FortiSIEM has been updated to version 7.1.0, and with it comes a series of improvements aimed at simplifying security operations and IT management. Let’s dive into the key features that have been introduced or enhanced.
Osquery Extension for Windows Agent
The extension of Osquery support on the Windows Agents is a welcome development. This tool now works seamlessly with Windows, allowing administrators to write SQL-based queries to explore operating system data. This includes processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes.
This detailed system data, can be particularly useful for incident forensics, investigations and security monitoring.
Windows Certificates Monitoring
The new release simplifies the process of tracking certificates on Windows hosts, allowing for better management of certificate lifecycles. This helps prevent security lapses due to expired certificates and helps to automate the maintenance of certificate management, which is crucial for operational integrity.
Scheduled Rules for ClickHouse
ClickHouse deployments now have the capability to implement scheduled rules. This feature lets you establish regular checks for patterns or anomalies, automating the process of incident detection for further review.
User Interface Enhancements
The updated UI/UX improvements focus on efficiency and ease of use. Improved color consistency and layout changes aim to reduce visual strain and help users manage incidents more effectively without the need to switch contexts frequently.
Storage Optimization with ClickHouse
With the adoption of more efficient compression algorithms like ZSTD, ClickHouse deployments can now achieve better data compression rates, resulting in a decrease in storage needs and potentially lowering associated costs.
New Anomaly Detection Models
The introduction of two new models for anomaly detection enhances the system’s ability to identify unusual patterns in data. These models are meant to supplement existing security measures by aiding in the early detection of potential security incidents.
New Device Support
G42 Cloud Integration
Collect logs from G42 Cloud environments and extends security visibility into G42 Cloud infrastructures, enabling unified threat detection and response across multi-cloud environments.
Gather logs and alerts from Fortinet's Network Detection and Response (NDR) solution. This enhances network security monitoring by integrating FortiNDR insights, improving detection of sophisticated threats that span across the network.
Armis Intelligence Platform
Import data from the Armis platform, which specializes in OTasset visibility and security.
Import logs from Hillstone Firewalls to monitor network security events and traffic anomalies and allows for more granular security analysis and threat detection in network traffic by incorporating Hillstone's firewall logs.
Integration of Email Activity Counts through the Microsoft Graph API, providing detailed insights into email usage patterns.
Collection of email statistics via the Office 365 Reporting Web Service, enhancing the monitoring of organizational email security.
Implementation of new rules, reports, and dashboards tailored to Office 365 activities, aiding in compliance, monitoring, and threat detection related to email communications.
Enhanced Cloud Security: With added support for G42 Cloud and enhancements for Microsoft Office365, FortiSIEM 7.1.0 ensures organizations can maintain a strong security posture as they leverage public cloud services.
Comprehensive Visibility: By integrating FortiNDR and Hillstone Firewall, FortiSIEM now provides deeper network traffic insights and advanced threat detection capabilities.
IoT and Device Monitoring: The Armis platform's alert collection support allows organizations to secure an increasingly complex array of IoT devices and networks.
These additions and enhancements demonstrate FortiSIEM 7.1.0's commitment to expanding its security management capabilities across a diverse set of devices and environments. This version aims to provide a more complete and detailed security view, enable better threat detection and response, and ensure streamlined operations for security professionals.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.