New features and enhancements
Feature | Details |
---|---|
Introduced the FortiSOAR Mobile Application |
The FortiSOAR mobile application is an extension to the FortiSOAR's Web interface, which facilitates important and urgent actions such as immediate approvals, notifications, critical actions on the go, and viewing and reassigning records. |
Introduced War Rooms |
War rooms enable SOC teams to get into a collaborative space to mitigate a critical cyber threat scenario or campaign. FortiSOAR makes it easy for analysts to quickly provision a War Room and ensures that the task force is well-equipped to handle and coordinate all aspects of critical situations. FortiSOAR enables stakeholders to analyze and collaborate to quickly mitigate the threat. |
Added ML-based clustering recommendation strategy to the 'Recommendation Engine' |
The Recommendation engine adds the Machine-learning (ML) based clustering strategy as one of its recommendation strategies. The ML-based clustering strategy trains the ML engine using the data existing on your FortiSOAR instance to recommend similar records and predict and assign field values in records. |
Introduced the "Connector Wizard" |
You can create your own connector or edit an existing connector as per your requirements, using the "Connector Wizard" present in the FortiSOAR UI. |
Added support for activating the FortiCare trial license for FortiSOAR |
You get a free trial license for an unlimited time for FortiSOAR per FortiCare account, i.e., if you have a FortiCare account, you can get FortiSOAR for free and for an unlimited time, but in a limited context. This license is an "Enterprise" type license and is restricted to 3 users using FortiSOAR for a maximum of 200 actions a day. |
Added SSO Auto Redirect Support |
Prior to version 7.0.0, users required to click the Use Single Sign On (SSO) link to get redirected to the SSO login page or login using SSO active session. However, there are some organizations that have policies, which require direct redirection to the SSO login page, if SSO is configured. Therefore, in version 7.0.0 an Auto Redirect checkbox is added to the SSO Configuration page in FortiSOAR. Selecting the Auto Redirect checkbox, redirect users directly to the SSO login page or automatically logs the user into FortiSOAR in case the SSO session is active. |
Added support for deploying the FortiSOAR license from the FortiSOAR UI |
You can now choose to deploy your FortiSOAR license, in case of the initial deployment, or in case your FortiSOAR license has expired, from the FortiSOAR UI itself, without the need to SSH to your FortiSOAR machine. This is extremely useful if the administration does not have SSH access to the FortiSOAR machine. |
Added support or Role-based Access Control for connector actions |
Administrators can now permit only certain teams or users, based on roles, to perform certain connector actions. For example, the administrator might want to allow a "Block IP" action to be performed by only certain teams or users in the organization. |
Added support for log collection using FortiSOAR UI |
The FortiSOAR version dialog now displays a Download Logs link using which you can collect logs directly from UI. Prior to version 7.0.0, log collection was only possible using CLI commands. There could be some SOC environments where SSH access to systems are very restricted and required to go through various approvals. Therefore, in such cases, collecting logs for troubleshooting or for upgrade or installation operations would become a tedious task. To ease the process of log collection, you can directly collect logs from the FortiSOAR dialog and share them with support team for further troubleshooting. |
Enabled FortiSOAR users to request decisions and inputs from non-FortiSOAR users via emails |
FortiSOAR users can now request for decisions or inputs from non-FortiSOAR via emails. FortiSOAR users can use the decision-based or input-based prompts in the 'Manual Input' step in playbooks and specify the email addresses of the non-FortiSOAR users from whom they want to get decisions or inputs. |
Mandated password change for the 'csadmin' users on first FortiSOAR login | The 'csadmin' user is now mandated to change their FortiSOAR default password during their first login. This enhances the security of your csadmin account and prevents unauthorized parties from accessing the administration account for FortiSOAR. |
Enhancements made in the Collaboration Panel / Comments Widget |
Following enhancements have been made in the Collaboration Panel / Comments Widget:
|
Added support for Undo and Redo buttons and shortcuts in the playbook designer |
The toolbar in the playbook designer has been updated to include Undo/Redo buttons so that you can reverse changes made in a playbook or restore undone changes made in a playbook. This feature is very useful while building a playbook when there is a lot of trial and back and forth to be done. |
Added support to bulk insert, upsert, or update records in batches |
A 'Batch Size' option has been added to the 'Bulk' execution type to support batching of large number of records, by default, in the Create/Update record steps. By default, the batch size is set to 100 records. This has made it easier to bulk insert, upsert, or update records, without the need of manually batching the record list manually and running the Create/Update record steps in a reference playbook step. |
Added support for purging of executed playbook logs based on criteria other than day or date |
Purge functionality for the executed playbook logs has been enhanced to support purging based on some complex query condition that involves multiple parameters and not just the date or days criteria. |
Enhanced the Configuration Import and Export Wizards |
Configuration Import and Export Wizards have been enhanced to support the import and export of templates, installed connectors, connector configurations, widgets, teams, and users. |
Support for replicating files between the master and tenant nodes |
File replication between the master and tenant nodes has been added. Therefore, records containing the "file" type fields or records with correlations that map to modules containing "file" type fields also get replicated. For example, now you can replicate 'Alert' records that contain 'Attachments' correlations. |
Support for adding visibility conditions in Manual Triggers and Manual Inputs |
You can now add visibility conditions to the fields that are displayed in the user input form, i.e., fields in the user form would be visible based on the conditions you specify. You can define visibility conditions in user prompts both when you trigger the playbook using the Manual Trigger option and also during the execution of the playbook using the Manual Input step (Input-based user prompt). |
Added support for importing and exporting FortiSOAR configurations between systems using the CLI |
You can now use the CLI, i.e., the ' |
Replaced Redis with RabbitMQ for communication within a cluster |
As part of the technology stack simplification and performance improvement, FortiSOAR has replaced redis with rabbitmq for communication and message queuing within a cluster. |
Introduced display of upgrade notifications on the FortiSOAR UI |
From version 7.0.0 onwards, the FortiSOAR UI will display a notification when a new release (always the latest) is available. The notification also contains a link to that version's release notes so that you can get details about the latest available release. This keeps users informed about the latest releases and then users can make informed decisions about upgrading to the latest available version. |
Enhancements made to Widgets |
|
Enhanced System Monitoring |
System monitoring has been enhanced to include information about the processes that are consuming the most memory information in the email that is sent in the case of high CPU consumption. Earlier, the email would just say that the CPU consumption is high and has reached or breached the set threshold levels. |
Enhanced Audit and System Logs |
Enhanced the audit and system logs to include fields such as deviceid (devid), virtual domain name (vd), severity level of the event (level), etc. that provide information about your FortiSOAR system. |
Added support for backup and restore of external SME data |
Added support to backup and restore the data of your external Secure Message Exchange (SME) system using the |
Added a new license type for FortiSOAR |
A new license type named Perpetual (Trial) has been introduced for FortiSOAR, which will be displayed on both the FortiSOAR UI and on the CLI when you use the |
Added new Widgets to the Widget Library |
The following built-in widgets have been added in the 7.0.0 release:
|
Updated built-in connectors |
The following built-in connectors have been updated in the 7.0.0 release:
For more information on FortiSOAR Built-in connectors, see the "FortiSOAR™ Built-in connectors" article. |