FortiSIEM What’s New In 4.4.2

What’s new in Release 4.4.2

This release contains the following bug fixes and enhancements.



Severity Component Description
9906 major Discovery Unable to discover multiple AWS accounts in same organization
13817 major App Server Optimize the display of large number (more than 20,000) of devices in CMDB – the query to obtain locations has performance issues causing Summary dashboard to not load
13858 major Performance


Advanced Web Synthetic Transaction Monitoring must work in all cases
13941 major Discovery AWS CloudTrail API pulls same log more than once
13983 major Discovery SQL server discovery via with JDBC fails with an Java error
14005 major Performance


MSSQL 2008 audit monitoring failed with error info: “Execution failed: Invalid column name ‘IDcol’
14077 major App Server Device properties will not work if property name, device name device group has special characters
14083 major App Server Once we create OKTA external auth profile, certificate will not be updated.
14102 major App Server Optimize large number of concurrent discoveries for Enterprise deployment with Collectors
14177 major System Java run out memory during 4.4.1 upgrade due to  /root/.bashrc did not get copied properly from /opt/phoenix/config/sys/root/.bashrc
14203 major App Server Sometimes business service reports are not deleted when a business service is not deleted – this causes a pileup of extra inline reports that are being run
14221 major App Server Optimize device software patch and device location download to workers and collectors – this causes Workers to not start in large deployments
14254 major App Server Dead lock found when accessing ehcache causing threads to be blocked
14262 major App Server Connect-Wise incident outbound integration – AccelOps overwrites Summary and Status
14264 major System Upgrade sometimes causes GlassFish ownership to become root
14287 major Windows


Windows Agent sometimes has a memory leak because of improper .NET usage
14299 major App Server Optimize namedValue device group REST API – this causes ReportWorker module startup problems in large deployments
14360 major App Server Rule Exceptions are lost when editing org local rule in org
14393 major GUI Widget Dashboard does not honor RBAC – Read Only User can edit dashboards
10021 normal Query Query result is incorrect for “user IN LDAP User Group”
12987 normal Performance


Need the ability to modify event polling max for JDBC based polling for SQL database
13156 normal Performance


Increase default process count to avoid fork failures
13157 normal Performance


Netap ONTAPI API for Performance Monitoring chooses http, even when https is selected
13355 normal Performance


Oracle Acme Packet Controller Session Count metric incorrect
13483 normal App Server Users with View only permission should not be able to add reports to dashboards
13602 normal GUI  For VA with multiple collectors, sorting by any field for a collector restores entire device lis
13651 minor Data A few reports have no descriptions
13652 minor Data A few reports have incorrect descriptions
13702 enhancement App Server Add the ability to use the CMDB Description or Annotation field in Email notifications
13750 minor Performance


Make timeout configurable for http client – so connections between AccelOps modules and Application Server does not time out
13858 minor Discovery HP 3Com Series switch configuration is not pulled because of missing expect script in release
13911 minor Data APC UPS events are not properly parsed


13923 enhancement Data Parse more fields from Cisco CDR records
13953 minor App Server Duplicated disks and networks adapters show in synched ServiceNow CMDB when the discovery or integration schedule interval is short
13955 enhancement Performance


Monitor child device up/down status for Cisco Meraki Cloud Controller
13956 enhancement Data Need additional parsing for several Win-Security events
13976 minor App Server Executive Summary Dashboard: Super/local view show other organization’s locations
13986 enhancement Data Parse more SNMP traps for Cisco WLAN Controller
14002 enhancement Data Parse more McAfee Intrushield IPS events
14006 enhancement Data Collect CPU and memory information for WLAN Controller
14037 enhancement Data Parse more field for Cisco_UC_RTMT_ExcessiveVoiceQualityReports log
14082 enhancement App Server Provide warning for running Incident outbound integration on demand or on schedule to make sure user understands that tickets will be created for old incidents
14085 minor Data HyperV Remaining Guest Memory Rule has wrong operator
14086  normal App Server Optimize the performance of distribution of big IP and domain lists (in malware feeds) from Supervisor to worker nodes. Currently Worker nodes take a long time to initialize because of long download times
14090 normal Discovery Cisco IOS Running config can not be obtained in some cases because of short timeout in expect scripts
14091 normal Discovery Cisco ASA config not discovered when the account has higher privilege (no enable mode)
14092 enhancement Data Eliminate unnecessary “Performance monitoring jobs not picked up for execution” rules that trigger during large discoveries
14093 enhancement Discovery Discovery Windows Server Serial Numbers via WMI (in Bios)
14095 normal System VM console blue screen shows version 4.3.3 after upgrade to 4.4.1
14096 enhancement Data Add support for QNAP logs
14098 normal Data System defined Read only User role can force log out other users
14101 normal Performance


Config discovery timeout causes config change rules to trigger
14103 enhancement GUI Bulk select is not available on CMDB>Blocked IPS
14107 enhancement Data Turn Ping suppression off by default – feature not fully developed
14111 enhancement Data Parse syslog for Dell N Series Switch
14113 enhancement System Allow back-end process to be started only using admin account (not root account)
14134 normal App Server Failed to get report bundle results in some case
14189 minor GUI In Analytics Trend charts, y-axis data is not shown in bits/sec
14197 minor GUI Search filter in group editor removes filtered out items
14201 enhancement Data Drop Netflow IPv6 flow records since IPv6 is not handled currently
14204 enhancement GUI Allow users to choose filters when adding reports to filters on a business service
14211 minor GUI “Locked Users” screen sometimes freezes the GUI
14248 enhancement GUI Allow users to keep the same report name after edit (for user reports)
14255 enhancement Data Move “My Dashboard” to the 3rd place from the top after Incident dashboard to prevent excessive scrolling
14263 enhancement App Server Add 2-factor authentication via RADIUS
14268 enhancement Data Add new reports for Windows Agent
14271 enhancement Data Some Bit9 Carbon Black events not parsed
14279 minor Performance


JDBC Custom Perf job fails because of special character in returned XML
14314 minor Data Parse logon process for Windows logs via Snare for Win-Security-4624 – without this fix, Identity location page not updated
14361 enhancement Data Support different UI logos for organizations
14383 enhancement Performance


Extend support for Jboss 7.1+ (App server metric monitoring)



Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.