Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Namrata
Staff
Staff

Created on ‎10-04-2021 11:06 PM Edited on ‎08-09-2022 05:04 AM By Community Manager

Article Id 220036

Technical Tip: FortiSOAR Content Pack 7.0.2 Release

Description

 

The FortiSOAR Incident Response Content Pack (fsr-ir-content-pack) 7.0.2 Release exports the content pack in the .zip format.

Important release highlights include the addition of new playbook collections and enhancements made to existing collections, as well as improving the description of all the playbooks, thereby augmenting the usability of the content pack.

 

New features and enhancements

 

Features

Details

Export of content pack in the .zip format

The contents of the content pack now get exported in the .zip format (instead of the JSON format) as per the updates made in FortiSOAR 7.0.2 version.

Symantec Content Pack

The use cases and ingestion playbooks related to Symantec Solutions have been moved to the Symantec Content Pack (CP) zip file (fsr-cp-symantec-solutions.zip).
Note: The fsr-cp-symantec-solutions.zip is part of the “Incident Response Content Pack”

Introduces new Use Cases and Scenarios

The “04 - Use Case” collection has been updated as follows:

  • Added the Get Microsoft CASB Alert Information playbook.
  • Added the Pickup and Enrich Microsoft CASB Alert playbook.
  • Added the Investigate Malware Alert playbook.

The following new scenario has been added:

  • Added the “16- Scenario - Microsoft CASB” scenario that contains the Generate Microsoft CASB (Malware Infection) Alert playbook.

Enhancement in Indicator extraction Playbooks

Enhanced the Extract Indicators playbooks that are part of “02 - Enrich” collection as follows:

  • If IoCs are populated with comma-separated-values, then they are extracted and corresponding indicators are created.

MITRE ATT&CK Content Pack

The MITRE ATT&CK Content Pack has been added to the Incident Response Content Pack to enable users to use the information and knowledge base that’s provided by the MITRE ATT&CK Framework to its full extent.

Changed the name of the “FAQ Module” to Knowledge Base and added data to Knowledge Base

Added data related to the following to the Knowledge Base:

·         Incident Response template

·         Employee On Boarding Process

·         Employee De-Boarding Process

·         Tools Required for SOC Analyst

·         Triage Process

·         New User account creation on SIEM

·         New User account creation on SOAR

·         New User account creation on Firewall

Updated the descriptions for all CP playbooks

Descriptions of all the CP playbooks have been enhanced making it easier for users to understand the usage of each playbook.

 

For information on the FortiSOAR IR Content Pack:

https://community.fortinet.com/t5/FortiSOAR/Incident-Response-Content-Pack-7-0-2-Release/ta-p/220033....

Labels:
99
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.