Fortinet publikuje nową wersję oprogramowania dla FortiAnalyzer, oznaczoną numerem 6.2.0! Producent w najnowszej wersji wprowadza sporo poprawek i nowych funkcjonalności, na przykład nowy moduł Asset & Identity w sekcji Fabric View, umożliwiający administratorom przeglądanie szczegółowych informacji UEBA, które są zbierane z logów. Oprócz przeglądania bazy danych zasobów i tożsamości administratorzy mogą zarządzać rekordami i dostosowywać kolejność wyświetlania i priorytet różnych atrybutów. Oprócz tego pojawiły się między innymi nowe event handlery dla urządzeń FortiMail oraz FortiWeb. Poza tym Fortinet zaimplementował możliwość backupu danych (logów) bezpośrednio do chmury (Amazon, Azure, Google Cloud). Zapraszamy do lektury!
Nowości w wersji 6.2.0:
- Expanding Fabric
- Fabric Connectors
- Advanced Threats
- SOC Adoption
- Event Handler – Common Address Table for Inclusion / Exclusion
- Event Handler – Additional Info and Customization
- Event Handler – Export/Import
- SOC Dashboard: FortiClient Inventory
- Incident Timeline
- Report – SOC Daily Operations
- Charts – FortiExtender Event Timelines
- Intelligent and Customizable Event Filtering
- Consolidate Event Handlers for FortiGate System Events
- Consolidate Event Handlers for FortiGate Security (UTM) Events
- Report – Email Risk Assessment
- Compliance
- UX / Usability
- Other
Rozwiązane problemy:
Bug ID Description
| 404298 | The free-text filter for log forwarding does not work on syslog that does not follow a specific format. |
| 405993 | FortiAnalyzer models FAZ-300D and FAZ-400E fail to download the geoip database. Consequently, these FortiAnalyzer models will not be able to get site’s location by IP address and show them on maps. |
| 442713 | Regular searches for strings that contain a space character combined with an „OR” operation returns a blank result. |
| 501805 | When a user configures FortiAnalyzer HA, there is no indication on the FortiAnalyzer dashboard that it is configured or the status thereof. |
| 502046 | FortiAnalyzer stops responding to GUI access and many services are in Z state. |
| 505853 | FortiAnalyzer should be able to restrict access to the admins for specific device groups. |
| 505853 | FortiAnalyzer should be able to restrict access to the admins for specific device groups. |
| 510401 | Date format change is not applied to Chart when type is Area or Line. |
| 512413 | Malformed compact v3 log may cause daemon to crash due to log parsing error. |
| 514656 | The SNMP OID „hrStorageUsed” might report incorrect value. |
| 515101 | Admin users are unable to login from the GUI when their password contains two sequential question marks. |
| 515686 | The sqllogd daemon crashes on processing certain text logs with long fields. |
| 516098 | Real-time view for all devices does not show any data and returns no records found. |
| 517559 | FortiAnalyzer has multiple scheduled reports across multiple ADOMs that do not run as scheduled. |
| 517724 | Dashboard widget „System Resources” shows wrong output for the time period. |
| 518285 | Source and Destination interface information is not being sent from FortiAnalyzer to FortiGate’s FortiView. |
| 518346 | Export to report stuck at 5% after drill down under Top Browsing Users. |
| 519683 | Automatically uploading reports to SFTP fails for some reports with error message that the action „is abandoned because of file not exist!”. |
| 519791 | Users cannot manually add FortiAuthenticator 5.4 and 5.5. |
| 520607 | When requesting Compromised Host Blacklist details, the results are not sorted correctly when sort by „event_num” is requested. |
| 523055 | FortiView takes very long to show the Policy Hit count chart. |
| 523258 | Report should exclude forwarded traffic with logid=21. |
| 523445 | FortiView on FortiOS reports unrealistically high traffic counters for sources with long-lived sessions. |
| 524136 | Report IOC blacklist provides different output than FortiView IOC. |
| 524252 | Event Management’s Handler may not be able to trigger IPS alert when receiving anomaly log from FortiGate v6.0 devices. |
| 524252 | FortiAnalyzer cannot trigger IPS alert when anomaly logs are detected for FortiGate 6.0/6.2. |
| 527616 | FortiAnalyzer sporadically stops receiving logs. |
| 528395 | Deleting device from Device Manager removes the report filter but does not stop schedule and notifications. |
| 529091 | The maximum number of VDOMs allowed for FortiMail devices is set to be 2048. |
| 529518 | The Columns for Email Server, From and To, should have a minimum guaranteed width regardless of how long the entry is in the Email server field. |
| 530217 | When the time zone on the FortiGate is „(GMT +5:00) Ekaterinburg”, 'dtime’ in the FortiAnalyzer database is one hour ahead. |
| 531411 | Users are unable to set available quota as Maximum Allowed in ADOM quota settings. |
| 531481 | FortiAnalyzer log files may not be decompressed and inserted into the database. |
| 534096 | Current page’s log messages should be downloaded if the download option Current Page is checked. |
| 534783 | Normal search with multiple values should highlight all search values used in the filter. |
| 537076 | FortiAnalyzer doesn’t delete quarantined file automatically. |
| 537535 | FortiView intermittently shows no data message when trying to filter out data. |
| 537977 | The Sort by function does not work under storage information. |
| 541249 | The diagnose test application oftpd 3 command occasionally causes FortiAnalyzer to freeze. |
Znane problemy do rozwiązania:
Bug ID Description
| 540397 | In Fabric ADOM, subnet list should validate all fields instead of only the srcip and dstip fields. |
| 540766 | The new HA master cannot receive logs after HA failover on Azure. |
| 541346 | In Fabric ADOM, if handler is for non-FortiGate devices, drill-down of an event is not properly displayed. |
| 542286 | HA cannot work on unicast mode when members are located in different subnets. |
| 542606 | Local device event alerts should not be synchronize from HA Master to Slave. |
| 542607 | Drill-down of Applications & Websites – Top Web Sites(FortiClient) always shows No entry found. |
| 543623 | UEBA pop-up cannot show epname when endpoint is set with group by. |
| 544064 | The firewall sessions chart should be a bar chart classified by devices in the FortiCare 360 report. |
| 544071 | Network Interface Availability Faults Over Time Chart should be classified by devices in the FortiCare 360 report. |
| 546067 | FortiRecorder should display disk usage information for FortiRecorder in the Camera Manager page. |
| 546073 | When camera IP address is changed to Static mode, FortiRecorder identifies it with an incorrect address. |
| 546990 | Log files cannot be seen in the Log View for a long time after the files are imported from CLI. |
| 547496 | When report is run for a particular device, it should show data for only that device. |
| 547583 | After clearing the filter in FortiView, GUI still sends query with the filter and Log View still shows filtered logs. |
| 547904 | Device Manager HA Status column show devices’ status as up when the device dashboard’s cluster members always shows the status as down. |
| 548112 | After enabled resolving IP address, FortiView is not showing hostname on the column „Destination” in „Top Destinations” table. |
| 548201 | Under FortiView, it is missing the column „# of Clients” in the „Top Applications” table chart. |
| 548245 | SMAL configuration is not synchronized from Master to Slave. |
| 548826 | In SOC Monitor, FortiAnalyzer cannot show Sandbox Execution Details clearly in Night/Ocean theme. |
| 548866 | Master unit in FortiAnalyzer HA Cluster responds with VIP only for SNMP traffic. |
| 548872 | The footer in FortiAnalyzer report cover page is set to transparent and it does not work the same way as it was in previous releases. |
| 548974 | Under FortiView, policy-info is updated when moving FortiGate to a different ADOM. |
| 549243 | In Top SSID drill-down view, it cannot show related logs for a WiFi client. |
| 549245 | When camera wire-mode is changed from DHCP to Static, the gateway IP is always missing resulting in camera status error. |
| 549343 | The SOC period should be hidden or disable on the Compromised Host for FortiView. |
| 549459 | FortiCam network setting to TCP/HTTP results in connection error or network unreachable. |
| 549481 | Export to report chart from drill down panel in NOC fails. |
| 549548 | In FortiGate ADOM, widget count is not correct for some widget categories in Add Widget. |
| 549718 | Log Browse File Name cannot be filtered due to quotation marks. |
| 549739 | After upgrade, widgets displayed size are not scale with the content. |
| 550068 | FortiView drill-down to log view with unauthuser shows no result. |
| 550113 | In SOC widget „Security Rating report”, the user cannot select Region and Industry and it is shown as undefined. |
| 550136 | Advanced options cannot be edited in an existing fabric connector (Storage). |
| 550276 | First time adding a new camera always shows unexpected MAC address. |
| 550355 | UEBA pop-up shows [object object] on some events. |
| 550373 | Avatar cannot be updated. |
| 550544 | When manually adding device, FortiWeb is missing v6.1 and FortiAuthenticator is missing v6.0. |
| 550570 | IOC drill down view shows incorrect last detect time. |
| 550600 | The fazsvcd process may use excessive memory on the system. |
| 550619 | UEBA may show some IPv6 source IPs that are unreadable. |
| 550663 | Exporting chart from FortiView main view Top Country/Region has an additional line, Reserved. |
| 550894 | Quickly switching from Top Threat to Top Application leads to SQL query error. |
| 550933 | Authorized FortiCarrier device does not shows up in the Fabric ADOM’s FortiGate device drop-down list. |
| 551125 | When setting Event Handler with filter threshold over 25, FortiAnalyzer may not display any event. |
| 551178 | FortiAnalyzer may fail to reply to XML requests. This affects only the following models: FAZ-200F, FAZ-300F, FAZ-400E, FAZ-800F, FAZ-1000E, FAZ-2000E, FAZ-3000F, FAZ-3700F. |
| 551243 | In Fabric ADOM, View Related Logs in the FortiDDoS widget re-directs to an inaccurate page in Log View. |
Release Notes – FortiAnalyzer 6.2.0
New Features – FortiAnalyzer 6.2.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
