FortiSIEM What’s New in Release 4.3.3

What’s New in Release 4.3.3

AccelOps release 4.3.3 is focused on bug fixes and enhancements.

Bug ID Severity Component Description
13182 major Performance

Monitoring

Performance Monitoring jobs fail when devices discovery credentials are specified in sub-net notation
12604 major Event

Packager

Potential event loss if Supervisor node is down for extended amount of time
13010 major GUI Domain field is missing for manually added users for LDAP authentication
13098 major Rule Excessive Incident Drop Logging may cause parser module to consume high CPU
13020 normal App Server The ‘&’ character in a Rule name causes App Server out of memory error
13028 normal App Server When you discover with VM SDK first and then SNMP/WMI followed by consecutive VM SDK discoveries (e.g. VM SDK->SNMP/WMI->VM SDK -> VMSDK), then discovered information via other means (e.g.

SNMP/WMI) may be incorrectly deleted from CMDB

12953 normal App Server Clear Condition Attribute does not show up without saving the rule
13255 normal App Server Exception thrown during App Server start up caused by SystemConfigManager not found
13011 normal App Server Device maintenance does not work if End Date not set
12994 normal App Server Cannot query user-defined Watch list entries in Rules and Reports
13063 normal App Server Fix XSS vulnerability with Collector registration process
12939 normal App Server If there is an error in delivering a scheduled report, the report name is not captured in

PH_REPORT_ACTION_STATUS event

10302 normal App Server Incident count on Dashboard Calendar View page does not match count in Incident Tab
13027 normal Discovery Juniper SRX firewalls are sometimes discovered incorrectly as JunOS routers and therefore not put in the right CMDB group
13243 normal Discovery HP ProCurve SSH based configuration discovery fails for newer switches
13012 normal Discovery Cisco VoIP phones not discovered when phones do not have MAC address in SNMP walk (Call Manager

V10 and later)

12901 normal Discovery Discovery of Windows Server Host Names differ from 4.2.3 – FQDN do not have highest priority
13119 normal Discovery Discovering interfaces with /31 and /32 mask fails – traditionally these masks are not used in proper IP address definitions
13337 normal Discovery Use LLDP in addition to CDP for Layer2 Port mapping discovery – PCs connected to non-Cisco phones connecting to Cisco Access Switches
12891 normal Discovery Dell PowerConnect Switch configuration discovery via SSH fails for older switches
13190 normal GUI (AO-SP only) Editing the global exception for a rule would overwrite the org exception for the rule.
12921 normal GUI All Devices Dashboard Summary page does not populate when there is a special character (‘&’) in host name
12865 normal GUI Cannot drill down from widget dashboards by selecting a specific value in the charts – used to work in

3.7.6

12936 normal GUI Rules show incorrectly that Clear Condition is undefined, until clear condition is edited or viewed.
13233 normal GUI Report does not run when event attributes has %
13178 normal GUI CMDB Report for Active Rules does not work in Enterprise Edition
13315 normal GUI Dashboard error happens when user renames business service
13279 normal GUI Prev button does not work when searching for keyword in Custom Parser GUI
13221 normal GUI Edit Rule from Incident tab does not work correctly after Group By Name
12007 normal GUI Exceptions are not cloned when a rule is cloned
13122 normal Rule Rule does not fire if the DeviceToCMDBAttr function is used in Incident event type definition
13111 normal Parser Checkpoint certificate encode-decode inconsistent – an extra NULL termination character added to the SIC before encoding can cause SIC mismatch errors during decode and the LEA connection to be aborted

 

11253 normal Parser Possible bug in WatchGuardFirewallParser causes the parser to fail to extract any useful attributes from the log.
13249 normal Parser Avoid reverse DNS look up in syslog for host names that do not match host name criteria
12915 normal Performance

Monitoring

WINEXE does not work for Windows 2012 R2 – this is used for remotely communicating to Windows servers
12910 normal Performance

Monitoring

Custom winexe based performance monitoring: inconsistent behavior- sometimes test returns correct items, however sometimes it also does not return any data
12911 normal Performance

Monitoring

Custom winexe based performance monitoring: Unexpected “Variable <xxx> Not Found” error
13029 normal Performance

Monitoring

Use SNMP/dskTable (first choice) and SNMP/hrStorage (backup) to calculate disk space utilization and reserved space for Linux based systems. Create an event when SNMP/dskTable is not configured.
12845 normal Query Query tasks should be evenly distributed to all Worker nodes instead of assigning to first few Worker nodes
12968 normal Device

Support

False positive on Windows Audit Log Cleared rule caused by not considering Source Name in Windows event log parsing
13007 normal Upgrade Disable SSLv3 and RC4 cypher by default on ssl.conf while upgrading from 4.2.* to 4.4.*
13013 enhancement Device

Support

Add performance monitoring for FireEye MPS appliances
12980, 12979 enhancement Device

Support

Support Cisco Meraki Cloud Controller – discovery, syslog, SNMP trap
12647 enhancement Device

Support

Parse Cisco UCS syslog events
13057 enhancement Device

Support

Add new IPS signature definitions for Palo Alto FW/IDS
12925 enhancement Device

Support

Additional parsing for Sonicwall Firewall events: sent packets and receive packets
13023, 13154,

12946, 13285,

12929, 13001

enhancement Device

Support

Add more parsing for Windows security event logs
12895 enhancement Device

Support

Add event type Win-System-98 for detecting disk corruption
13312, 12933,

13271

enhancement Device

Support

Additional parsing for NetScaler login events
13113 enhancement Device

Support

Additional parsing for TrendMicro OfficeScan syslog
13047 enhancement Device

Support

Additional parsing for Cisco IOS syslog
12932 enhancement Device

Support

Additional parsing for Brocade network switches
13294 enhancement Device

Support

Additional parsing for CiscoNxOS syslog
13000 enhancement Device

Support

For JUNOS cpu monitoring, use 1.3.6.1.4.1.2636.3.1.13.1.21 (jnxOperating5MinLoadAvg) instead of

1.3.6.1.4.1.2636.3.1.13.1.8 (jnxOperatingCPU)

13014 enhancement Device

Support

Additional parsing Cisco Call Manager syslog events
12766 enhancement Device

Support

Add parser for Trend Micro’s Deep Security tool
13104 enhancement Device

Support

Support new format for Cisco IOS OSPF syslog message format
12989, 13103 enhancement Device

Support

Additional parsing for Cisco Ironport Mail appliances – “TCP_DENIED events
12930, 12931 enhancement Device

Support

Additional parsing for FortiGate events
13207 enhancement Device

Support

Discover Virtual Switch hardware information for JunOS

 

13120 enhancement Device

Support

Discover hardware information for JunOS via SNMP
13070 enhancement Device

Support

Parse Dell force 10 syslog
13042 enhancement App Server VA with Collectors: Duplicate devices when a device is discovered by Collector C1 while logs sent to different Collector C2
13043 enhancement App Server Incident Notification via XML/HTTP(S) – do not always require user name and password
13216 enhancement App Server Incident Notification via XML/HTTP(S) – Allow SOAP header and style sheet
13016 enhancement Rule Make the event delay threshold for Rule engine configurable
12996 enhancement Data Optimize “Heavy UDP Host Scan on Fixed Port” rule by excluding DNS traffic
13105 enhancement System Include nload and iotop as part of pre-packaged tools
12934 enhancement System Allow user to disable “Low AccelOps eventdb Disk Space” System Error Messages
10003 enhancement GUI Report event limit in exported or manual reports if the report result count is more than the supported upper limit
13234 enhancement GUI Add a drop down in CMDB for Collectors (in addition to Organizations) – this helps to identify devices associated with a collector
13002 enhancement GUI Add capability to search credential association by IP in GUI – should be able to search for an IP address within an address range or a subnet
13181 enhancement Performance

Monitoring

Provide a framework for computing host performance efficiency index based on Incident Triggers

 

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.