Fortinet publikuje nową wersję oprogramowania dla FortiAnalyzer, w poprzedniej wersji 6.0.3 dodano kilka nowych Event Handlerów, służących do wykrywania złośliwych plików, aplikacji o wysokim ryzyku, czy wykrywanie złośliwego miejsca docelowego lub wykrywanie podejrzanych plików. W nowej wersji producent załatał wiele dziur i błędów w działaniu aplikacji o czym możemy przeczytać w release notes udostępnionych przez Fortinet. Zachęcamy do lektury jak i do aktualizacji urządzeń!
Rozwiązane problemy:
Bug ID Description
502046 FortiAnalyzer stops responding to GUI access and many services are in Z state.
523055 FortiView takes very long to show the Policy Hit count chart.
524136 Report IOC blacklist provides different output than FortiView IOC.
516098 Real-time view for all devices does not show any data and returns no records found.
519683 Automatically uploading reports to SFTP fails for some reports with error message that the action „is abandoned because of file not exist!”.
404298 The free-text filter for log forwarding does not work on syslog that does not follow a specific format.
517724 Dashboard widget „System Resources” shows wrong output for the time period.
514656 The SNMP OID „hrStorageUsed” might report incorrect value.
515686 The sqllogd daemon crashes on processing certain text logs with long fields.
512413 Malformed compact v3 log may cause daemon to crash due to log parsing error.
523445 FortiView on FortiOS reports unrealistically high traffic counters for sources with long-lived sessions.
517559 FortiAnalyzer has multiple scheduled reports across multiple ADOMs that do not run as scheduled.
510401 Date format change is not applied to Chart when type is Area or Line.
518346 Export to report stuck at 5% after drill down under Top Browsing Users.
Znane problemy do rozwiązania:
Bug ID Description
524252 Event Management’s Handler may not be able to trigger IPS alert when receiving anomaly logs from FortiGate v6.0 devices.
528395 Deleting a device from Device Manager removes report’s device filter and defaults the filter selection to all.
529518 Users may not be able to view the Configured From & To header information in the Output Profile under Report.
530217 When the time zone on the FortiGate is set as „(GMT +5:00) Ekaterinburg”, 'dtime’ on FortiAnalyzer database is one hour ahead.
531343 FortiAnalyzer show incorrect source IP when unmasking a masked username.
531843 DLP file archived to FortiAnalyzer is not readable.
519791 Cannot manually add FortiAuthenticator 5.4 and 5.5.
Workaround: Configure FortiAuthenticator to send logs to FortiAnalyzer, and then go to FortiAnalyzer to register the FortiAuthenticator device.
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
