Fortinet black logo

Release Notes

Home FortiNDR 7.0.1 Release Notes
7.0.1
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.1
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

What’s new in FortiNDR 7.0.1

What’s new in FortiNDR 7.0.1

FortiNDR detects anomalies using a variety of methods, such as FortiGuard feeds like IPS, botnet IP and DNS DB, as well as added features such as IOC campaign lookup, vulnerable protocols and weak ciphers detection. Apart from detecting protocols like FortiOS NGFW, FortiNDR also looks into the behavior of devices & users, such as FTP download, or SMB copy.

Improved ML Detection and Traffic profiling

FortiNDR uses Machine Learning to profile traffic. FortiNDR 7.0.1 provides more granular options for baselining and anomaly detection. Enhancements include:

  • A critical server which only communicates to 5 IP addresses, then NDR configuration
  • A user PC which will browse internet
Reorganized logic for AV & ANN scan

FortiNDR has both AV engine and ANN (neural networks) for file extraction and scan. FortiNDR 7.0.1 now uses AV engine to pre-scan files first and then use ANN to extract the detailed malware features.

Increased manual submission and NFS to scan 12 layers for ZIP files

FortiNDR 7.0.1 aligns all file input methods (via fabric devices, API, manual and NFS) to extract 12 layers of ZIP files by default.

Increased NDR throughput

FortiNDR 7.0.1 has increased sniffer throughput compared to v7.0.0. This is a result of improving CPU utilization and multi-threading processes for NDR daemons.

JA3 detection enhancement

FortiNDR 7.0.1 looks for both JA3 (client) and JA3 (server) detection, resulting in reducing false positives in detection.

Offline FortiGuard updates support

In FortiNDR 7.0.1 new CLIs were created to load different FortiGuard DB updates. New CLIs are:

exec restore avdb/ipsdb/kdb [disk/tftp/ftp] filename

Please refer to CLI guide for details.

GUI

NDR Dashboard now supports date drill-down per widget (1 day ,1 week and 1 month)

Device inventory naming

When FortiNDR is unable to determine OS of devices from IOT lookup, default naming of device has been changed from OS_Hash of mac address. E.g. UNKNOWN_XYZ to DEVICE_XYZ

Previous
Next

What’s new in FortiNDR 7.0.1

FortiNDR detects anomalies using a variety of methods, such as FortiGuard feeds like IPS, botnet IP and DNS DB, as well as added features such as IOC campaign lookup, vulnerable protocols and weak ciphers detection. Apart from detecting protocols like FortiOS NGFW, FortiNDR also looks into the behavior of devices & users, such as FTP download, or SMB copy.

Improved ML Detection and Traffic profiling

FortiNDR uses Machine Learning to profile traffic. FortiNDR 7.0.1 provides more granular options for baselining and anomaly detection. Enhancements include:

  • A critical server which only communicates to 5 IP addresses, then NDR configuration
  • A user PC which will browse internet
Reorganized logic for AV & ANN scan

FortiNDR has both AV engine and ANN (neural networks) for file extraction and scan. FortiNDR 7.0.1 now uses AV engine to pre-scan files first and then use ANN to extract the detailed malware features.

Increased manual submission and NFS to scan 12 layers for ZIP files

FortiNDR 7.0.1 aligns all file input methods (via fabric devices, API, manual and NFS) to extract 12 layers of ZIP files by default.

Increased NDR throughput

FortiNDR 7.0.1 has increased sniffer throughput compared to v7.0.0. This is a result of improving CPU utilization and multi-threading processes for NDR daemons.

JA3 detection enhancement

FortiNDR 7.0.1 looks for both JA3 (client) and JA3 (server) detection, resulting in reducing false positives in detection.

Offline FortiGuard updates support

In FortiNDR 7.0.1 new CLIs were created to load different FortiGuard DB updates. New CLIs are:

exec restore avdb/ipsdb/kdb [disk/tftp/ftp] filename

Please refer to CLI guide for details.

GUI

NDR Dashboard now supports date drill-down per widget (1 day ,1 week and 1 month)

Device inventory naming

When FortiNDR is unable to determine OS of devices from IOT lookup, default naming of device has been changed from OS_Hash of mac address. E.g. UNKNOWN_XYZ to DEVICE_XYZ

Previous
Next