FortiAnalyzer 7.2.2 - B&B Bezpieczeństwo w biznesie

Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla FortiAnalyzer w wersji 7.7.2. W nowszej wersji zniwelowano problem z błędnym wyświetlaniem poprawnych adresów IP i wersji oprogramowania dla zarejestrowanych urządzeń FortiGate. Ponadto naprawiono powiadomienie zdarzeń przy wykorzystywaniu adresu e-mail – problem był związany z nieprawidłową nazwą urządzenia. Po więcej informacji, zapraszam do dalszej części artykułu.

Aktualnie wspierane modele:

FortiAnalyzer

FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-800G, FAZ-1000F, FAZ-2000E,

FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, and FAZ-3700G.

FortiAnalyzer VM

FAZ_DOCKER, FAZ_VM64, FAZ_VM64_ALI, FAZ_VM64_AWS, FAZ_VM64_AWSOnDemand, FAZ_VM64_Azure, FAZ_VM64_GCP, FAZ_VM64_IBM, FAZ_VM64_HV (including Hyper-V 2016, 2019), FAZ_VM64_KVM, FAZ_VM64_OPC, FAZ_VM64_XEN (for both Citrix and Open Source Xen),

Rozwiązane problemy:

Device Manager

Bug ID	Description
798197	Under the Device Manager, FortiAnalyzer does not show the color of the logging devices properly (red or green).
819664	Under Device Manager, Average Log Rate is displayed zero for FortiGates HA Cluster.
824296	FortiAnalyzer does not show the „root VDOM” under its Device Manager.
827276	FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.
833448	The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
835653	The FortiGate’s IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
837310	FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.
838727	Log Status of the Devices are displayed red when the Primary has a zero lograte.
846904	Under the Device Manager, the Average Log Rates are not displayed.

Event Management

Bug ID	Description
825422	FortiAnalyzer Event Handler does not trigger any alerts when Log Field has been set to Virtual Domain (vd).

FortiSOC

Bug ID	Description
757650	Wrong device name (devname) is filled in event email notification.
775589	FortiAnalyzer does not provide any details on status of Fabric Connectors.
833991	FortiOS connector does not display health status of the Security Fabric members.
848284	Despite having relevant event logs, created playbook does not get triggered.
849070	Playbook runs successfully on the FortiAnalyzer, but there is not any stitches triggered on the FortiGate.

FortiView

Bug ID	Description
727056	SD-WAN Monitor may show incorrect bandwidth.
744791	„Failed Authentication Attempts” logs under the System tab of FortiView are blanks.
798347	The Filter in FortiView does not properly work for Compromised Hosts.
798471	Top SD-WAN Device Throughput widget is displaying wrong numbers.
818077	Top application axis labels are not displayed correctly in Monitor section.
841717	The Data displayed on FortiView is inconsistent with the exported „Top Website Domains” PDF report.
856094	Browsing time displayed „0s” for 'streaming media and download’ category in the 'Top Website Categories’ under the FortiView’s 'Applications & Websites’ tab.

Log View

Bug ID	Description
696451	Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination set to FortiAnalyzer.
797985	After downloading the IPS logs, the „cve field” is missing.
816490	In Log Browse, for HA devices, only primary device’s log files are displayed .
836777	When admin profile is set as „Read-Only”, Add Filter under the LogView/FortiView displays no fields.
837554	The Fabric log contains „::ffff:” prefix in front of the value of any IPv4 related fields.
839350	Devices’ entries under the Log Group of the Log View are not displayed.
855783	FortiAnalyzer event log file cannot be downloaded in CSV format.

Others

Bug ID	Description
779943	High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
809133	Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
818118	Logs between HA members are not synched.
822619	Missing values when retrieving logstats using the JSON API requests.
825927	FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
827787	The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
829869	When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
837657	Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
838031	FortiAnalyzer GUI does not display the „Rebuilding ADOM DB” in progress anymore.
839910	The `diagnose test application oftpd` command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
841622	FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.
845871	FortiAnalyzer stopped accepting logs and status of the devices turned into red.
846315	FortiAnalyzer does not display ADOM FortiNAC.

Reports

Bug ID	Description
704187	„Bandwidth and Application” Report’s data does not match with the Top Application data on FortiView.
722233	The generated report does not display data but its dataset query contains data.
764194	Playbooks run_report fails with „missing device(s)” if „Playbook Starter” as devices filter is selected.
768843	FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.
771072	Secure SD-WAN CSV report does not show device names for charts.
788801	„Throughput utilization billing report” does not display the complete data for the „yesterday” time-period.
835422	FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
837395	„Show Top” & „Drilldown Top” preview features under the „Edit Chart” do not display the chart based on the selected values.
841750	The report does not display any data for its tables.
844563	Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
844975	The command „`execute remove reports`” does not remove the reports.
848573	When specifying FortiWiFi as devices, „SD-WAN Device Link Bandwidth” and „SD-WAN Device Rules Donut Bandwidth” charts do not display any data.

System Settings

Bug ID	Description
478401	FortiAnalyzer shows an unnecessary warning message „Analytic is using 0% of allocated disk space”, which can be very confusing.
630654	Imported logs may not sync to slave.
752111	Traffic, Security, and Event logs section under the Log View tab are missing for Primary HA.
759601	FortiAnalyzer using Azure AD SAML SSO may show „invalid_logout_response_error” after logout.
782431	SNMPv3 stopped working after upgrading.
803074	The sorting feature does not work correctly for storage info columns under the System Settings.
817558	Log Forwarding/Device filter window does not allow users to save/cancel the changes.
829015	„Privacy Masking” feature does not work properly for admins whose admin type utilizes „Remote Authentication Server”.
832973	Analytics and Archive details are missing from „Edit Log Storage Policy”.
837203	Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
842943	After upgrading FortiAnalyzer, „fortinet-ca2” is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.
849824	Under the Event’s System logs, Adding Filter „Fortiguard web filter services are NOT reachable” does not display any logs.

Notatki producenta: FortiAnalyzer 7.2.2

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 2 107

7.2.2 FortiAnalyzer FortiAnalyzer 7.2.2