Fortinet black logo

Release Notes

Home FortiSOAR 7.4.2 Release Notes
7.4.2
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0

New Features and Enhancements

New Features and Enhancements

MSSP enhancements

  • Separated the options for enabling multi-tenancy for a module and for replication of its record. With this improvement, users can temporarily turn off record replication for a module, and then turn it back on as needed—all without having to turn off multi-tenancy at the module level. Disabling multi-tenancy at the module level results in the permanent deletion of all tenant-specific details and associations with the tenant.
  • Provided an option to the user to execute the "On Create," "On Update," or "On Delete" playbooks on either the source or a replicated instance of the record.
  • Added support for conditional replication of records in a distributed multi-tenancy environment
    You can configure conditional replication of records from tenant to master or from master to tenant in a distributed multi-tenancy environment. This is useful in cases where the tenant or the master wants to restrict the sharing of records. For example, tenants might want to share only high- or critical-level records such as alerts, or records of a certain type, with the master.
  • Improved record replication to ensure that replication does not fail for a related record that might not be available for replication, i.e., missing relationships do not cause record replication failures. This improvement has been made to prevent replication failure related data loss, SLA violations and to ensure that records will be replicated on peer systems, even if replication for related records fails.
  • Added support for synchronization of specific records in real-time using the FortiSOAR UI. This helps to solve the issue of some records not being replicated on peer systems, or some replicated records containing outdated information.
  • Added support for download Agent logs from the master node. The ability to download Agent logs aids in debugging of Agent issues as follows:
    • In many cases, it is not possible to access the Agent's CLI for debugging any issue reported for the Agent.
    • If there is a connector failure on the Agent, the agent's connector.log is required to debug the issue.
  • Enabled comments added to records on the master node to be pushed by default to the peer nodes. Previously, users had to explicitly select an option for the comments to be pushed to the peer nodes. The 'Tenant' field in the record is set to the tenant of the parent record. The 'Tenant' field had a value of 'Self' in releases prior to 7.4.2.
  • Updated the 'Add Tenant' and 'Add Agent' flow to pre-select the team of the user who is logged into the system as the owner of the tenant/agent and the records originating from the tenant/agent. In addition, while creating a tenant or an agent, users must select at least one team as the owner.

Added support for generic two-factor authentication

  • Introduced generic two-factor authentication (2FA) implementation to enable users to effectively implement and customize 2FA methods to suit their requirements. Out-of-the-box, FortiSOAR supports Telesign and Google Authenticator as the authentication vendors.

Added support to test playbooks using previous run instances as a Mock Output

  • Release 7.4.2 streamlines the user experience of using mock outputs by allowing mock outputs to be optionally ingested from the most recent successful playbook execution, saving users the time of having to manually provide mock outputs on a step-by-step basis. This ensures users can test playbooks in development environments without needing to re-execute previously successful steps to obtain live results.

Added support conditional visibility of widgets in Dashboards, Reports, and across elements in FortiSOAR

  • By storing data in the key-value pair format in the "Key Store" module, FortiSOAR provides a setting for conditional visibility of widgets that appear across, such as in Dashboards, Reports, List Views, etc. For example, if you define the "Key as Environment" and the "Value as Dev" in the Key Store module, you can choose to limit the visibility of a widget to only the "Dev" environment.

Playbook Enhancements

  • Provided users both external to FortiSOAR and internal to FortiSOAR with the option to define a custom email body using a rich text field rather than sending the default template in order to provide context for the manual input or approval. Users can personalize manual input notifications for each record and include playbook variables using custom Jinja input in the email body.
  • Enhanced the 'Find Records' step to allow users to restrict the output of this step using Jinja expressions. Users could previously only restrict the output using fields.

Administrative Enhancements

  • Improved the csadm db --getsize command to show the size of the archived data in your database, in addition to displaying the size of the primary data, audit logs, and workflow logs, allowing you to accurately measure your usage over time.
  • Enhanced the Export and Import Wizards as follows:
    • Added the ability to choose whether schedules associated with playbooks should also be exported or imported while exporting or importing playbook collections. This enhancement ensures that users know which schedules are being imported and installed on their system. Previously, if an exported playbook was included in a schedule, the schedule would be implicitly exported without any indication of the same on the FortiSOAR UI, which could cause issues in users' systems, especially for solution packs, where schedules would become a part of the pack unintentionally and get installed on systems installing the pack.
    • Added support for export and import of schedules associated with 'Reports'.
  • Ability to customize the formats for Date and DateTime fields on the FortiSOAR UI.
  • Added the provision of backing up the current SVT in the database before saving the edited SVT, meaning that both the current SVT and the previous to the most recent SVT are saved. User can now restore the previous to the most recent SVT.

Improvements in FortiSOAR UI

  • Updated the FortiSOAR UI to provide notifications for the most recent Security Patch (SP). The 'Version' ('About FortiSOAR') pop-up and in the Notification panel both display this notification. When users click Details in the Version pop-up or the notification row the SP documentation is shown. The SP documentation provides users with details of the latest security patch so that they can make informed decisions on applying the security patch to their systems.
  • Increased the width of the 'Manual Input' form to 45% of your screen size to make it easier to see the contents of the manual input, especially when it contains a lot of text. However, it stays at 600px on small displays.
  • Added a 'Category' field to the Connector Building and Widget Building wizard that allows connectors and widgets to be properly categorized while being created. Users can also add or update the categories when they edit these connectors or widgets.
  • Improved the Export Wizard's Dashboards and Reports 'Filter Data' page to display all the dashboards and reports available in your system. Previously, only the first 30 dashboards and reports were visible on the 'Filter Data' page.
  • Updated the 'Playbook Status' filter in the Delivery Rules wizard's 'Rule Details' page to show the full list of playbook statuses. Prior to this, only the Incipient, Active, Failed, and Finished statuses were displayed. This enables users to create notifications based on any of the playbook statuses, such as sending notifications when playbooks are in the "Finished with Error" state.
  • Provided users with the ability to export CSV records from the modules' list view with the option of the rendering the formulas contained in the CSV file that you want to export ineffective. This helps protect the exported data from any malicious code that makes use of CSV injections (embedding untrusted input inside CSV files).

  • Provided a setting in the "Pie" and "Bar" charts that enables users to choose if they want to represent data from these charts in a tabular format.

Performance Improvements

  • Reduced the overall wait time for exporting reports as PDFs. Reports with many widgets and a lot of data used to take a long time to export. The static wait time that was added during report export has been removed in order to shorten the export time for such reports.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the Utilities connector, Report Engine connector, Database connector, System Monitoring connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Updated multiple widgets such as Record Distribution widget, SOC Management widget, Incident Timeline widget, etc.
Previous
Next

New Features and Enhancements

MSSP enhancements

  • Separated the options for enabling multi-tenancy for a module and for replication of its record. With this improvement, users can temporarily turn off record replication for a module, and then turn it back on as needed—all without having to turn off multi-tenancy at the module level. Disabling multi-tenancy at the module level results in the permanent deletion of all tenant-specific details and associations with the tenant.
  • Provided an option to the user to execute the "On Create," "On Update," or "On Delete" playbooks on either the source or a replicated instance of the record.
  • Added support for conditional replication of records in a distributed multi-tenancy environment
    You can configure conditional replication of records from tenant to master or from master to tenant in a distributed multi-tenancy environment. This is useful in cases where the tenant or the master wants to restrict the sharing of records. For example, tenants might want to share only high- or critical-level records such as alerts, or records of a certain type, with the master.
  • Improved record replication to ensure that replication does not fail for a related record that might not be available for replication, i.e., missing relationships do not cause record replication failures. This improvement has been made to prevent replication failure related data loss, SLA violations and to ensure that records will be replicated on peer systems, even if replication for related records fails.
  • Added support for synchronization of specific records in real-time using the FortiSOAR UI. This helps to solve the issue of some records not being replicated on peer systems, or some replicated records containing outdated information.
  • Added support for download Agent logs from the master node. The ability to download Agent logs aids in debugging of Agent issues as follows:
    • In many cases, it is not possible to access the Agent's CLI for debugging any issue reported for the Agent.
    • If there is a connector failure on the Agent, the agent's connector.log is required to debug the issue.
  • Enabled comments added to records on the master node to be pushed by default to the peer nodes. Previously, users had to explicitly select an option for the comments to be pushed to the peer nodes. The 'Tenant' field in the record is set to the tenant of the parent record. The 'Tenant' field had a value of 'Self' in releases prior to 7.4.2.
  • Updated the 'Add Tenant' and 'Add Agent' flow to pre-select the team of the user who is logged into the system as the owner of the tenant/agent and the records originating from the tenant/agent. In addition, while creating a tenant or an agent, users must select at least one team as the owner.

Added support for generic two-factor authentication

  • Introduced generic two-factor authentication (2FA) implementation to enable users to effectively implement and customize 2FA methods to suit their requirements. Out-of-the-box, FortiSOAR supports Telesign and Google Authenticator as the authentication vendors.

Added support to test playbooks using previous run instances as a Mock Output

  • Release 7.4.2 streamlines the user experience of using mock outputs by allowing mock outputs to be optionally ingested from the most recent successful playbook execution, saving users the time of having to manually provide mock outputs on a step-by-step basis. This ensures users can test playbooks in development environments without needing to re-execute previously successful steps to obtain live results.

Added support conditional visibility of widgets in Dashboards, Reports, and across elements in FortiSOAR

  • By storing data in the key-value pair format in the "Key Store" module, FortiSOAR provides a setting for conditional visibility of widgets that appear across, such as in Dashboards, Reports, List Views, etc. For example, if you define the "Key as Environment" and the "Value as Dev" in the Key Store module, you can choose to limit the visibility of a widget to only the "Dev" environment.

Playbook Enhancements

  • Provided users both external to FortiSOAR and internal to FortiSOAR with the option to define a custom email body using a rich text field rather than sending the default template in order to provide context for the manual input or approval. Users can personalize manual input notifications for each record and include playbook variables using custom Jinja input in the email body.
  • Enhanced the 'Find Records' step to allow users to restrict the output of this step using Jinja expressions. Users could previously only restrict the output using fields.

Administrative Enhancements

  • Improved the csadm db --getsize command to show the size of the archived data in your database, in addition to displaying the size of the primary data, audit logs, and workflow logs, allowing you to accurately measure your usage over time.
  • Enhanced the Export and Import Wizards as follows:
    • Added the ability to choose whether schedules associated with playbooks should also be exported or imported while exporting or importing playbook collections. This enhancement ensures that users know which schedules are being imported and installed on their system. Previously, if an exported playbook was included in a schedule, the schedule would be implicitly exported without any indication of the same on the FortiSOAR UI, which could cause issues in users' systems, especially for solution packs, where schedules would become a part of the pack unintentionally and get installed on systems installing the pack.
    • Added support for export and import of schedules associated with 'Reports'.
  • Ability to customize the formats for Date and DateTime fields on the FortiSOAR UI.
  • Added the provision of backing up the current SVT in the database before saving the edited SVT, meaning that both the current SVT and the previous to the most recent SVT are saved. User can now restore the previous to the most recent SVT.

Improvements in FortiSOAR UI

  • Updated the FortiSOAR UI to provide notifications for the most recent Security Patch (SP). The 'Version' ('About FortiSOAR') pop-up and in the Notification panel both display this notification. When users click Details in the Version pop-up or the notification row the SP documentation is shown. The SP documentation provides users with details of the latest security patch so that they can make informed decisions on applying the security patch to their systems.
  • Increased the width of the 'Manual Input' form to 45% of your screen size to make it easier to see the contents of the manual input, especially when it contains a lot of text. However, it stays at 600px on small displays.
  • Added a 'Category' field to the Connector Building and Widget Building wizard that allows connectors and widgets to be properly categorized while being created. Users can also add or update the categories when they edit these connectors or widgets.
  • Improved the Export Wizard's Dashboards and Reports 'Filter Data' page to display all the dashboards and reports available in your system. Previously, only the first 30 dashboards and reports were visible on the 'Filter Data' page.
  • Updated the 'Playbook Status' filter in the Delivery Rules wizard's 'Rule Details' page to show the full list of playbook statuses. Prior to this, only the Incipient, Active, Failed, and Finished statuses were displayed. This enables users to create notifications based on any of the playbook statuses, such as sending notifications when playbooks are in the "Finished with Error" state.
  • Provided users with the ability to export CSV records from the modules' list view with the option of the rendering the formulas contained in the CSV file that you want to export ineffective. This helps protect the exported data from any malicious code that makes use of CSV injections (embedding untrusted input inside CSV files).

  • Provided a setting in the "Pie" and "Bar" charts that enables users to choose if they want to represent data from these charts in a tabular format.

Performance Improvements

  • Reduced the overall wait time for exporting reports as PDFs. Reports with many widgets and a lot of data used to take a long time to export. The static wait time that was added during report export has been removed in order to shorten the export time for such reports.

Built-in Connector and Widget Enhancements

  • Updated multiple built-in connectors such as the Utilities connector, Report Engine connector, Database connector, System Monitoring connector, etc. For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.
  • Updated multiple widgets such as Record Distribution widget, SOC Management widget, Incident Timeline widget, etc.
Previous
Next