FortiSIEM Discussions
sioannou
Contributor

New FortiSIEM Interface Version 7.1.x

Hi all, 

 

Just wanted to check with the community who is using version 7.1.x and what are your views on the new GUI and the impact on internal process for SOCs and analyst time (Incident to Analysis to Closure). 

 

FortiSIEM 

 

Thanks,

 

Sotiris

5 REPLIES 5
Secusaurus
Contributor II

Hi @sioannou,

 

We are using 7.1 and experienced a great improvement for the workflow regarding incident handling.

There are some minor things that did not get into the new GUI, but overall it's a much faster insight in triggering events than it was before.

 

Our customers were a bit afraid of the very obvious "ChatGPT-button" in terms of data privacy, that might be one thing to consider in the EU at least ;)

 

Is there anything specific you'd like to know?

fortisiem.fortidemo.com has 7.1 deployed, so you can have a look there as well.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
FSM_FTNT
Staff
Staff

I'm also curious on feedback, let us know what works and what doesnt.

sioannou
Contributor

Thanks for the feedback, our experience has been different. 

 

The click count for closing an incident has increased, we see lagging in the analytics interface (especially when you are utilising the same analytics tab and filter as you review the logs, at some point the interface becomes unresponsive and requires a refresh). Analytics queries or any query that involves showing Raw Event logs looks like they take longer now to retrieve.

 

The raw logs are much harder to review on incidents tabs since the new format. Also we have noticed that certain analyst do not have visibility to certain Org Incidents (for the time it looks random and with no change to Roles or access levels), which is of very high concern. We are not 100% sure yet that the issue is due to caching post upgrade or an issue in the database. We where lucky that we caught it on time. 

 

Finally we have noticed that FortiSIEM provided dashboards after the upgrade are now blank and the team is working on rebuilding them. Not sure why this particular issue. Maybe the reports have changed.

 

Now the good part is that the interface is looking much slicker and smoother in general anything that does not involve raw event logs is much faster, a step towards a more functional interface.  The API now has entries which where removed in the past (not sure why this has happened) which is good.

 

It would be good to have some kind of a document that outlines the thought of the new GUI and possible workflows the design team had in mind. Maybe that is the missing link. 

 

Thanks,

 

FSM_FTNT
Staff
Staff

Thanks, Sioannou, for the feedback.  I'll reach out to you directly regarding the click count so that we can see how we can optimise this flow.

 

Regarding the interface becoming unresponsive, I haven't seen that elsewhere, so we need to dig into that a little. Same with the dashboards now being blank.

 

Will drop you a message.

Secusaurus
Contributor II

Concerning interface becoming unresponsive: We've seen the interface slowing down after looking at a lot of incidents as well, but becoming quick again as soon as the page is refreshed. I think it's some sort of javascript-caching here. We've seen this in 7.1.0, but not in 7.1.3 anymore (or our analysts don't tell me anymore).

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"