Fortinet opublikował nową wersję oprogramowania dla produktu FortiAnalyzer ! Aktualizacja obejmuje firmware z rodzin 5.4, 5.6, 6.0 oraz 6.2. Nowa wersja oprogramowania ma na celu wyeliminowanie podatności opisywanej przez nas tutaj. Producent nie wprowadził nowych funkcjonalności w oprogramowaniu poza jednym, o numerze wersji 6.2.1. Jeśli korzystacie ze starszych wersji firmware’u koniecznie przeprowadźcie aktualizację Waszych urządzeń bądź maszyn wirtualnych!
Nowość w 6.2.1:
Dodano nowe domyślne obiekty obsługi zdarzeń (Event Handler) – FortiSandbox
Nowe obiekty obsługi zdarzeń zostały dodane do ADOM Fabric w celu obsługi zdarzeń FortiSandbox dla występków związanych ze złośliwym oprogramowaniem i systemem.
Default-FortiSandbox-Malware-Handler
Default-FortiSandbox-System-Handler
Domyślne obiekty obsługi zdarzeń w FortiSandbox i Fabric ADOM są domyślnie wyłączone:
Przykładowe zdarzenia wyzwalane przez nowe Event Handlery:
Rozwiązane problemy w FortiAnalyzer 6.2.0:
| Bug ID | Description |
|---|---|
| 405484 | „Attack Name” data in „Top Attacks” chart is missing XML, CSV, and CLI formats. |
| 523875 | Two FortiAnalyzer units receiving the same logs are showing sometimes significantly different log receive rates in the GUI. |
| 523886 | ADOM override may not be applied correctly for the log section. |
| 524097 | When viewing or editing ADOM quotas in Storage Info, the frame may need 10 to 15 seconds to load. |
| 526167 | Subnet filter should be supported in real time log view and it should not return „no entry found”. |
| 527075 | Collector mode Log View with log forwarding enabled may return „No entry found”. |
| 527076 | Application name in FortiView is truncated if _ is used in the service name. |
| 532728 | Threat Map is not displayed due to missing longitude and latitude configurations in Device Manager for a FortiGate. |
| 540000 | The number of log fields for FortiManager event logs displayed in FortiAnalyzer’s Log View is less as compared to FortiManager. |
| 541820 | The bandwidth-app-Top-Dest-By-Bandwidth-Sessions dataset should not split similar destinations into two different distinct destinations. |
| 542475 | FortiView > Traffic > Policy Hits shows a mix of policy name and policy ID. |
| 544197 | VDOM name may be missing a digit when adding a device with a long name. |
| 545509 | Remote logging towards FortiAnalyzer should not saturate the number of admin logins on a MBD/FPC slot. |
| 547904 | Cluster Members status may be showing both nodes as connection down. |
| 548841 | Add command on FortiAnalyzer to breakdown lograte by ADOMs. |
| 549915 | Completed reports with long names are not being displayed under Report Folders. |
| 550235 | FTPS protocol should have archive data link for DLP. |
| 552610 | FortiAnalyzer cannot save email address in the „From” field on Incidents & Events when TLD has five or more characters. |
| 552614 | The „Log Insert Lag Time” widget may not show data, creating cut-offs on the graph. |
| 553500 | Log forwarding with „All” device filter may stop after upgrade. |
| 554116 | FortiAnalyzer may not be able to receive logs from FortiGate 5.6 cluster. |
| 554345 | FortiAnalyzer may consistently generate event logs stating „Did not receive any log” for devices that changed from standalone to HA. |
| 554890 | Log events should consistently end with a dot (.) delimiter. |
| 555944 | FTP upload should be working at the specified time defined for upload. |
| 556523 | FortiGate running 5.4 may close OFTP connection to FortiAnalyzer 6.2. |
| 557407 | Automatic Quarantine may not be applied to FortiSwitch. |
| 558084 | FortiAnalyzer should not generate logs stating „Can not find user:admin when running report:1000060025”. |
| 558348 | FortiAnalyzer is showing inconsistency in the listed report owner when cloning and importing a report. |
| 559662 | Report configuration may not be saved because wildcard admin user name is too long. |
| 562220 | The „diagnose dvm check-integrity” command may not be able to fix errors caused by missing device databases. |
| 564610 | With ADOMs disabled, predefined scheduled reports still run on non-root ADOMs. |
| 566495 | After added log facility for log-forward setting via CLI, the change may not reflected in log data. |
Rozwiązane problemy w FortiAnalyzer 6.0.5:
| Bug ID | Description |
|---|---|
| 147919 | Add upgrade path to FortiAnalyzer 6.0.6. |
| 527616 | FortiAnalyzer may stop accepting logs and require manual restarting of the OFTPD process. |
Znane problemy do rozwiązania w FortiAnalyzer 6.2.1:
| Bug ID | Description |
|---|---|
| 540766 | The new HA master cannot receive logs after HA failover on Azure. |
| 541346 | In Fabric ADOM, if handler is for non-FortiGate devices, drill-down of an event is not properly displayed. |
| 542286 | HA cannot work on unicast mode when members are located in different subnets. |
| 542606 | Local device event alerts should not be synchronize from HA Master to Slave. |
| 542607 | Drill-down of Applications & Websites – Top Web Sites (FortiClient) always shows No entry found. |
| 544064 | The firewall sessions chart should be a bar chart classified by devices in the FortiCare 360 report. |
| 544071 | Network Interface Availability Faults Over Time Chart should be classified by devices in the FortiCare 360 report. |
| 546073 | When camera IP address is changed to Static mode, FortiRecorder identifies it with an incorrect address. |
| 547496 | When report is ran for a particular device, it should show data for only that device. |
| 548112 | After enabled resolving IP address, FortiView is not showing hostname on the column „Destination” in „Top Destinations” table. |
| 548201 | Under FortiView, it is missing the column „# of Clients” in the „Top Applications” table chart. |
| 548826 | In SOC Monitor, FortiAnalyzer cannot show Sandbox Execution Details clearly in Night/Ocean theme. |
| 548866 | Master unit in FortiAnalyzer HA Cluster responds with VIP only for SNMP traffic. |
| 548872 | The footer in FortiAnalyzer report cover page is set to transparent and it does not work the same way as it was in previous releases. |
| 548974 | Under FortiView, policy-info is updated when moving FortiGate to a different ADOM. |
| 549243 | In Top SSID drill-down view, it cannot show related logs for a WiFi client. |
| 549459 | FortiCam network setting to TCP/HTTP results in connection error or network unreachable. |
| 549481 | Export to report chart from drill down panel in NOC fails. |
| 549739 | After upgrade, widgets displayed size are not scale with the content. |
| 550276 | First time adding a new camera always shows unexpected MAC address. |
| 550570 | IOC drill down view shows incorrect last detect time. |
| 550894 | Quickly switching from Top Threat to Top Application leads to SQL query error. |
| 554321 | History Graph may not change in drill-down Panel when you change the sorting. |
| 560426 | Multiple process may crash causing low insertion log rate and and missing Log View tab. |
| 562540 | FortiAnalyzer is missing IO statistics in diagnostics report. |
| 562834 | On FortiView’s Top Sources, trying to filter logs for „Source !=x.x.x.x” adds a filter for „-User” causing incorrect data to be displayed. |
| 563418 | FortiView’s Time Range may not be updated when using the refresh button. |
| 563514 | Event may not work properly for FortiSandbox |
| 564577 | FortiView’s Top Browsing Users may not show all users. |
| 565778 | FortiAnalyzer may show an empty dashboard for SOC website when webfilter logs exist. |
| 566609 | Filters in Log View may not work properly with Edge. |
| 566873 | After enabled Privacy Masking, Incidents & Events shows unmasked data when double-click on a specific Event. |
| 569766 | Reports on FortiAnalyzer may not provide correct information for Bandwidth calculations. |
| 569811 | Drill-down in Authorized APs may not work correctly with the merge of FortiView and NOC-SOC. |
| 569841 | Admin users should be able to view logs when remote admin is authenticated as Realm/admin. |
Znane problemy do rozwiązania w FortiAnalyzer 6.0.6:
| Bug ID | Description |
|---|---|
| 542774 | Upgrading from 5.2 to 5.6 may break Log aggregation if password contains the special character ($). |
| 542933 | FortiView may not search logs for the time entered in custom time. |
| 543259 | Error checking should prevent administrator from being able to incorrectly configure log forwarding with same IP address of FortiAnalyzer. |
| 545197 | Device Manager’s log rate may be displayed incorrectly for a FortiGate HA cluster. |
| 548872 | FortiAnalyzer Report Cover Page footer display set to transparent may not work the same way as previous releases. |
| 550116 | FortiAnalyzer may intermittently not sending reports to Email as per the configured schedule. |
| 552067 | FortiAnalyzer may show the error, „authorization failed for restapi request OFTP_RESTAPI_GENERIC_REQ”, in the event log. |
| 552613 | There may not be abnormal behavior using the space character in Advanced Search field. |
| 553495 | FortiAnalyzer may show Web Server 404 Error when trying to download a report. |
| 554201 | FortiAnalyzer may not be able to import reports when re-creating an ADOM with the same name. |
| 554345 | System may generate the error message, „Did not receive any log from device <device-name> in xxxx minute for device changed standalone to ha”. |
| 554480 | GDPR user can open the log browse and the Source columns are not masked within the log file. |
| 554890 | Syslog forward as syslog reliable miss end delimiter (0x0a) between logs. |
| 555907 | FortiAnalyzer may not successfully run all scheduled reports. |
| 556106 | FortiGate ADOM should not access the blocked web sites statistic from non-FortiGate devices. |
FortiAnalyzer 6.2.1 – notatki producenta
FortiAnalyzer 6.0.6 – notatki producenta
FortiAnalyzer 5.6.9 – notatki producenta
FortiAnalyzer 5.4.7 – notatki producenta
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie