FortiSIEM 7.1.0 – General Availability
FortiSIEM has been updated to version 7.1.0, and with it comes a series of improvements aimed at simplifying security operations and IT management. Let’s dive into the key features that have been introduced or enhanced.
Osquery Extension for Windows Agent
The extension of Osquery support on the Windows Agents is a welcome development. This tool now works seamlessly with Windows, allowing administrators to write SQL-based queries to explore operating system data. This includes processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes.
This detailed system data, can be particularly useful for incident forensics, investigations and security monitoring.
Windows Certificates Monitoring
The new release simplifies the process of tracking certificates on Windows hosts, allowing for better management of certificate lifecycles. This helps prevent security lapses due to expired certificates and helps to automate the maintenance of certificate management, which is crucial for operational integrity.
Scheduled Rules for ClickHouse
ClickHouse deployments now have the capability to implement scheduled rules. This feature lets you establish regular checks for patterns or anomalies, automating the process of incident detection for further review.
User Interface Enhancements
The updated UI/UX improvements focus on efficiency and ease of use. Improved color consistency and layout changes aim to reduce visual strain and help users manage incidents more effectively without the need to switch contexts frequently.
Storage Optimization with ClickHouse
With the adoption of more efficient compression algorithms like ZSTD, ClickHouse deployments can now achieve better data compression rates, resulting in a decrease in storage needs and potentially lowering associated costs.
New Anomaly Detection Models
The introduction of two new models for anomaly detection enhances the system’s ability to identify unusual patterns in data. These models are meant to supplement existing security measures by aiding in the early detection of potential security incidents.
New Device Support
Gather logs and alerts from Fortinet's Network Detection and Response (NDR) solution. This enhances network security monitoring by integrating FortiNDR insights, improving detection of sophisticated threats that span across the network.
Import data from the Armis platform, which specializes in OTasset visibility and security.
Import logs from Hillstone Firewalls to monitor network security events and traffic anomalies and allows for more granular security analysis and threat detection in network traffic by incorporating Hillstone's firewall logs.
These additions and enhancements demonstrate FortiSIEM 7.1.0's commitment to expanding its security management capabilities across a diverse set of devices and environments. This version aims to provide a more complete and detailed security view, enable better threat detection and response, and ensure streamlined operations for security professionals.
For more information, please review the release notes https://docs.fortinet.com/document/fortisiem/7.1.0/release-notes/671235/whats-new-in-7-1-0
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.