What’s new in Release 4.7.2
Device Support
FortiSandbox – discovery, performance monitoring, log analysis and external threat intelligence (see here)
FortiWeb – discovery, performance monitoring and log analysis (see here)
FortiMail – log analysis (see here)
MalwareBytes – log analysis (see here)
Sophos UTM – log analysis (see here)
Bug Fixes
| Bug ID | Severity | Component | Description |
| 17552 | Major | System | Patch Linux Kernel Local Privilege Escalation Vulnerability (“Dirty COW”) – CVE-2016-5195 |
| 15161 | Major | App Server | FortiSIEM users cannot change their own passwords if they are read only users or were restricted by RBAC from viewing or making changes to CMDB users page |
| 17025 | Major | Parser | Cisco ASA parser code introduced in 4.5.1 leaks memory |
| 17216,
17056 |
Major | System | FortiSIEM hangs during upgrade and reboot if there is no internet connectivity. This is because in 4.7.1, OS update was done during upgrade and reboot. This release provides two solutions: (1) OS upgrade via yum update now only happens during upgrade and not during reboot and (2) FortiSIEM goes to repositories set up in AWS Cloudfront AWS edge locations listed here (https://aws.amazon.com/cloudfront/details/#edge-locations) depending on where the FortiSIEM node is connecting from. The Cloudfront CDN distribution is created and controlled by FortiSIEM engineering. If the connection to this edge location fails, it connects to origin server ima ges-os.accelops.net which is hosted by FortiSIEM engineering in AWS |
| 17466 | Major | Rule Engine | Rule Engine sometimes crashes while evaluating FIRST and LAST aggregation operators |
| 16991 | Normal | Performance
Monitor |
Sometime Java Agent has too many open files |
| 17290 | Normal | Parser | AIX log Parser incorrectly parses reporting device name |
| 15868 | Normal | Performance
Monitoring |
Palo Alto Firewall configuration pulling SSH script not logging out |
| 16969 | Normal | System | FortiSIEM Worker ssl.conf is overwritten during upgrade – e.g. if FortiSIEM Worker is configured to use valid CA certificates, these are overwritten during an upgrade to use self-signed. FortiSIEM Supervisor works correctly. |
| 16984 | Normal | System | Re-registered license not getting updated in Worker and Report Server. |
| 16992 | Normal | Performance
Monitoring |
Java agents (e.g. SQL based monitoring) can result in too many open files |
| 16995 | Normal | Rule Engine | While testing rules, Rule Master module may time out if the rule test evaluates to FALSE. RuleMaster never reports the status to the GUI. |
| 17008 | Normal | GUI | White labeling does not work correctly in HTML5 GUI |
| 17058 | Normal | GUI | User can no longer approve multiple CMDB devices at a time. |
| 17068 | Normal | GUI | Ticketing system GUI can not load tickets if any ticket does not have a due date |
| 17097 | Normal | Performance
Monitoring |
FortiGate SSH based commands for Audit do not work when VDOMs are configured |
| 17114 | Normal | App Server | CMDB replication setting in postgresql.conf on both Super and Report Server lost after upgrade |
| 17115 | Normal | System | Prevent event loss during eps surge by adding another warning period to elastic eps enforcement |
| 17352 | Normal | GUI | Sometimes, the list of users in Assigned To in a ticket created from incident, may not be shown properly |
| 17354 | Normal | Query Engine | Sometimes Incident Query with Incident Reporting IP IN A Device Group does not return result. |
| 17380 | Normal | Parser | Device type in TrendMicro Deep Security Manager parser is incorrect. |
| 17382 | Normal | Discovery | Can not connect to a device via Telnet/SSH when user name is empty but password and enable password is set |
| 17387 | Normal | Discovery | Custom device discovery does not work when discovered device type is Generic Unix or Generic Linux. |
| 17409 | Normal | GUI | CMDB > Device > Link usage does not show data for non-FortiGate devices |
| 17483 | Normal | Discovery | SDEE based Test Connectivity to Cisco IPS does not work for Cisco IPS 7.0 and earlier that does not support
TLS 1.2 |
| 17076 | Enhancement | Data | Some Cylance Protect syslog can not be parsed |
| 17092 | Enhancement | Performance
Monitoring |
Allow a higher priority queue for Airline log monitoring |
| 17098 | Enhancement | GUI | Remove “Forticare” from default exported Audit report name |
| 17115 | Enhancement | Device Support | Extend IBM Townsend parser |
| 17248 | Enhancement | Device Support | Update FortiGate IPS Event types (Signatures) |
| 17255 | Enhancement | Device Support | Update Forcepoint (previously McAfee Stonesoft) parser |
| 17405 | Enhancement | Device Support | Update F5 ASM parser |
| 17057 | Enhancement | Device Support | Update Nginx parser |