Producent oprogramowania Fortinet udostępnił najnowszą aktualizacją dla FortiSIEM o oznaczeniu 7.0.0. Dzięki aktualizacji, zostały wprowadzono nowe funkcje analizy bezpieczeństwa, takie jak analiza zachowań użytkowników, wykrywanie anomaliach i identyfikacja zagrożeń w czasie rzeczywistym. Ponadto, dodano wsparcie dla integracji z platformą usług cloudowych Amazon Web Services (AWS) i Microsoft Azure, co pozwala na monitorowanie i analizę zabezpieczeń w chmurze. Po więcej informacji, zapraszam do dalszej części materiału.
Rozwiązane problemy:
| Bug ID | Severity | Module | Description |
|---|---|---|---|
| 885349 | Major | App Server | FortiGuard Malware URL entries with special characters may result in App Server exceptions, which may fill up disk and the Supervisor may stop. |
| 885206 | Major | App Server | User may not be able to login to FortiSIEM Manager, due to excessive incident updates from instances. |
| 880937 | Major | App Server | When customer has user defined parsers, parser order may change unexpectedly after content update or regular upgrade. |
| 891289 | Minor | App Server | In notification email, Identity and Location lookup data is merged across organizations. |
| 879916 | Minor | App Server | Unable to view adhoc queries from the Query Status tab when the online storage is Elasticsearch. |
| 877909 | Minor | App Server | In CMDB > Device, items cannot be sorted globally. |
| 869411 | Minor | App Server | Schedule CMDB Report is blank, if Copy to remote host option is chosen and email setting is not configured. |
| 865069 | Minor | App Server | For a user defined via AD Group Role, the manually added Contact information will be deleted after user logs out. |
| 859557 | Minor | App Server | Unable to delete user defined Dashboard Slideshow in super/global and orgs. |
| 851691 | Minor | App Server | CMDB Report: Sometimes the returned number of rows may depend on the combination of display columns used. |
| 843342 | Minor | App Server | Incident Title and name are empty for auto clear incidents triggered by OSPF Neighbor Down Rule. |
| 840694 | Minor | App Server | AGENT method disappears from CMDB Discovery Method column when SNMP discovery is re-ran. |
| 803284 | Minor | App Server | Customer defined Default email sender in Notification Email gets overwritten after upgrade. |
| 797247 | Minor | App Server | A user that logs in via AD Group Role config cannot change the Date Format. |
| 795247 | Minor | App Server | A CMDB Device Groups can be deleted if there are devices belonging to this group. |
| 749788 | Minor | App Server | Delete/Edit CMDB AD User groups with 100k users fails with 'Undefined’ error. |
| 799463 | Minor | Data Purger | Detect when Elasticsearch Alias is not created, and then try to create again. |
| 817151 | Minor | Disaster Recovery | When removing Disaster Recovery (DR) from cluster, cloud health page is not cleaned up; it contains the old cluster data. |
| 876027 | Minor | Discovery | FortiGate discovery API fails due to missing 'status’ parameter on one of the API calls. |
| 801608 | Minor | Discovery | SNMP SysObjectId cannot be applied when a system defined 'Device Type’ is used. |
| 892781 | Minor | Event Pulling Agents | Failed to Pull ELB forwarded logs using AWS-S3-WITH-SQS. |
| 862020 | Minor | Event Pulling Agents | Generic HTTPS Advanced Poller incorrectly sets lastPollTime window to local time instead of UTC. |
| 788696 | Minor | Event Pulling Agents | Azure Compute not working to government cloud; No Azure instance found. |
| 690309 | Minor | Event Pulling Agents | Unable to receive logs from Cloud-based Endpoint Solutions such as Bitdefender GravityZone via API. |
| 912165 | Minor | GUI | Interface Usage Dashboard: Wrong interface values are mapped when selecting interfaces from second table. |
| 897192 | Minor | GUI | When sorting a column in a Resource folder, then going to another Resource folder without that column, a Query Exception will occur. |
| 895959 | Minor | GUI | Searching function in Parser XML Editor does not work properly. |
| 885293 | Minor | GUI | Users are incorrectly redirected to 'Password reset page’ even though password is still valid. |
| 881317 | Minor | GUI | Some UEBA tags are not applied. |
| 862834 | Minor | GUI | Application Monitoring does not show the correct message when you click on Monitor from CMDB. |
| 860518 | Minor | GUI | In Incident List View, switching incidents before trigger event query finishes will show the old incident’s triggered events. |
| 847236 | Minor | GUI | Kafka Configuration – GUI shows an error when hostname is being saved as a Kafka broker. |
| 845231 | Minor | GUI | Elasticsearch Query that uses 'CONTAIN’ with value ending with '\’ will not complete. |
| 807427 | Minor | GUI | Incident HTTP notification test fails due to ’:’ in protocol string. |
| 806694 | Minor | GUI | Collector health page does not update 'collector type’ column when the value has changed. |
| 796076 | Minor | GUI | In org level, Admin > Device Support > Device Apps -> Group list shows natural ID of custom group instead of Display names. |
| 792520 | Minor | GUI | Bar color in CMDB> Devices> Summary> Health Overview does not match with thresholds. |
| 791298 | Minor | GUI | VirusTotal connector does not complete when adding 'relationship to include’ drop down. |
| 853461 | Minor | Linux Agent | Linux Agent fails to start up when IPv6 is disabled on Ubuntu 20.04.5. |
| 905514 | Minor | Parser (Data) | FortiGateParser stopped recognizing some FGT messages because of unexpected devid format in log. |
| 893761 | Minor | Parser (Data) | WinOSWmiParser parses different 'Process Name’ for Security 4624 event. |
| 889725 | Minor | Parser (Data) | PaloAltoParser does not parse Source IP, Reason & User for PAN-OS-SYSTEM-generic. |
| 886338 | Minor | Parser (Data) | FortiGate parser update because of new devid format. |
| 884941 | Minor | Parser (Data) | FortiNAC parser needs to be extended. |
| 877268 | Minor | Parser (Data) | Event Type 'Google_Apps_moderator_action_add_user’ needs to have more attributes to be parsed. |
| 869873 | Minor | Parser (Data) | FortiWeb Event Types contains incorrect description. |
| 865141 | Minor | Parser (Data) | Microsoft NPS event not fully parsed. |
| 863302 | Minor | Parser (Data) | 3 Event Types have severity above 10. |
| 846007 | Minor | Parser (Data) | Parsed event type 'SentinelOne-EPP-Generic’ missing event attributes. |
| 842119 | Minor | Parser (Data) | File Name’ attribute incorrect or blank for FortiSandbox Syslog. |
| 840182 | Minor | Parser (Data) | WinOSWmiParser does not parse events with id 18456, if there is no user defined at the raw event log. |
| 811131 | Minor | Parser (Data) | CiscoIOS Parser has an unknown event. |
| 809815 | Minor | Parser (Data) | Palo Alto Threat ID 34261 miscategorized. Should be for cobalt strike, not a benign definition. |
| 798684 | Minor | Parser (Data) | Parse Cisco AMP for Endpoints API V0 raw logs for more information. |
| 754074 | Minor | Parser (Data) | Update Microsoft Network Policy Manager Parser for Windows Agent Collection. |
| 907902 | Minor | Performance Monitoring | Custom Perf Monitors always returns numerical data as DOUBLE, even when it is specified to be of a different data type. |
| 898371 | Minor | Performance Monitoring | Fail to monitor WebLogic 12c memory. |
| 871853 | Minor | Query | PctChange function is not working. |
| 861224 | Minor | RuleWorker | phRuleWorker randomly crashes due to possible memory corruption. |
| 876849 | Minor | System | For Disaster Recovery in EventDB based deployments, if NFS takes a long time to respond, replication health page responds incorrectly. |
| 874222 | Minor | System | FortiSIEM install fails since Red Hat hypervisor is not explicitly supported in install scripts. |
| 867999 | Minor | System | Changing the IP of the Supervisor using configFSM.sh will cause svn_url to change to repos/cmdb/. |
| 857752 | Minor | System | Include all cert formats during the Upgrade certificate backup and restore procedures. |
| 729023 | Minor | System | SQLite header and source version mismatch causes upgrade failure. |
| 881225 | Minor | Windows Agent | Unable to collect Windows DHCP logs with traditional Chinese characters in DhcpSrvLog-Mon.log. |
| 799857 | Minor | Windows Agent | XML key is truncated in Windows security events 1202/1203. |
| 856691 | Enhancement | Data | For the scenario – Administrator is added to FortiGate, the event type should be properly parsed and a rule should be created. |
| 814287 | Enhancement | DataPurger | Enhance Elasticsearch Event Export tool phExportESEvent to include org ID as an argument. |
| 814145 | Enhancement | Event Pulling Agents | Support Gzip compressed files on HTTP POST feature. |
| 813609 | Enhancement | Event Pulling Agents | Support Tenable Nessus Security Scanner via Nessus10 API. |
| 796857 | Enhancement | GUI | Support LookupTableGet() and event attribute on right side of Filter condition. |
| 796453 | Enhancement | GUI | Azure EventHub integration missing mapping to organization. |
| 878826 | Enhancement | Linux Agent | Add support for Ubuntu 22.04 LTS. |
| 868661 | Enhancement | Linux Agent | Add support for CentOS 9, RHEL 9 and Rocky Linux 9. |
| 871607 | Enhancement | Parser (Data) | Extend FortiDeceptor parser to include MITRE ATTACK TTP information. |
| 845671 | Enhancement | Parser (Data) | Event Severity’ is not being parsed and evaluated properly in the KasperskyParser. |
| 811438 | Enhancement | Parser (Data) | Add support for cronyd events. |
| 802206 | Enhancement | Parser (Data) | Add parser for TSV formatted Zeek log. |
| 845685 | Enhancement | System | Unable to update FortiSandbox Malware Hash and URL In STIX v2 format. |
Notatki producenta: FortiSIEM 7.0.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie