Created on ‎12-04-2023 06:27 AM
To empower organizations in their defense against cyber threats, FortiSOAR has unveiled the latest version of its SOAR Framework Solution Pack (SFSP), version 2.2.1. Packed with enhancements, this release establishes a robust foundation for optimizing the FortiSOAR platform, specifically designed for incident response and automation use cases within SOC environments. Here, is a list:
Improved Indicator Handling for Enhanced Accuracy
The SFSP 2.2.1 introduces several key updates aimed at improving indicator handling. The Extract Indicators playbook now offers more flexibility and accuracy by excluding specified file names, extensions, and ports. Additionally, a new playbook, Extract Indicators - Create File Indicator, streamlines the process of creating file indicators from suspicious email attachments, further enhancing threat detection capabilities.
Efficient Triage and Alert Management
Efficiency in triage and alert management is paramount in any SOC. SFSP 2.2.1 addresses this need with updates to the Find and Relate Similar Alerts playbook, covering alerts from the last 30 days. This improvement ensures that users can focus on recent incidents, enhancing the relevance of information. The Flag Indicators Linked Across Multiple Alerts playbook further contributes to timely responses by flagging alerts generated within the last 30 days.
Enhanced Incident Response Capabilities
The Create Communication Record (Email Reply) playbook adapts to handle email replies without encrypted text, ensuring seamless communication tracking. Additionally, the Create and Link Asset playbook now provides accurate labels, enhancing overall flow and usability in asset management.
Streamlined Module Configuration for More Control
SFSP 2.2.1 introduces streamlined module configuration by setting the default value for Team Ownable in all modules to false. This reduces the likelihood of playbook failures, allowing users to selectively enable Team Ownable as needed, providing more control and customization.
Improved Alert Details and Asset Management
The new Ticket ID field in alerts enhances visibility, providing a quick reference point for users when managing incidents. Asset management sees notable enhancements with the introduction of the BES Cyber Asset Category field and a rearrangement of Asset List View columns for a more organized and informative view of assets.
Incident and Indicator Module Improvements
SFSP 2.2.1 brings improvements to data completeness and accuracy with the addition of the Technique ID field in the Incident module. Certain indicator module fields are now replicated by default in MSSP environments, further enhancing data reliability.
SLA Template Updates for Greater Flexibility
Users can now set multiple Pause SLA On statuses, offering more flexibility in managing SLAs and adapting them to specific needs, reflecting the dynamic nature of cybersecurity incidents.
Dashboard and Rules Enhancements
Enhancements to the Analyst dashboard include a Critical Alerts tab displaying only High and Critical severity alerts, enabling analysts to focus on the most important incidents. A new rule for Notification On Pending Internal Manual Input improves communication and ensures prompt information about pending actions.
Role Customization for Varied User Needs
Recognizing the diverse needs of users, SFSP 2.2.1 introduces a Read-Only User role, providing an option for users who only need viewing rights without editing or modification permissions.
Performance Optimizations for Increased Efficiency
The latest version of SFSP includes performance optimizations, such as linking indicators to alerts during alert record updates and refining the Approval-Based Decision reference block. These optimizations collectively contribute to increased system performance, providing a more efficient, flexible, and user-friendly experience within the FortiSOAR environment.
In conclusion, with a focus on enhanced accuracy, efficiency, and user experience, this release reaffirms FortiSOAR's commitment to providing cutting-edge solutions for cybersecurity professionals worldwide.
Reference: https://fortisoar.contenthub.fortinet.com//detail.html?entity=sOARFramework&version=2.2.1&type=solut...
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.