The FortiSOAR mobile application is an extension to the FortiSOAR's Web interface, which facilitates important and urgent actions such as immediate approvals, notifications, critical actions on the go, and viewing and reassigning records.
Note: The FortiSOAR mobile application is part of the FortiExplorer application.

War rooms enable SOC teams to get into a collaborative space to mitigate a critical cyber threat scenario or campaign. FortiSOAR makes it easy for analysts to quickly provision a War Room and ensures that the task force is well-equipped to handle and coordinate all aspects of critical situations. FortiSOAR enables stakeholders to analyze and collaborate to quickly mitigate the threat.

The Recommendation engine adds the Machine-learning (ML) based clustering strategy as one of its recommendation strategies. The ML-based clustering strategy trains the ML engine using the data existing on your FortiSOAR instance to recommend similar records and predict and assign field values in records.

You get a free trial license for an unlimited time for FortiSOAR per FortiCare account, i.e., if you have a FortiCare account, you can get FortiSOAR for free and for an unlimited time, but in a limited context. This license is an "Enterprise" type license and is restricted to 3 users using FortiSOAR for a maximum of 200 actions a day.

Prior to version 7.0.0, users required to click the Use Single Sign On (SSO) link to get redirected to the SSO login page or login using SSO active session. However, there are some organizations that have policies, which require direct redirection to the SSO login page, if SSO is configured. Therefore, in version 7.0.0 an Auto Redirect checkbox is added to the SSO Configuration page in FortiSOAR. Selecting the Auto Redirect checkbox, redirect users directly to the SSO login page or automatically logs the user into FortiSOAR in case the SSO session is active.

You can now choose to deploy your FortiSOAR license, in case of the initial deployment, or in case your FortiSOAR license has expired, from the FortiSOAR UI itself, without the need to SSH to your FortiSOAR machine. This is extremely useful if the administration does not have SSH access to the FortiSOAR machine.

Administrators can now permit only certain teams or users, based on roles, to perform certain connector actions. For example, the administrator might want to allow a "Block IP" action to be performed by only certain teams or users in the organization.
The ownership of connector configurations can also be defined, by marking the connector configuration as 'Private'; thereby, controlling who can view and execute that particular connector configuration.

The FortiSOAR version dialog now displays a Download Logs link using which you can collect logs directly from UI. Prior to version 7.0.0, log collection was only possible using CLI commands. There could be some SOC environments where SSH access to systems are very restricted and required to go through various approvals. Therefore, in such cases, collecting logs for troubleshooting or for upgrade or installation operations would become a tedious task. To ease the process of log collection, you can directly collect logs from the FortiSOAR dialog and share them with support team for further troubleshooting.

FortiSOAR users can now request for decisions or inputs from non-FortiSOAR via emails. FortiSOAR users can use the decision-based or input-based prompts in the 'Manual Input' step in playbooks and specify the email addresses of the non-FortiSOAR users from whom they want to get decisions or inputs.

Following enhancements have been made in the Collaboration Panel / Comments Widget:

• Introduced Message Threads or Nested Replies to help in keeping track of conversations and making it easier to respond to a specific thread.

• Added support for adding mentions or tagging users in comments by typing @, and then selecting the users from the displayed list.

• Added the ability to mark a comment as important.

• Added the ability to filter comments based on tags, mentions, and the importance flag.

• Option to open and expand the collaboration panel by default, on the first load of the selected module's record. Subsequent expansion/collapse is determined by the last state of the panel, maintained by each user.

• Option for enabling and disabling the recommendation tab.

The toolbar in the playbook designer has been updated to include Undo/Redo buttons so that you can reverse changes made in a playbook or restore undone changes made in a playbook. This feature is very useful while building a playbook when there is a lot of trial and back and forth to be done.

A 'Batch Size' option has been added to the 'Bulk' execution type to support batching of large number of records, by default, in the Create/Update record steps. By default, the batch size is set to 100 records. This has made it easier to bulk insert, upsert, or update records, without the need of manually batching the record list manually and running the Create/Update record steps in a reference playbook step.

Purge functionality for the executed playbook logs has been enhanced to support purging based on some complex query condition that involves multiple parameters and not just the date or days criteria.
For example, clearing logs of ingestion playbooks that have completed their execution. Being able to clear logs based on these criteria is useful since ingestion playbooks are generally scheduled and they can occupy a major chunk of playbook history in the database. Therefore, this feature provides you with an option to build desired queries for purging executed playbook logs and scheduling purging of logs based on defined query.

Configuration Import and Export Wizards have been enhanced to support the import and export of templates, installed connectors, connector configurations, widgets, teams, and users.

File replication between the master and tenant nodes has been added. Therefore, records containing the "file" type fields or records with correlations that map to modules containing "file" type fields also get replicated. For example, now you can replicate 'Alert' records that contain 'Attachments' correlations.
Now, you can also add attachments (files) to comments and those comments along with the associated files get replicated between the respective master and the tenant nodes.

You can now add visibility conditions to the fields that are displayed in the user input form, i.e., fields in the user form would be visible based on the conditions you specify. You can define visibility conditions in user prompts both when you trigger the playbook using the Manual Trigger option and also during the execution of the playbook using the Manual Input step (Input-based user prompt).

You can now use the CLI, i.e., the 'csadm source-control' command to import and export FortiSOAR configurations, such as, MMD and SVT updates along with playbooks and other required configuration changes between systems. This is required for Continuous Integration or Continuous delivery (CICD), which is a pipeline that automates of your software delivery process. The pipeline builds code, runs tests (CI), and safely deploys a new version of the application (CD).

As part of the technology stack simplification and performance improvement, FortiSOAR has replaced redis with rabbitmq for communication and message queuing within a cluster.

From version 7.0.0 onwards, the FortiSOAR UI will display a notification when a new release (always the latest) is available. The notification also contains a link to that version's release notes so that you can get details about the latest available release. This keeps users informed about the latest releases and then users can make informed decisions about upgrading to the latest available version.

• The 'Relationships Single Line Card' widget has been enhanced to make it more intuitive and represent relationships in a user-friendly way. You can now link new records from the rendered widget, and also display more fields using this widget with greater control over the layout of the fields.

• The 'Tabs' widget has been enhanced to enable you to add a description or sub title to the tabs that are marked as "primary".

• A new widget named 'Featured Relationship' is added to the Primary Detail widget. This widget displays a single related record, which is usually utilized to show any active war room or other investigation.

• Enhanced the "Row" structure widget to include a left-hand or right-hand side "Collapsible Sidebar". Using Collapsible Sidebars, you can expand or collapse the available sidebar space and optimize the available space.

System monitoring has been enhanced to include information about the processes that are consuming the most memory information in the email that is sent in the case of high CPU consumption. Earlier, the email would just say that the CPU consumption is high and has reached or breached the set threshold levels.

Enhanced the audit and system logs to include fields such as deviceid (devid), virtual domain name (vd), severity level of the event (level), etc. that provide information about your FortiSOAR system.

Added support to backup and restore the data of your external Secure Message Exchange (SME) system using the csadm db --backup [<backup_dir_path>] and csadm db --restore [<backup_file_path> commands.

A new license type named Perpetual (Trial) has been introduced for FortiSOAR, which will be displayed on both the FortiSOAR UI and on the CLI when you use the csadm license --show-details command. This type of license provides you with a free unlimited time license for FortiSOAR, but in a limited context, i.e., with restrictions on the number of users and actions that can be performed in FortiSOAR in a day. By default, this license is an "Enterprise" type license and is restricted to 3 users using FortiSOAR for a maximum of 200 actions a day.

The following built-in widgets have been added in the 7.0.0 release:

• Task Management: Use this widget to manage tasks and gain visibility into the current task board.
• Record Summary: Use this widget to showcase the highlights or summary of a particular record. This widget houses multiple utility widgets within it that allow for customized uses.
• Access Control: Use this widget to change or update the teams or users that have access to records.

The following built-in connectors have been updated in the 7.0.0 release:

• Utilities connector updated to version 3.1.0

• IMAP connector updated to version 3.5.6

• SMTP connector updated to version 2.4.1

For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article.