Thanks for the feedback, our experience has been different.
The click count for closing an incident has increased, we see lagging in the analytics interface (especially when you are utilising the same analytics tab and filter as you review the logs, at some point the interface becomes unresponsive and requires a refresh). Analytics queries or any query that involves showing Raw Event logs looks like they take longer now to retrieve.
The raw logs are much harder to review on incidents tabs since the new format. Also we have noticed that certain analyst do not have visibility to certain Org Incidents (for the time it looks random and with no change to Roles or access levels), which is of very high concern. We are not 100% sure yet that the issue is due to caching post upgrade or an issue in the database. We where lucky that we caught it on time.
Finally we have noticed that FortiSIEM provided dashboards after the upgrade are now blank and the team is working on rebuilding them. Not sure why this particular issue. Maybe the reports have changed.
Now the good part is that the interface is looking much slicker and smoother in general anything that does not involve raw event logs is much faster, a step towards a more functional interface. The API now has entries which where removed in the past (not sure why this has happened) which is good.
It would be good to have some kind of a document that outlines the thought of the new GUI and possible workflows the design team had in mind. Maybe that is the missing link.
Thanks,
S
