FortiSOAR Discussions

FortiSOAR 7.4 and more – Bringing new dimensions to SOAR value

FortiSOAR 7.4 and more – Bringing new dimensions to SOAR value


The release of FortiSOAR 7.4 caps off a year of important product innovations and a host of new turnkey use case solutions. Whether you’re a current client, you’re in the market for a proven solution, or an MSSP ready to optimize SecOps for you and your customers, read on for a summary!


Turnkey SaaS availability

FortiSOAR is now available as a SaaS offering, housed in a growing number of secure FortiCloud locations worldwide. FortiSOAR SaaS offers simplicity, rapid time to value, and other advantages with the same robust functionality as the on-prem, cloud-hosted and AWS marketplace options.


OT SecOps

IT/OT SecOps convergence is becoming an imperative. FortiSOAR now fully supports unique OT requirements with features such as risk-based OT asset and vulnerability management, MITRE ATT&CK ICS views for threat investigation, OT threat remediation playbooks, and full OT ecosystem integration. OT product already integrated include:  Nozomi, Claroty, Dragos, Armis, SCADAFence, and Everbridge. FortiSOAR’s design approach to OT is based on best practices aligned to the Cybersecurity and Infrastructure Security Agency (CISA) Operational Directives.


ML-driven investigation and response

The Recommendation Engine now uses ML to power various aspect of the threat investigation and response workflow. Examples include, best suitable analyst assignment rating, alert grouping into incident level views, and in-line playbook suggestions based on past best-practice activities and outcomes. Also, a new automated phishing classifier uses pre-trained ML to provide confidence-level identification of phishing emails.


Playbook creation

There’s much to unpack here as FortiSOAR continues its thought leadership in no/low-code playbook and content creation for all types of users and use cases. A new Dynamic Values window and Simplified Expression View setting make it easier and more intuitive to create and view playbook steps in natural language.  And the Reference Blocks feature gives playbook designers inline contextual aid, including samples and help references.


CI/CD process support

A new CI/CD Solution Pack provides a best-practices framework to automate and standardize FortiSOAR content development with a modern continuous and iterative process to build, test, and deploy content via source control.


Asset and vulnerability management

FortiSOAR integrates with asset management and vulnerability scanning systems to give you a complete risk-based picture of your IT/OT assets, including identification, criticality, vulnerability status and any alert conditions. Analysts can use the information to launch automated remediation or other playbooks and assign and track associated tasks.  Alert and incident investigation is enriched and accelerated by having complete asset profiles at hand without the need to access other systems or tools.


Threat intelligence management

FortiSOAR Threat Intelligence Management – featuring built-in feeds from FortiGuard Labs – is being continually expanded to new sources, now including OT intelligence feeds. External feed export is now enhanced to support STIX 2.1 and CSV methods.


Fortinet Security Fabric value

FortiSOAR continues to expand Fortinet product portfolio connectivity and pre-built playbook support for use cases for both the SOC and NOC. Recent integrations include FortiNDR Cloud, FortiRecon, FortiProxy, FortiDeceptor, and FortiCNP. Enhanced and new playbooks have been released for FortiSIEM, FortiAnalyzer, FortiGate, FortiManager and more. Check out the Content Hub for all the details.


MSSP and large enterprise enhancements

New capabilities for MSSP and large enterprises support deployment of hierarchical multi-tenant configurations, as well agnostic MSSP playbooks that auto-translate into tenant-specific versions prior to execution. You can also now run unauthenticated manual inputs in segmented networks via FortiSOAR agents.


Container deployment

FortiSOAR now supports Docker container-based deployment, including high availability clusters across multiple hosts and Amazon Elastic Kubernetes.


Of course, there’s more… Please see the FortiSOAR 7.4 and earlier Release Notes and visit the Content Hub for additional information.


The FortiSOAR Team

Kevin Faulkner