Category Archives: FortiAnalyzer

FortiAnalyzer 5.4 Has Been Released!

Leave a reply

If you are using a FortiAnalyzer in any capacity, go ahead and upgrade to 5.4. You will be thankful!

There are some things you need to take note of though before proceeding:

  • in 5.4, Fortinet changed the raw log / SQL design and support per vdom log file and also quota is now ADOM based, so a rebuild of SQL db is needed.

What’s new in FortiAnalyzer version 5.4.0

The following is a list of new features and enhancements in FortiAnalyzer version 5.4.0.

  • New GUI look
  • Remote SQL database deprecated
  • Device support improvements
  • Log forwarding improvements
  • Log storage improvements
  • Fetch offline logs
  • FortiClient improvements
  • FortiView improvements
  • Reports improvements
  • Others
    • Improved Event Management usability
    • Added Factory Reset option to Event Handler

Introduction

  • Improved Action and Security Action for the Traffic Log
  • Improved HA Conversion efficiency
  • Correlated FortiClient Logs with FortiOS Logs for Application Detection
  • Added logging support for FortiDDoS l JSON API Syntax Validation for Report Configuration
  • Added SSN/Credit DLP Charts
  • PCI DSS Compliance Report
  • Added View Related Logs Option in FortiView
  • Added the ability to clone a chart from report layout
  • Added options for chart import and export l Added CVE Information to FortiView and Reports
  • Supporting EMS Managed Endpoint Logs
  • Support FortiOS Web Application Firewall (WAF) and GTP Logs

What’s New – FortiAnalyzer 5.2

Leave a reply

So, for those of you that utilize the FortiAnalyzer (in place of or in addition to Splunk, ArcSight etc) here is the “What’s New” for FortiAnalyzer 5.2. This is a copy of the Fortinet direct documentation for those that don’t have access to it.

What’s New in FortiAnalyzer v5.2

FortiAnalyzer v5.2 includes the following new features and enhancements.

FortiAnalyzer v5.2.0

FortiAnalyzer v5.2.0 includes the following new features and enhancements.

Event Management

  • Event Handler for local FortiAnalyzer event logs
  • FortiOS v4.0 MR3 logs are now supported.
  • Support subject customization of alert email.

FortiView

  • New FortiView module

Logging

  • Updated compact log v3 format from FortiGate • Explicit proxy traffic logging support
  • Improved FortiAnalyzer insert rate performance
  • Log filter improvements
  • FortiSandbox logging support
  • Syslog server logging support

Reports

  • Improvements to report configuration
  • Improvements to the Admin and System Events Report template
  • Improvements to the VPN Report template
  • Improvements to the Wireless PCI Compliance Report template
  • Improvements to the Security Analysis Report template
  • New Intrusion Prevention System (IPS) Report template
  • New Detailed Application Usage and Risk Report template
  • New FortiMail Analysis Report template
  • New pre-defined Application and Websites report templates
  • Macro library support
  • Option to display or upload reports in HTML format
  • FortiCache reporting support

 

Other

  • HA cluster auto discover