This release of FortiSIEM brings two new features and several new enhancements.
New Features:
Raw Event Size-Based Licensing: This new licensing scheme focuses on the total raw event size per day, licensed as GB per day of storage. This new licensing scheme is more straightforward than Device + EPS licensing and does not limit the events received as a result of the FortiSIEM license. With the choice of licensing models, customers are now able to chose one that meets their needs.
Exporting QRadar Logs to FortiSIEM: A new tool that facilitates the transfer of logs from IBM QRadar SIEM to FortiSIEM, helping to streamline the migration from QRadar to FortiSIEM whilst retaining historical logs sent to QRadar.
Enhancements:
Dashboard Query Optimization: This update improves query efficiency for ClickHouse-based deployments by implementing caching mechanisms, reducing the load on event databases and increasing the efficiency of the dashboards.
Enhanced FortiEDR integration: If FortiSIEM detects an incident on an workstation or server you can automatically or on demand isolate a system on the network through integration with FortiEDR. This allows for quicker response to critical incidents.
Integration updates: Updates for Windows, VMWare VCenter, Carbon Black, FortiPAM, Cisco ACI, Trend Vision One CEF and Tenable Security Center.
Rocky Linux Update: The underlying OS has been upgraded to Rocky Linux 8.10, bringing the latest security improvements.
For more information, check out the release notes https://docs.fortinet.com/document/fortisiem/7.2.2/release-notes/985787/whats-new-in-7-2-2