The FortiSOAR Incident Response Content Pack (fsr-ir-content-pack) 7.0.1 Release splits the content pack into various use cases, which will enable users in the future to take only the use cases they require. Important release highlights include enhancing the enrichment playbooks, updating use cases and scenarios, and enhancing the Pause SLA functionality.
New features and enhancements
Split the Content Pack
The content of the Content Pack has been split as follows:
Future releases of CP will use the split content files to provide users with only the content that they require for their use case.
Added the QRadar Threat Hunt workflow
Added the 'QRadar Threat Hunt' workflow to the "Investigate Malicious Indicators" playbook in the '04-Use Cases' collection.
Enhanced the 'Enrichment' Playbook collection
Updated all enrichment playbooks to use the VirusTotal v2.0.0 connector. VirusTotal 2.0.0 connector supports the latest API i.e, API v3.
Enhanced the layout for the Indicator Description to include more information from VirusTotal API v3 for the following input types: IP Address, Domain, FileHash MD5, URL, and File, as shown in the following image:
Updated the Suspicious Email Use Case
Updated the Suspicious Email Use Case by adding logic that introduces uses to the concept of a 'Drive By Download' attack. A Drive By Download (DBD) attack refers to the unintentional download of malicious code to your computer or mobile device leaving you open to a cyberattack.
Enhanced 'Pause SLA' functionality
The Pause SLA functionality has been enhanced as follows:
Added two new fields: Ack SLA Paused on and Resp SLA paused to the Alerts and Incident schemas.
Updated SLA Playbooks to capture paused and resume SLA values when the state is changed.
Added new manual trigger playbooks to "Pause SLA - Alerts" and "Pause SLA - Incidents" to pause the SLA for alerts and incidents by triggering these playbooks using the 'Execute' drop-down in the detail view of an alert or incident record.
Updated the SLA CountDown Widget to display paused SLA.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.