The revolutionary MITRE ATT&CK framework (https://attack.mitre.org/) is employed by increasing numbers of organizations. FortiSIEM 6.2.0 implements the ATT&CK framework down to the technique level, and provides significant ATT&CK coverage with out of the box rules. This provides a powerful tool to assist with attack detection and classification.
In FortiSIEM 6.2.0 you can:
- Benefit from over 950 ATT&CK focused rules, and over 1,400 rules in total - Associate ATT&CK techniques to a FortiSIEM rule - View your ATT&CK coverage on the Rule Coverage Dashboard - View active incidents from the perspective of the ATT&CK framework via the Incident Coverage dashboard - Use the MITRE ATT&CK® Incident Explorer dashboard to get a host-centric view of active incidents grouped by ATT&CK tactic, with drill down
We think the implementation of the ATT&CK framework will simplify and streamline detection, and make it easier to understand the impact of multiple incidents on the organizations assets.
Pre-compute Query Support
This is a new feature for the 6.x release, and is interesting for larger deployments that run pre-defined searches. Using FortiSIEM's pre-compute feature you can quickly run powerful, pre-defined, aggregated searches over long time periods by pre-computing results at specific intervals. When the search is executed the pre-computed results are used to calculate the final result in significantly less time.
FortiSIEM 6.1 introduced our powerful integrated endpoint UEBA solution. FortiSIEM 6.2 extends this further by building the AI model into our rapid scale architecture. The AI model now scales as more worker nodes are added to the FortiSIEM cluster, for scale out UEBA performance in large deployments.
FortiSIEM's integrated endpoint UEBA solution delivers visibility and AI driven anomaly detection on the same infrastructure as our scalable and easy to use SIEM, simplifying deployment, configuration, management and in-life use.
We've covered just a few of the new features in the 6.2.0 release. Some other enhancements include; incident remediation workflow, external authentication via SAML, support for Elasticsearch 7.8 and Elastic Cloud, new OT/IoT focused rules, reports and dashboard, new device support, agent health view, and more! Check the release notes at https://docs.fortinet.com/document/fortisiem/6.2.0/release-notes/315116/introduction for more details.
FortiSIEM release 6.2.0 continues to develop our powerful, scalable and easy to use SIEM solution. FortiSIEM delivers SIEM functionality, UEBA, performance monitoring and incident management features in an easy to use system suitable for SMB, Public Sector, Enterprise and MSSP deployments.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.