Special Notices
This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.2.0.
Removed Rules Engine
- The Rules Engine is removed in the 7.2.0 release. The Rules Engine was already marked as 'Deprecated' from release 7.0.1 onwards, and now will no longer be available.
- The rules engine is removed since you can achieve its functionality and more, by using FortiSOAR's powerful conditional playbook triggers. For example, the conditional triggers in playbooks enable users to execute steps on a combination of conditions, which was very complicated using the rules engine.
Before you upgrade your system to FortiSOAR release 7.2.0, ensure that you have moved existing rules to FortiSOAR's powerful conditional playbook triggers, else the rules information will be lost. |
Removal of the approvalHost
global variable
Playbooks that contain a reference to the approvalHost
global variable fail with the 'approvalHost variable undefined
' error since the approvalHost
global variable is removed from release 7.2.0 onwards. To resolve this error, replace the approvalHost
global variable in the playbook with the Server_fqhn
global variable.
System user for integrations runtime should have minimal privileges on the file system
From FortiSOAR release 7.2.0 onwards, integrations are run using the fsr-integrations
user instead of the nginx
user. Therefore, code snippets that try to write on a file system that is outside /opt/cyops-integrations
or /tmp
might be impacted and you also need to ensure appropriate permissions have been given to the fsr-integrations
user.
Writing on file systems using code snippets outside |
Renamed the update.cybersponse.com repository
The FortiSOAR repository update.cybersponse.com has been renamed to https://repo.fortisoar.fortinet.com/ in release 7.2.0. Both these repositories will be available for a while to allow users who are on a release prior to FortiSOAR release 7.2.0 to access connectors and widgets. However, in time, only https://repo.fortisoar.fortinet.com/ will be available.
Deprecated Queue Management
Queue Management has been deprecated from this release. If you have set up queue management the same will not be affected when you upgrade to release 7.2.0. However, it is highly recommended that you migrate your queues (manually) to the newly introduced 'Queue and Shift Management' feature in place of queue management. This feature handles automated record assignments, which were not supported in Queue Management. For more information, see the Queue and Shift Management chapter in the "User Guide."
Blocked importing of OS-related packages (os, sys, subprocess) using the Code Snippet connector
By default, users cannot import and run OS-related packages (os, sys, subprocess) using the Code Snippet connector. This has been done to prevent users from running arbitrary Python codes that could result in system code execution.
If users require to import and run OS-related packages using the Code Snippet connector, then they require to customize the /opt/cyops-integrations/integrations/configs/config.ini
file by adding the allow_os_packages = true
statement in the config.ini
file.
Introduction of the SOAR Framework Solution Pack
Release 7.2.0 introduces the SOAR Framework Solution Pack (SP) which is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. The Incident Response modules have been removed from the FortiSOAR platform and moved to the SOAR Framework SP. Therefore, from release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.
Fresh installations of FortiSOAR release 7.2.0 will by default, have the SOAR Framework Solution Pack installed. |
Post-upgrade to 7.2.0 users should be assigned appropriate permissions for Content Hub
Once you upgrade to 7.2.0, appropriate permissions must be assigned to users who require to work with Content Hub, i.e., solution packs, widgets, and connectors. For users who need to work with all the components assign the 'FSR Content Hub' role ; however, users who need to work only with an individual component such as widgets or connectors, appropriate permissions should be assigned for 'Content Hub' and individually for 'Widgets' or 'Connectors'.
Post-upgrade to 7.2.0 user cannot see the earlier record assignment notifications
Once you upgrade to 7.2.0, record assignment notifications such as task assignment notifications from earlier releases are not visible in FortiSOAR's new notifications framework.