Fortinet black logo

Release Notes

Home FortiSOAR 7.4.1 Release Notes
7.4.1
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0

New Features and Enhancements

New Features and Enhancements

Added support for Leave Management to the Queue and Shift Management feature

You can use the Leave Management feature in Queue and Shift Management, to prevent assignment of records to users who are on leave or paid time off (PTO). Using Leave Management, users who are on leave are excluded, and records are not assigned to them for the duration of their leave.

Revamped the Approval Step

  • Updated the 'Approval' step to honor RBAC, customizations, etc. Also, the response from the approval step now includes the approval status.

Added support for conditional visibility for widgets on the View Panel

  • Provided a setting for conditional visibility of widgets that appear on the detail view of the record, i.e., the View Panel. You can choose to restrict the visibility of widgets based on the conditions you have specified. In such cases, widgets are displayed only if the visibility condition is satisfied; otherwise, they are hidden.

Added support for creating custom functions and function references using connectors

  • Support is added for creating custom functions and function references using connectors. You can add custom functions or function references to your custom connector, edit an existing connector to add custom functions, or expose an action of a connector as a function. The following benefits to users are brought about by this improvement:
    • Export/Import of custom functions using the Export and Import Wizards.
    • Jinja2/Ansible/YAQL or simple python function references can be easily added to the Functions tab in Dynamic Values, making them usable in playbooks and the Jinja Editor.

Introduction of a FortiSOAR Licensing option for the FortiSOAR "Perpetual" license type that includes support for the FortiSOAR Threat Intel Management Subscription Service

  • Added a new licensing option for the FortiSOAR "Perpetual" license type that supports the subscription service for FortiSOAR Threat Intel Management Service, including FortiGuard Premium Threat Feeds. This service allows you to use the Threat Intel Management service to its fullest extent, and includes unrestricted consumption of FortiGuard feeds.

Enhanced Global Search

  • Added a Query Based Search option to Global Search that enables users to efficiently search across FortiSOAR by utilizing wildcards or operators such as 'NOT', 'AND', 'OR', fuzzy queries, etc.
  • Added support for UUID searches in Global Search. Using global search, which enables searching for playbooks, records, etc. using their UUIDs, users are now able to use playbook failure notifications to quickly search for failed playbooks and related records.

Administrative Enhancements

  • Enhanced the --status argument of the csadm command to include information about how long the services have been active. Knowing the last active time of a service can assist with troubleshooting when a service is restarting repeatedly due to an issue.
  • Added the --validate argument to the csadm system disk expand-lv command, with either the --disk or --use-vg argument. This argument validates the inputs passed for the csadm system disk expand-lv command and provides a summary of changes that will be made after running this command. This enables users get details of the available space on the partition, the new expanded size of the disks, etc. Users will also be aware of any issues that could prevent them from expanding the partition. Therefore, it is advisable to use the --validate argument before executing the csadm system disk expand-lv command.
  • Improved are made to the System Fixtures tab in System Configuration to include links to dedicated pages for self agent and self tenant. This makes it simpler to update details of the self tenant and agent such as remapping teams linked to the self tenant or tenants linked to the self agent.

Playbook Enhancements

  • Provided an option to exclude a certain set of workflows, such as 'Pause SLA', from appearing as suggestions in the 'Suggested Playbooks' list.
  • Introduced the 'Step Utilities' option in the Input/Output tab in Dynamic Values that enables you to use the values of list items if the step contains a loop. This option makes it easier to use the values of the items that are part of a list in the playbook step.
  • Added query params (api_params) in Input > Parameters in Dynamic Values displayed for steps of the Custom API Endpoint trigger playbook so that you can get some input from outside FortiSOAR and then further process that data in the next steps of the playbook.
  • Provided users with the option to provide customized messages that are displayed on the FortiSOAR UI when an approval playbook or a manual input playbook is resumed.
  • Provided users with the option to either customize the message that is displayed when a manual trigger playbook is triggered or to disable the system message from appearing. In playbooks when a manual input form is displayed right away after the playbook is triggered, you might not want to see this message because it is superfluous and can detract from the user experience.
  • Enhanced the Dynamic List option in User Prompt to allow users to select multiple options from the input prompt.
  • Added the 'Message' step utility to the 'Set Variable' and 'Decision' steps, enabling users to add custom messages to these steps. For example, adding a message with the outcome of the decision step, such as "Blocked the IP <IP address> based on the reputation retrieved from FortiGuard".
  • Added error details to the 'Terminated' playbooks that explain why they were terminated. When playbooks are terminated for reasons, such as exceeding the permissible time limits set for playbook execution, this information is helpful for troubleshooting playbook failures.

Connector Enhancements

  • Added a Dependent Solution Packs section that contains a list of solution packs that are dependent on the connector for them to work correctly in the Summary tab in the connector configuration popup. Users can use this information to install specific solution packs that use the connector.
  • Provided a choice to users to configure connectors on a remote FSR Agent or on the current FortiSOAR node (Self) while creating or updating a notification channel.
  • Removed the confusion caused by the display of two tiles of the same connector that were being edited on the Discover tab of the Content Hub. For example, if you were editing VirusTotal v1.0.0, the Discover tab displayed both "VirusTotal v1.0.0" and "VirusTotal_v1.0.0_dev." The Discover tab now just displays "VirusTotal v1.0.0," as copies of the connector that is being edited are no longer displayed on this tab.

Improvements in FortiSOAR UI

  • Improved the presentation of tags with long names in reference blocks, comments, and single line item widgets so that the text of these tags does not break, and the entire tag is displayed on a new line.
  • Provided an option in the Purge Audit Logs dialog that allows users to deselect all the event type options; by default, all the options are selected. This is useful for users who want to purge just a few event types.
  • Added Field Suggestions, Similar Records, and Playbook Suggestions are now independent tabs in the Recommendations pane, which increases the visibility of the content in each of these pages. There have also been performance enhancements made to the Recommendations pane.
  • Added an option to the Reference a Playbook step to open a referenced playbook in a new window. By allowing users the option to view the contents of the referenced playbook in a new window while viewing the referencing playbook's whole flow on the same canvas in the playbook designer, improves the user experience when creating playbooks.
  • Provided an option to pin a playbook to the 'Relationships' widget. This is useful for frequently used playbooks that users want to display directly on the Relationships grid rather than having to choose them from the 'Execute' drop-down list.
  • Added pagination support for the 'Simple Grid' widget to enable easy navigation through records.
  • Differentiated the display of tags and categories in the "Filtered By" section on the Content Hub page when users apply the same filter for both 'Category' and 'Tags'.
  • Added support for disabling links in Rich Text (HTML) or Rich Text (Markdown) fields. You can disable links in fields such as 'Email Body,' as you might want to prevent users from clicking on links in phishing emails, etc.
  • Enhanced the Prerequisites section in the Solution Pack Summary tab to display Update Available for dependent solution packs that have a lower-level version installed on your FortiSOAR system than what is required for the solution pack that you want to install.

Added a failure message and failure icon on the FortiSOAR Configuration Wizard for provisioning failures

  • If the FortiSOAR Configuration Wizard fails when provisioning your instance, then the "The FortiSOAR system provisioning has failed" message and a failure icon for that component are both displayed on the configuration wizard. The functionality associated with the failed services is affected but you have the option to fix the provisioning issues after configuring your FortiSOAR instance and continue with setting up your FortiSOAR instance by clicking the Proceed Anyway button.

Allowed for the direct editing of connectors and widgets that are part of the FortiSOAR repository

  • The FortiSOAR repository's connectors and widgets can now be modified directly without having to be cloned. Previously, editing connectors and widgets that were a part of the FortiSOAR repository required users to first clone them, which was incompatible with editing other types of content in Content Hub and complicated troubleshooting.

Enhanced the 'cyops-search' service performance

  • Added sub processes for the 'Data', 'Status', 'System', and 'Search' queues to improve the 'cyops-search' service. Sub processes enable the parallel execution of operations such as indexing, searching, etc., which improves performance and user experience.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the FSR Agent Communication Bridge Connector, Utilities Connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Added multiple widgets such as Funnel Chart widget, C3 Charts widget, Time Series Charts, etc.
Previous
Next

New Features and Enhancements

Added support for Leave Management to the Queue and Shift Management feature

You can use the Leave Management feature in Queue and Shift Management, to prevent assignment of records to users who are on leave or paid time off (PTO). Using Leave Management, users who are on leave are excluded, and records are not assigned to them for the duration of their leave.

Revamped the Approval Step

  • Updated the 'Approval' step to honor RBAC, customizations, etc. Also, the response from the approval step now includes the approval status.

Added support for conditional visibility for widgets on the View Panel

  • Provided a setting for conditional visibility of widgets that appear on the detail view of the record, i.e., the View Panel. You can choose to restrict the visibility of widgets based on the conditions you have specified. In such cases, widgets are displayed only if the visibility condition is satisfied; otherwise, they are hidden.

Added support for creating custom functions and function references using connectors

  • Support is added for creating custom functions and function references using connectors. You can add custom functions or function references to your custom connector, edit an existing connector to add custom functions, or expose an action of a connector as a function. The following benefits to users are brought about by this improvement:
    • Export/Import of custom functions using the Export and Import Wizards.
    • Jinja2/Ansible/YAQL or simple python function references can be easily added to the Functions tab in Dynamic Values, making them usable in playbooks and the Jinja Editor.

Introduction of a FortiSOAR Licensing option for the FortiSOAR "Perpetual" license type that includes support for the FortiSOAR Threat Intel Management Subscription Service

  • Added a new licensing option for the FortiSOAR "Perpetual" license type that supports the subscription service for FortiSOAR Threat Intel Management Service, including FortiGuard Premium Threat Feeds. This service allows you to use the Threat Intel Management service to its fullest extent, and includes unrestricted consumption of FortiGuard feeds.

Enhanced Global Search

  • Added a Query Based Search option to Global Search that enables users to efficiently search across FortiSOAR by utilizing wildcards or operators such as 'NOT', 'AND', 'OR', fuzzy queries, etc.
  • Added support for UUID searches in Global Search. Using global search, which enables searching for playbooks, records, etc. using their UUIDs, users are now able to use playbook failure notifications to quickly search for failed playbooks and related records.

Administrative Enhancements

  • Enhanced the --status argument of the csadm command to include information about how long the services have been active. Knowing the last active time of a service can assist with troubleshooting when a service is restarting repeatedly due to an issue.
  • Added the --validate argument to the csadm system disk expand-lv command, with either the --disk or --use-vg argument. This argument validates the inputs passed for the csadm system disk expand-lv command and provides a summary of changes that will be made after running this command. This enables users get details of the available space on the partition, the new expanded size of the disks, etc. Users will also be aware of any issues that could prevent them from expanding the partition. Therefore, it is advisable to use the --validate argument before executing the csadm system disk expand-lv command.
  • Improved are made to the System Fixtures tab in System Configuration to include links to dedicated pages for self agent and self tenant. This makes it simpler to update details of the self tenant and agent such as remapping teams linked to the self tenant or tenants linked to the self agent.

Playbook Enhancements

  • Provided an option to exclude a certain set of workflows, such as 'Pause SLA', from appearing as suggestions in the 'Suggested Playbooks' list.
  • Introduced the 'Step Utilities' option in the Input/Output tab in Dynamic Values that enables you to use the values of list items if the step contains a loop. This option makes it easier to use the values of the items that are part of a list in the playbook step.
  • Added query params (api_params) in Input > Parameters in Dynamic Values displayed for steps of the Custom API Endpoint trigger playbook so that you can get some input from outside FortiSOAR and then further process that data in the next steps of the playbook.
  • Provided users with the option to provide customized messages that are displayed on the FortiSOAR UI when an approval playbook or a manual input playbook is resumed.
  • Provided users with the option to either customize the message that is displayed when a manual trigger playbook is triggered or to disable the system message from appearing. In playbooks when a manual input form is displayed right away after the playbook is triggered, you might not want to see this message because it is superfluous and can detract from the user experience.
  • Enhanced the Dynamic List option in User Prompt to allow users to select multiple options from the input prompt.
  • Added the 'Message' step utility to the 'Set Variable' and 'Decision' steps, enabling users to add custom messages to these steps. For example, adding a message with the outcome of the decision step, such as "Blocked the IP <IP address> based on the reputation retrieved from FortiGuard".
  • Added error details to the 'Terminated' playbooks that explain why they were terminated. When playbooks are terminated for reasons, such as exceeding the permissible time limits set for playbook execution, this information is helpful for troubleshooting playbook failures.

Connector Enhancements

  • Added a Dependent Solution Packs section that contains a list of solution packs that are dependent on the connector for them to work correctly in the Summary tab in the connector configuration popup. Users can use this information to install specific solution packs that use the connector.
  • Provided a choice to users to configure connectors on a remote FSR Agent or on the current FortiSOAR node (Self) while creating or updating a notification channel.
  • Removed the confusion caused by the display of two tiles of the same connector that were being edited on the Discover tab of the Content Hub. For example, if you were editing VirusTotal v1.0.0, the Discover tab displayed both "VirusTotal v1.0.0" and "VirusTotal_v1.0.0_dev." The Discover tab now just displays "VirusTotal v1.0.0," as copies of the connector that is being edited are no longer displayed on this tab.

Improvements in FortiSOAR UI

  • Improved the presentation of tags with long names in reference blocks, comments, and single line item widgets so that the text of these tags does not break, and the entire tag is displayed on a new line.
  • Provided an option in the Purge Audit Logs dialog that allows users to deselect all the event type options; by default, all the options are selected. This is useful for users who want to purge just a few event types.
  • Added Field Suggestions, Similar Records, and Playbook Suggestions are now independent tabs in the Recommendations pane, which increases the visibility of the content in each of these pages. There have also been performance enhancements made to the Recommendations pane.
  • Added an option to the Reference a Playbook step to open a referenced playbook in a new window. By allowing users the option to view the contents of the referenced playbook in a new window while viewing the referencing playbook's whole flow on the same canvas in the playbook designer, improves the user experience when creating playbooks.
  • Provided an option to pin a playbook to the 'Relationships' widget. This is useful for frequently used playbooks that users want to display directly on the Relationships grid rather than having to choose them from the 'Execute' drop-down list.
  • Added pagination support for the 'Simple Grid' widget to enable easy navigation through records.
  • Differentiated the display of tags and categories in the "Filtered By" section on the Content Hub page when users apply the same filter for both 'Category' and 'Tags'.
  • Added support for disabling links in Rich Text (HTML) or Rich Text (Markdown) fields. You can disable links in fields such as 'Email Body,' as you might want to prevent users from clicking on links in phishing emails, etc.
  • Enhanced the Prerequisites section in the Solution Pack Summary tab to display Update Available for dependent solution packs that have a lower-level version installed on your FortiSOAR system than what is required for the solution pack that you want to install.

Added a failure message and failure icon on the FortiSOAR Configuration Wizard for provisioning failures

  • If the FortiSOAR Configuration Wizard fails when provisioning your instance, then the "The FortiSOAR system provisioning has failed" message and a failure icon for that component are both displayed on the configuration wizard. The functionality associated with the failed services is affected but you have the option to fix the provisioning issues after configuring your FortiSOAR instance and continue with setting up your FortiSOAR instance by clicking the Proceed Anyway button.

Allowed for the direct editing of connectors and widgets that are part of the FortiSOAR repository

  • The FortiSOAR repository's connectors and widgets can now be modified directly without having to be cloned. Previously, editing connectors and widgets that were a part of the FortiSOAR repository required users to first clone them, which was incompatible with editing other types of content in Content Hub and complicated troubleshooting.

Enhanced the 'cyops-search' service performance

  • Added sub processes for the 'Data', 'Status', 'System', and 'Search' queues to improve the 'cyops-search' service. Sub processes enable the parallel execution of operations such as indexing, searching, etc., which improves performance and user experience.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the FSR Agent Communication Bridge Connector, Utilities Connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Added multiple widgets such as Funnel Chart widget, C3 Charts widget, Time Series Charts, etc.
Previous
Next