FortiSIEM 6.6.0 Released

DanielHanman · ‎07-27-2022

Hi FortiSIEM Users,

Today we have released version 6.6.0, release notes here! This release has several new features, but I would like to highlight three in particular and provide some context around these:

A new Read API for Watch Lists - this is a great new inclusion and is best explained using a use case described in this https://community.fortinet.com/t5/FortiSIEM-Blog/A-new-FortiSIEM-Incident-Remediation-method-based-o..., the difference is we have built the capability natively within FortiSIEM. The use case allows a FortiGate or FortiManage to incorporate a FortiSIEM Watch List as a threat feed and apply this within policies!
Generic REST API Integrator - say you have an API that you need to integrate FortiSIEM with, could be a custom one or a vendor that we don't yet support, this is the feature to allow you to do so! This is a no-code method to integrate with API's and once done, you can export the config and hopefully, consider sharing it with the community.
Scale-out ClickHouse Cluster - we introduced ClickHouse as an integrated and embedded event database within 6.5.0, but there was a limitation that it only ran on the Super node. In this release, we can scale out to support a ClickHouse cluster where the FortiSIEM Worker nodes also run ClickHouse. This allows FortiSIEM to scale not only EPS ingestion but significantly improve analytic reporting performance. Check out the sizing guide and release information.

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

ManuelRodriguez · ‎07-28-2022

Hi Daniel,

nice :)

Is my assumption right, that if using ClickHouse, the shared NFS storage (for Supervisor and Workers) is obsolete (if not using NFS archive)?

Regards
Manuel-------------------------------------------
Original Message:
Sent: Jul 27, 2022 01:59 AM
From: Daniel Hanman
Subject: FortiSIEM 6.6.0 Released

Hi FortiSIEM Users,

Today we have released version 6.6.0, release notes here! This release has several new features, but I would like to highlight three in particular and provide some context around these:

A new Read API for Watch Lists - this is a great new inclusion and is best explained using a use case described in this https://community.fortinet.com/t5/FortiSIEM-Blog/A-new-FortiSIEM-Incident-Remediation-method-based-o..., the difference is we have built the capability natively within FortiSIEM. The use case allows a FortiGate or FortiManage to incorporate a FortiSIEM Watch List as a threat feed and apply this within policies!
Generic REST API Integrator - say you have an API that you need to integrate FortiSIEM with, could be a custom one or a vendor that we don't yet support, this is the feature to allow you to do so! This is a no-code method to integrate with API's and once done, you can export the config and hopefully, consider sharing it with the community.
Scale-out ClickHouse Cluster - we introduced ClickHouse as an integrated and embedded event database within 6.5.0, but there was a limitation that it only ran on the Super node. In this release, we can scale out to support a ClickHouse cluster where the FortiSIEM Worker nodes also run ClickHouse. This allows FortiSIEM to scale not only EPS ingestion but significantly improve analytic reporting performance. Check out the sizing guide and release information.

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

DanielHanman · ‎07-28-2022

Hi Manuel,

With ClickHouse the storage is virtual disks attached to the Super or Worker VM, as you mention you can still use NFS as an archive destination and that will utilise the FortiSIEM eventDB.

Thanks

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Jul 28, 2022 01:29 AM
From: Manuel Rodriguez
Subject: FortiSIEM 6.6.0 Released

Hi Daniel,

nice :)

Is my assumption right, that if using ClickHouse, the shared NFS storage (for Supervisor and Workers) is obsolete (if not using NFS archive)?

Regards
Manuel
Original Message:
Sent: Jul 27, 2022 01:59 AM
From: Daniel Hanman
Subject: FortiSIEM 6.6.0 Released

Hi FortiSIEM Users,

Today we have released version 6.6.0, release notes here! This release has several new features, but I would like to highlight three in particular and provide some context around these:

A new Read API for Watch Lists - this is a great new inclusion and is best explained using a use case described in this https://community.fortinet.com/t5/FortiSIEM-Blog/A-new-FortiSIEM-Incident-Remediation-method-based-o..., the difference is we have built the capability natively within FortiSIEM. The use case allows a FortiGate or FortiManage to incorporate a FortiSIEM Watch List as a threat feed and apply this within policies!
Generic REST API Integrator - say you have an API that you need to integrate FortiSIEM with, could be a custom one or a vendor that we don't yet support, this is the feature to allow you to do so! This is a no-code method to integrate with API's and once done, you can export the config and hopefully, consider sharing it with the community.
Scale-out ClickHouse Cluster - we introduced ClickHouse as an integrated and embedded event database within 6.5.0, but there was a limitation that it only ran on the Super node. In this release, we can scale out to support a ClickHouse cluster where the FortiSIEM Worker nodes also run ClickHouse. This allows FortiSIEM to scale not only EPS ingestion but significantly improve analytic reporting performance. Check out the sizing guide and release information.

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------