Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

FSM_FTNT
Staff
Staff

FortiSIEM 6.6.0 Released

Hi FortiSIEM Users,

Today we have released version 6.6.0, release notes here! This release has several new features, but I would like to highlight three in particular and provide some context around these:

  1. A new Read API for Watch Lists - this is a great new inclusion and is best explained using a use case described in this blog by Silvu, the difference is we have built the capability natively within FortiSIEM. The use case allows a FortiGate or FortiManage to incorporate a FortiSIEM Watch List as a threat feed and apply this within policies!

  2. Generic REST API Integrator - say you have an API that you need to integrate FortiSIEM with, could be a custom one or a vendor that we don't yet support, this is the feature to allow you to do so! This is a no-code method to integrate with API's and once done, you can export the config and hopefully, consider sharing it with the community.
  3. Scale-out ClickHouse Cluster - we introduced ClickHouse as an integrated and embedded event database within 6.5.0, but there was a limitation that it only ran on the Super node. In this release, we can scale out to support a ClickHouse cluster where the FortiSIEM Worker nodes also run ClickHouse. This allows FortiSIEM to scale not only EPS ingestion but significantly improve analytic reporting performance. Check out the sizing guide and release information.


------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
2 REPLIES 2
ManRod
New Contributor II

Hi Daniel,

nice :)

Is my assumption right, that if using ClickHouse, the shared NFS storage (for Supervisor and Workers) is obsolete (if not using NFS archive)?

Regards
Manuel
FSM_FTNT

Hi Manuel,

With ClickHouse the storage is virtual disks attached to the Super or Worker VM, as you mention you can still use NFS as an archive destination and that will utilise the FortiSIEM eventDB.

Thanks

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------