Records' playbook step to include an option that allows users to specify the maximum number of correlated records to be fetched. Specifying the maximum number of correlated records to be fetched can help in avoiding the playbook timeout issue.
  • Improved the UX for selection of playbooks in the 'Reference a Playbook', 'Reference Remote playbook' steps, and also in the 'Edit Schedule' dialog.
  • Added support for using the 'Email Template Field' as a 'Custom' input field type in the 'Manual Trigger' and 'Manual Input' steps only. The ability to include an email template makes it easier for SOC teams to respond to routine operations. For example, sending emails to users when they have forgotten their password. In this case, SOC teams can create a template response to be sent to users and include the same as a field in the user prompt.
  • Enhanced the Jinja Editor to allow users to filter playbook executions based playbook status and on a specific record ID, allowing for the retrieval of playbook logs based on the specific record and making debugging more effective.

Added the ability to view the data of the 'Line' and 'Timeseries' charts in a tabular format

In FortiSOAR release 7.3.0, the 'Line' and 'Timeseries' charts have been enhanced to provide you with a choice of viewing the 'Line' and 'Timeseries' data both as a line graph and in the tabular format. Having the data represented in the tabular format helps you to view the varied information in one go without having to hover on the line or timeseries chart.

Support for Content Hub synchronization

  • You can use the FortiSOAR Admin CLI to synchronize Content Hub with your FortiSOAR system.

Enhancements made for monitoring FortiSOAR

  • If you have an HA environment, then Nginx certificates and self-signed PostgreSQL certificates are now also monitored and notifications can be sent to specified users when any of the certificates is nearing expiry. Earlier, only the expiry of RabbitMQ certificates was monitored.
  • Added support for adding multiple email addresses for monitoring your FortiSOAR system. The 'System & Cluster Health Monitoring' configuration available on the System Configuration page, is enhanced to allow you to add a comma-separated list of email addresses, so that multiple users can receive email notifications of any FortiSOAR service failure, or of any monitored threshold exceeding the set threshold, etc. Prior to this release, you could only add a single email address.

Added the count of playbooks to the existing playbook collections that are being imported using the Import Wizard

When you are importing an existing playbook collection using the import wizard, FortiSOAR now displays the count of playbooks both within the collection that is being imported and the collection that exists on your system, making it easier for users to know whether the correct playbook collection is being imported.

Script-based installation improvements

  • Added an option to skip the installation of the SOAR Framework Solution Pack (SFSP), which is Not Recommended. However, you might want to skip the SFSP installation in cases such as wanting a fresh installation of FortiSOAR without the SFSP content. By default, SFSP is installed with every fresh installation of FortiSOAR, since it is required for the functioning of FortiSOAR.
    Note: It is recommended that you install SFSP on your FortiSOAR instance, using Content Hub on the FortiSOAR UI, before you begin working with FortiSOAR.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the Database connector, FortiSOAR ML Engine connector, Utilities connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Updated multiple widgets such as Feed Configuration Settings have been updated. The Feed Configuration Settings widget has been updated to provide the API endpoint information that supports export of threat feeds in the JSON format or the CSV format. You can use the exported threat feeds for consumption in other use cases.
Previous
Next

New Features and Enhancements

Upgraded the FortiSOAR OS platform from CentOS to Rocky Linux or RHEL

  • FortiSOAR release 7.3.0 has upgraded its OS platform to Rocky Linux release 8.6 or RHEL 8.6) systems and support for the CentOS operating system has been discontinued. CentOS is going to be EOL in 2024, so now the FortiSOAR appliance is embedded with a newer, stable OS. For more information, see the "Upgrading FortiSOAR" chapter in the FortiSOAR Upgrade Guide.

Added support for deploying FortiSOAR on Docker platforms

  • FortiSOAR release 7.3.0 adds support for deploying FortiSOAR on Docker platforms such as VMware ESX or AWS. This allows you to easily provision FortiSOAR into your microservice's architecture and use it as cloud-native and DevOps-enabled.

Ability to run unauthenticated manual inputs in segmented networks using FSR agents

  • FortiSOAR in release 7.3.0 can temporarily host the manual input form on a page on the FSR agent's network, and then send an email containing the link to the input form page to users that are external to your FortiSOAR network. Prior to FortiSOAR release 7.3.0, when inputs were required from users outside FortiSOAR, an email containing a link to provide inputs was sent to the user. The URL link created for the manual input was from the originating instance, i.e., the instance where the playbook is running. Due to this, organizations were required to add their FortiSOAR instance for external IP’s to their 'allowlist' of their firewall or proxy servers, which could have some implications for organization policies. To overcome these issues, FortiSOAR release 7.3.0 introduces the ability to run unauthenticated manual inputs in segmented networks using FSR agents.

Introduction of a FortiSOAR Licensing option that enables unrestricted FortiGuard threat feeds and premium Threat Intelligence Management features

  • FortiSOAR release 7.3.0 introduces a new licensing option that allows for unrestricted ingestion of FortiGuard threat feeds and premium Threat Intelligence Management (TIM) features. To get this new SKU, you need to contact Fortinet Support. For more information, see the Licensing FortiSOAR chapter in the "Deployment Guide."

Optimized the FortiSOAR Backup and Restore processes

  • Release 7.3.0 optimizes the FortiSOAR backup and restore process, enhancing its performance and making it more time-efficient and effective. The backup process now includes backups for files such as JWT keys, and the Elasticsearch database.

Improvements made to the 'Add Block' functionality for playbooks

  • In the playbook designer, while deleting a block in a playbook, FortiSOAR provides you with a choice of whether you want to only delete the block and not the playbook steps that are part of that block OR delete the block and the playbook steps that are part of that block. Earlier, you could only delete the block and not the playbook steps that were part of that block.
  • Enhanced the 'Block' options in the 'Executed Playbook Log' to display metrics such as the total execution time for each block, and you can also view the time taken by individual steps within a block in its 'Step Output'. This helps in determining the ROI of automation with a granular lens.

Improvements in FortiSOAR UI usability

  • An 'Advanced Filter' option has been provided on the module's listing page that enables you to apply conditional filters to the grid columns in a list view. You can achieve complex sorting and filtering of records as well as set a default view per user using the advanced filter.
  • An option to render tabs on the record’s view panel based on visibility conditions has been enhanced to support relational fields.

Improvements in working with playbooks

  • Enhanced the 'Fetch Records' playbook step to include an option that allows users to specify the maximum number of correlated records to be fetched. Specifying the maximum number of correlated records to be fetched can help in avoiding the playbook timeout issue.
  • Improved the UX for selection of playbooks in the 'Reference a Playbook', 'Reference Remote playbook' steps, and also in the 'Edit Schedule' dialog.
  • Added support for using the 'Email Template Field' as a 'Custom' input field type in the 'Manual Trigger' and 'Manual Input' steps only. The ability to include an email template makes it easier for SOC teams to respond to routine operations. For example, sending emails to users when they have forgotten their password. In this case, SOC teams can create a template response to be sent to users and include the same as a field in the user prompt.
  • Enhanced the Jinja Editor to allow users to filter playbook executions based playbook status and on a specific record ID, allowing for the retrieval of playbook logs based on the specific record and making debugging more effective.

Added the ability to view the data of the 'Line' and 'Timeseries' charts in a tabular format

In FortiSOAR release 7.3.0, the 'Line' and 'Timeseries' charts have been enhanced to provide you with a choice of viewing the 'Line' and 'Timeseries' data both as a line graph and in the tabular format. Having the data represented in the tabular format helps you to view the varied information in one go without having to hover on the line or timeseries chart.

Support for Content Hub synchronization

  • You can use the FortiSOAR Admin CLI to synchronize Content Hub with your FortiSOAR system.

Enhancements made for monitoring FortiSOAR

  • If you have an HA environment, then Nginx certificates and self-signed PostgreSQL certificates are now also monitored and notifications can be sent to specified users when any of the certificates is nearing expiry. Earlier, only the expiry of RabbitMQ certificates was monitored.
  • Added support for adding multiple email addresses for monitoring your FortiSOAR system. The 'System & Cluster Health Monitoring' configuration available on the System Configuration page, is enhanced to allow you to add a comma-separated list of email addresses, so that multiple users can receive email notifications of any FortiSOAR service failure, or of any monitored threshold exceeding the set threshold, etc. Prior to this release, you could only add a single email address.

Added the count of playbooks to the existing playbook collections that are being imported using the Import Wizard

When you are importing an existing playbook collection using the import wizard, FortiSOAR now displays the count of playbooks both within the collection that is being imported and the collection that exists on your system, making it easier for users to know whether the correct playbook collection is being imported.

Script-based installation improvements

  • Added an option to skip the installation of the SOAR Framework Solution Pack (SFSP), which is Not Recommended. However, you might want to skip the SFSP installation in cases such as wanting a fresh installation of FortiSOAR without the SFSP content. By default, SFSP is installed with every fresh installation of FortiSOAR, since it is required for the functioning of FortiSOAR.
    Note: It is recommended that you install SFSP on your FortiSOAR instance, using Content Hub on the FortiSOAR UI, before you begin working with FortiSOAR.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the Database connector, FortiSOAR ML Engine connector, Utilities connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Updated multiple widgets such as Feed Configuration Settings have been updated. The Feed Configuration Settings widget has been updated to provide the API endpoint information that supports export of threat feeds in the JSON format or the CSV format. You can use the exported threat feeds for consumption in other use cases.
Previous
Next