So, for those of you that utilize the FortiAnalyzer (in place of or in addition to Splunk, ArcSight etc) here is the “What’s New” for FortiAnalyzer 5.2. This is a copy of the Fortinet direct documentation for those that don’t have access to it.
What’s New in FortiAnalyzer v5.2
FortiAnalyzer v5.2 includes the following new features and enhancements.
FortiAnalyzer v5.2.0
FortiAnalyzer v5.2.0 includes the following new features and enhancements.
Event Management
- Event Handler for local FortiAnalyzer event logs
- FortiOS v4.0 MR3 logs are now supported.
- Support subject customization of alert email.
FortiView
- New FortiView module
Logging
- Updated compact log v3 format from FortiGate • Explicit proxy traffic logging support
- Improved FortiAnalyzer insert rate performance
- Log filter improvements
- FortiSandbox logging support
- Syslog server logging support
Reports
- Improvements to report configuration
- Improvements to the Admin and System Events Report template
- Improvements to the VPN Report template
- Improvements to the Wireless PCI Compliance Report template
- Improvements to the Security Analysis Report template
- New Intrusion Prevention System (IPS) Report template
- New Detailed Application Usage and Risk Report template
- New FortiMail Analysis Report template
- New pre-defined Application and Websites report templates
- Macro library support
- Option to display or upload reports in HTML format
- FortiCache reporting support
Other
- HA cluster auto discover