FortiSIEM What’s New in 4.5.2

What’s new in Release 4.5.2

Bug Fixes

New Device Support

Bug Fixes

Bug ID Severity Component Description
15260 Major GUI Group By cannot be saved in Rule sub-patterns when creating / editing rules
15346 Major GUI VCenter Cluster level CPU and Memory Utilization events are not generated
15368 Major App Server Sometimes airline monitoring events have customer id 1 (Super/local) instead of correct customer id

(corresponding airline)

15398 Major System Upgrade issue – VMware pulling via Collectors – Old VMware SDK libraries (vim25-4.0.jar,vim-4.0.jar) in Collector causes VMware event pulling problems
15399 Major System Upgrade issue – missing perl-IO-Socket-SSL and perl-NetAddr-IP packages on 4.5.1 Collector causes eStreamer communication to fail from Collelctor
15400 Major Parser “use_dns_lookup=no” flag NOT working for SyslogNGParser and UnixParser
15266,

15330

Normal Parser Excessive DNS failed login causes phoenix.log to grow
15373 Normal Data Windows successful logon event parsed incorrectly as logon failure events
15317 Normal GUI Mistakenly removes Event  Receive Status for Windows Agent when user disables WMI event pull
15397 Normal Data

Manager

Occasional crash in phDataManager due to out-of-scope pointer usage
15294 Normal Parser Strange device types created in CMDB from Netflow discovery
15313 Normal App Server Exception causes App server task cache and database to go out of synch – this causes memory leak in Agent

Manager

15343 Normal App Server Creating a rule exception in Super Local will erroneously remove the corresponding entry from system watch list
15120 Minor Data Fortinet IPS Event Severity Parsing is incorrect
15249 Minor Data Some CMDB Reports containing single quote in Filter condition incorrectly displayed and do not produce correct results
15253 Minor Data Reporting device name is parsed wrong in LinuxInotifyParser
15255 Minor Data Windows Server Failed Logons report definition is incorrect because logon failure events do not have winLogonType
15265 Minor Data Reporting Device name is parsed incorrectly in agentless FIM events
15320 Minor Data AccelOps-WUA-WinLog should be parsed to syslog
15344 Minor Data Parsing error for sourcefire, cisco acs, junos
15371 Minor Data H3C syslog events have incorrect Reporting IP 0.0.7.224
15376 Minor Data One system CMDB report in Ungrouped category
15345 Minor Data Some profile rules did not report incident attributes correctly
15369 Minor Data Should not show SSH credential for Cisco FirePower in Credential tab
15285 Enhancement Data Parse  IOS-CDP-NATIVE_VLAN_MISMATCH
15372 Enhancement Enhancement Parse attribute from Windows System Time Change events and add a PCI report

New Device Support

Symantec DLP – log analysis – see here

IBM OS400 (iSeries) Log Parsing via Townsend Agent – see here

Tufin SecureTrack – log analysis – see here

IBM Guardium – log analysis – see here

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.