Fortinet black logo

Release Notes

Home FortiSOAR 7.2.0 Release Notes
7.2.0
7.5.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.3.2
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0

Special Notices

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.2.0.

Removed Rules Engine

  • The Rules Engine is removed in the 7.2.0 release. The Rules Engine was already marked as 'Deprecated' from release 7.0.1 onwards, and now will no longer be available.
  • The rules engine is removed since you can achieve its functionality and more, by using FortiSOAR's powerful conditional playbook triggers. For example, the conditional triggers in playbooks enable users to execute steps on a combination of conditions, which was very complicated using the rules engine.
Caution Before you upgrade your system to FortiSOAR release 7.2.0, ensure that you have moved existing rules to FortiSOAR's powerful conditional playbook triggers, else the rules information will be lost.

Removal of the approvalHost global variable

Playbooks that contain a reference to the approvalHost global variable fail with the 'approvalHost variable undefined' error since the approvalHost global variable is removed from release 7.2.0 onwards. To resolve this error, replace the approvalHost global variable in the playbook with the Server_fqhn global variable.

System user for integrations runtime should have minimal privileges on the file system

From FortiSOAR release 7.2.0 onwards, integrations are run using the fsr-integrations user instead of the nginx user. Therefore, code snippets that try to write on a file system that is outside /opt/cyops-integrations or /tmp might be impacted and you also need to ensure appropriate permissions have been given to the fsr-integrations user.

Caution

Writing on file systems using code snippets outside /tmp is highly discouraged.

Renamed the update.cybersponse.com repository

The FortiSOAR repository update.cybersponse.com has been renamed to https://repo.fortisoar.fortinet.com/ in release 7.2.0. Both these repositories will be available for a while to allow users who are on a release prior to FortiSOAR release 7.2.0 to access connectors and widgets. However, in time, only https://repo.fortisoar.fortinet.com/ will be available.

Deprecated Queue Management

Queue Management has been deprecated from this release. If you have set up queue management the same will not be affected when you upgrade to release 7.2.0. However, it is highly recommended that you migrate your queues (manually) to the newly introduced 'Queue and Shift Management' feature in place of queue management. This feature handles automated record assignments, which were not supported in Queue Management. For more information, see the Queue and Shift Management chapter in the "User Guide."

Blocked importing of OS-related packages (os, sys, subprocess) using the Code Snippet connector

By default, users cannot import and run OS-related packages (os, sys, subprocess) using the Code Snippet connector. This has been done to prevent users from running arbitrary Python codes that could result in system code execution.

If users require to import and run OS-related packages using the Code Snippet connector, then they require to customize the /opt/cyops-integrations/integrations/configs/config.ini file by adding the allow_os_packages = true statement in the config.ini file.

Introduction of the SOAR Framework Solution Pack

Release 7.2.0 introduces the SOAR Framework Solution Pack (SP) which is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. The Incident Response modules have been removed from the FortiSOAR platform and moved to the SOAR Framework SP. Therefore, from release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

Fresh installations of FortiSOAR release 7.2.0 will by default, have the SOAR Framework Solution Pack installed.

Post-upgrade to 7.2.0 users should be assigned appropriate permissions for Content Hub

Once you upgrade to 7.2.0, appropriate permissions must be assigned to users who require to work with Content Hub, i.e., solution packs, widgets, and connectors. For users who need to work with all the components assign the 'FSR Content Hub' role ; however, users who need to work only with an individual component such as widgets or connectors, appropriate permissions should be assigned for 'Content Hub' and individually for 'Widgets' or 'Connectors'.

Post-upgrade to 7.2.0 user cannot see the earlier record assignment notifications

Once you upgrade to 7.2.0, record assignment notifications such as task assignment notifications from earlier releases are not visible in FortiSOAR's new notifications framework.

Previous
Next

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiSOAR version 7.2.0.

Removed Rules Engine

  • The Rules Engine is removed in the 7.2.0 release. The Rules Engine was already marked as 'Deprecated' from release 7.0.1 onwards, and now will no longer be available.
  • The rules engine is removed since you can achieve its functionality and more, by using FortiSOAR's powerful conditional playbook triggers. For example, the conditional triggers in playbooks enable users to execute steps on a combination of conditions, which was very complicated using the rules engine.
Caution Before you upgrade your system to FortiSOAR release 7.2.0, ensure that you have moved existing rules to FortiSOAR's powerful conditional playbook triggers, else the rules information will be lost.

Removal of the approvalHost global variable

Playbooks that contain a reference to the approvalHost global variable fail with the 'approvalHost variable undefined' error since the approvalHost global variable is removed from release 7.2.0 onwards. To resolve this error, replace the approvalHost global variable in the playbook with the Server_fqhn global variable.

System user for integrations runtime should have minimal privileges on the file system

From FortiSOAR release 7.2.0 onwards, integrations are run using the fsr-integrations user instead of the nginx user. Therefore, code snippets that try to write on a file system that is outside /opt/cyops-integrations or /tmp might be impacted and you also need to ensure appropriate permissions have been given to the fsr-integrations user.

Caution

Writing on file systems using code snippets outside /tmp is highly discouraged.

Renamed the update.cybersponse.com repository

The FortiSOAR repository update.cybersponse.com has been renamed to https://repo.fortisoar.fortinet.com/ in release 7.2.0. Both these repositories will be available for a while to allow users who are on a release prior to FortiSOAR release 7.2.0 to access connectors and widgets. However, in time, only https://repo.fortisoar.fortinet.com/ will be available.

Deprecated Queue Management

Queue Management has been deprecated from this release. If you have set up queue management the same will not be affected when you upgrade to release 7.2.0. However, it is highly recommended that you migrate your queues (manually) to the newly introduced 'Queue and Shift Management' feature in place of queue management. This feature handles automated record assignments, which were not supported in Queue Management. For more information, see the Queue and Shift Management chapter in the "User Guide."

Blocked importing of OS-related packages (os, sys, subprocess) using the Code Snippet connector

By default, users cannot import and run OS-related packages (os, sys, subprocess) using the Code Snippet connector. This has been done to prevent users from running arbitrary Python codes that could result in system code execution.

If users require to import and run OS-related packages using the Code Snippet connector, then they require to customize the /opt/cyops-integrations/integrations/configs/config.ini file by adding the allow_os_packages = true statement in the config.ini file.

Introduction of the SOAR Framework Solution Pack

Release 7.2.0 introduces the SOAR Framework Solution Pack (SP) which is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. The Incident Response modules have been removed from the FortiSOAR platform and moved to the SOAR Framework SP. Therefore, from release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

Fresh installations of FortiSOAR release 7.2.0 will by default, have the SOAR Framework Solution Pack installed.

Post-upgrade to 7.2.0 users should be assigned appropriate permissions for Content Hub

Once you upgrade to 7.2.0, appropriate permissions must be assigned to users who require to work with Content Hub, i.e., solution packs, widgets, and connectors. For users who need to work with all the components assign the 'FSR Content Hub' role ; however, users who need to work only with an individual component such as widgets or connectors, appropriate permissions should be assigned for 'Content Hub' and individually for 'Widgets' or 'Connectors'.

Post-upgrade to 7.2.0 user cannot see the earlier record assignment notifications

Once you upgrade to 7.2.0, record assignment notifications such as task assignment notifications from earlier releases are not visible in FortiSOAR's new notifications framework.

Previous
Next