FortiSIEM What’s new in Release 4.2.2

What’s new in Release 4.2.2

This release fixes several issues and adds several enhancements on top of 4.2.1 release.


Note: To upgrade to this release, migrate to 4.2.1 first and then upgrade to 4.2.2. It is not possible to directly upgrade from 3.7.x to 4.2.2

because of the operating system changes.


General GUI related fixes and enhancements

Platform related fixes and enhancements

Performance Monitoring / STM related fixes and enhancements

Rule / Query / Report Engine related fixes and enhancements

Parsing related fixes and enhancements

Discovery related fixes and enhancements Open Issues


General GUI related fixes and enhancements

Bug 5532: User can write duplicate event forwarding rules

Bug 8100: Under CMDB > Blocked IP addresses > Emerging Threats, the last updated time stays at 1969 even after setting up the “Update Automatically”

Bug 9023: For Selenium based Web STM, the Selenium script upload file feature should report an error message when user doesn’t select a file

Bug 10279: Exporting and then importing back the same report creates two reports

Bug 10306: Remedy incident clear time is incorrect in AccelOps

Bug 10741: Adding a Selenium script definition using Edit/Paste fails with run time error: Could not find Firefox in your system Path.

Bug 10816: Clone Event Attribute Type has not Value Type

Bug 10848: Null column header shows in report when exporting incident “Incident Notification Error”

Bug 10880: In Analytics > Generated Reports, a user with  read only view privilege should not be able to delete a report

Bug 10972: Maintenance calendar month view should display as March 2014 instead of 03,2014

Bug 10993:  Load Report page is not paginated – loads slowly

Bug 11017: User with edit and run privilege can not export Identity and Location Report

Bug 11027: User with View and Run privilege should not be able to Import Rules

Bug 11046: GUI allows multiple organizations without collectors with overlapping IP address ranges

Bug 11047: Incident notification via email: Incident details incorrectly shows Triggered Event Count  instead of Incident Count

Bug 11051: Clicking Related Incidents for “Excessive Denied Connections From An External Country” shows errors

Bug 11067: Test Connectivity button does not work but the drop down menu works

Bug 11072: Schedule field in CMDB report on Report does not support multiple records

Bug 11178: Imported custom dashboard column can not show in org view

Bug 11264: Add “free disk” to Exec Summary and All Device dashboard

Bug 11306: Allow other Flow sources like SFLOW, ASA Netflow in CMDB > Interface Stats > Inbound/outbound flow drill down   a

Selenium scrip

Platform related fixes and enhancements

Bug 11122: Incident notification via SNMP and HTTP(S) fails on VA mode

Bug 11127: Notification action is successful but the Incident Notification Status column is empty

Bug 11168: Incidents which belong org with collector can display in orgs without collector on incident dashboard calendar view page Bug 11184: System error “succeed ratio too low” isn’t cleared automatically Bug 11286: Upgrade to CentOS 6.5

Performance Monitoring / STM related fixes and enhancements

Bug 11053: Capture reserved disk size for Linux disk space monitoring

Bug 11195: Incorrect User Connections information on MySQL dashboard

Bug 11221: Linux disk space monitoring (via SSH) does not work for Debian Linux

Bug 11305: Remove PH_DEV_MON_CUST restriction from Custom performance jobs – this allows new device type’s CPU, Memory to be shown in dashboards

Bug 11332: Faulty Hardware monitoring – if failed once – then never reattempted again

Rule / Query / Report Engine related fixes and enhancements

Bug 11246: Unable generate reports using Network Segment folders

Parsing related fixes and enhancements

Bug 11099: Parse PostFix SMTP gateway logs

Bug 11149: Need to alert on Microsoft Cluster Service Failure errors

Bug 11153: Add parsing for Symantec IDS events

Bug 11167: Incorrect error handling for XML parsing by the parser module

Bug 11177: Need to set event severity from syslog priority field

Bug 11201: Fortinet parser extensions to cover more event parsing

Bug 11222: Clone and Test CiscoIPSParser does not work

Discovery related fixes and enhancements

Bug 11193: CMDB reports wrong memory unit for EMC VNX and Clarion

Bug 11232: Merge across Collectors incorrect in some cases – we need enhancement to merge same host across collectors so long they belong to same organization

Bug 11233: CMDB view is incorrect for VCenter discovered VMs when multiple guests on common ESX is split across customers

Bug 11236: Nx-OS interface speed incorrect when an interface has both ifHighSpeed and ifSpeed entries

Bug 11244: Need to add Windows 2008 R2, Windows 2003 R2, Windows 2012 R2 as new device types

Bug 11261: Cisco IOS router discovery crashes in certain cases with Cisco VoIP entries

Bug 11263: Show datastores for ESX during VCenter/ESX discovery

Bug 11264: Detailed Linux device type discovery using SSH – replace General Linux with Redhat Linux, Ubuntu Linux etc

Bug 11277: Remove extra “System Reserved” disk for Windows via WMI

Open Issues


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.