Hi all,
Just wanted to check with the community who is using version 7.1.x and what are your views on the new GUI and the impact on internal process for SOCs and analyst time (Incident to Analysis to Closure).
Thanks,
Sotiris
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @sioannou,
We are using 7.1 and experienced a great improvement for the workflow regarding incident handling.
There are some minor things that did not get into the new GUI, but overall it's a much faster insight in triggering events than it was before.
Our customers were a bit afraid of the very obvious "ChatGPT-button" in terms of data privacy, that might be one thing to consider in the EU at least ;)
Is there anything specific you'd like to know?
fortisiem.fortidemo.com has 7.1 deployed, so you can have a look there as well.
Best,
Christian
I'm also curious on feedback, let us know what works and what doesnt.
Thanks for the feedback, our experience has been different.
The click count for closing an incident has increased, we see lagging in the analytics interface (especially when you are utilising the same analytics tab and filter as you review the logs, at some point the interface becomes unresponsive and requires a refresh). Analytics queries or any query that involves showing Raw Event logs looks like they take longer now to retrieve.
The raw logs are much harder to review on incidents tabs since the new format. Also we have noticed that certain analyst do not have visibility to certain Org Incidents (for the time it looks random and with no change to Roles or access levels), which is of very high concern. We are not 100% sure yet that the issue is due to caching post upgrade or an issue in the database. We where lucky that we caught it on time.
Finally we have noticed that FortiSIEM provided dashboards after the upgrade are now blank and the team is working on rebuilding them. Not sure why this particular issue. Maybe the reports have changed.
Now the good part is that the interface is looking much slicker and smoother in general anything that does not involve raw event logs is much faster, a step towards a more functional interface. The API now has entries which where removed in the past (not sure why this has happened) which is good.
It would be good to have some kind of a document that outlines the thought of the new GUI and possible workflows the design team had in mind. Maybe that is the missing link.
Thanks,
S
Thanks, Sioannou, for the feedback. I'll reach out to you directly regarding the click count so that we can see how we can optimise this flow.
Regarding the interface becoming unresponsive, I haven't seen that elsewhere, so we need to dig into that a little. Same with the dashboards now being blank.
Will drop you a message.
Concerning interface becoming unresponsive: We've seen the interface slowing down after looking at a lot of incidents as well, but becoming quick again as soon as the page is refreshed. I think it's some sort of javascript-caching here. We've seen this in 7.1.0, but not in 7.1.3 anymore (or our analysts don't tell me anymore).
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.