Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiSOAR 7.6.1 Release Notes
    7.6.1
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.5.2
    7.5.1
    7.5.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.2
    7.2.1
    7.2.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.4
    6.4.3
    6.4.1
    6.4.0
    6.0.0

    New Features and Enhancements

    New Features and Enhancements

    This release brings exciting new features and enhancements to improve performance, strengthen data security, and elevate your FortiSOAR™ experience.

    Usage-based licensing for FortiSOAR via FortiFlex

    • Starting with release 7.6.1, FortiSOAR integrates with FortiFlex, offering usage-based licensing. FortiFlex provides a straightforward, points-based approach that empowers organizations to optimize their cybersecurity services and spending, providing flexibility in deployment and scaling.
    • Using the FortiFlex portal you can easily manage and scale your entitlements, license seats, and expirations, as well as monitor your FortiPoint usage for effective cost tracking.
      For details, see the Licensing FortiSOAR chapter in the "Deployment Guide."

    Rolling Upgrade Support for High Availability clusters

    • FortiSOAR now supports rolling upgrades for high availability (HA) clusters, reducing downtime from approximately 30 minutes to just 2 minutes. This optimization ensures minimal disruption during upgrades.
      For details, see the Upgrading a FortiSOAR High Availability Cluster chapter in the "Upgrade Guide."

    Strengthened Data Security: Data-at-Rest encryption for FortiSOAR

    • FortiSOAR introduces a powerful new feature that elevates your data security: encrypting FortiSOAR's data at rest.
      Data at rest encryption is vital for safeguarding sensitive information against unauthorized access. FortiSOAR achieves this using 'Disk Encryption', which is a robust solution that helps to ensure data remains secure on Linux systems, even in the event of physical theft or breaches. This on-demand feature puts you in control of your data security.
      For details, see the Encrypting FortiSOAR's Data At Rest chapter in the "Deployment Guide."

    Administrative Enhancements

    • Retention of customized playbooks that were imported through a solution pack during Solution Packs upgrades: In release 7.6.1, any custom changes you make to your playbooks that are imported through a solution pack will be preserved during solution pack upgrades, saving you time and effort. Previously, if you edited playbooks that were part of a solution pack, it was recommended to clone them first to prevent losing your customizations during upgrades. With this update, you no longer need to take this extra step—your custom playbooks are preserved, simplifying your upgrade process.
      For details, see the Introduction to Playbooks chapter in the "Playbook Guide" and the Solution Packs chapter in the "User Guide."
    • Playbook log movement to optimize workflow logs storage: This enhancement moves playbook logs to historical storage after playbooks are completed. This helps reduce the size of the active storage, improving performance, and making playbooks more efficient.
      For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide" and the System Configuration chapter in the "Administration Guide."
    • Navigation Structure Optimization: The navigation structure options when exporting and creating solution packs have been enhanced. Previously, you could only append navigation items. You can now choose to replace or merge all the navigation items or apply these options to selected individual items. This enhancement offers you greater flexibility in customizing your navigation experience.
      For details, see the Export and Import Wizards topic in the Application Editor chapter of the "Administration Guide."

    Playbook Designer and Executed Playbook Logs Dialog Enhancements

    • Option to view playbooks referencing the current playbook: In release 7.6.1, we've added a new option at the top of the playbook designer canvas. This option allows you to quickly view a list of playbooks that are referencing the current playbook, making it easier to identify the parent playbooks.
      For details, see the Introduction to Playbooks chapter in the "Playbook Guide."
    • Executed Playbook Logs enhancements: In release 7.6.1, we've improved the Executed Playbook Log dialog with the following updates:
      • Bifurcated Log Display: Playbook logs present in the active storage are displayed in the 'Recent Playbooks Logs' list, while logs in the historical storage are shown in the 'Historical Playbook Logs' list.
      • New HA Node Filter: A new filter has been added to the Executed Playbook Logs dialog for high availability (HA) clusters. You can now filter logs by node name, making it easier to find playbook executions on specific HA nodes.
        For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide."

    FortiSOAR User Interface Enhancements

    • Enhanced Widget Configuration: Widgets can now be set to always expand in the list view of modules, allowing for quicker access to important information.
      For details, see the Dashboards, Templates, and Widgets chapter in the "User Guide."
    • Customizable Page Sizes for Grids: Grids now support customizable record display options on the list view of modules, both at the module and user levels. Users can select their preferred default number of records per page from the following options: 5, 10, 30, 50, 100, or 250. This enhancement replaces the previous default of 30 records, offering greater flexibility and a more personalized viewing experience.
      For details, see the Dashboards, Templates, and Widgets chapter in the "User Guide."
    • Pagination Support for Executed Playbook Logs: Pagination support has been added to the Executed Playbook Logs dialog. You can now effortlessly navigate through your executed playbook logs, making it easier to find what you need.
      For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide."
    • Enhanced License Manager page: Added a refresh button next to the Allowed Actions Per Day field. This field displays both the total action count and the remaining number of FortiSOAR actions users can perform each day. With the addition of the refresh button users can quickly update the count without reloading the 'License Manager' page.
      For details, see the Licensing FortiSOAR chapter in the "Deployment Guide."

    Solution Packs, Connectors, and Widget Enhancements

    Several new enhancements are introduced across solution packs, connectors, and widgets. Here are some key updates:

    • Notable New and Updated Solution Packs:
      • Multiple Outbreak Alert Response Solution Packs are added to conduct hunts that help identify and investigate potential Indicators of Compromise (IOCs) related to vulnerabilities across operational environments such as FortiSIEM and FortiAnalyzer.
      • Outbreak Response Framework (ORF) has been revamped with several key enhancements including a dynamic outbreak response dashboard that provides a comprehensive overview. Automation capabilities have been improved with the addition of new schedules, streamlining outbreak response tasks. An enhanced configuration wizard simplifies the process of configuring ORF for various integrations from the configuration wizard page. Additionally, the framework now includes a pluggable threat hunting framework that integrates with FortiSIEM and FortiAnalyzer, enabling more effective outbreak alert detection. For details, see the Outbreak Response Framework document.
      • SOAR Framework Solution Pack (SFSP) includes a single keystore record that simplifies the management of all types of Indicators of Compromise (IOCs). It also comes with optimized pre-installed connectors that accelerate deployment, among other updates. Some key enhancements include:
        • Streamlined Indicator Extraction: A user-friendly, wizard-like interface simplifies the process of:
          • defining indicators to be excluded from extraction, both in small groups and in bulk
          • mapping alert and incident fields to be extracted as indicators
          • creating custom indicator types
          • adding comments to excluded file indicators and creating file indicators from email attachments
        • Enhanced Record Security: The role 'Full App Permission' no longer grants the ability to delete 'Key Store' records, preventing accidental removal and adding an extra layer of fail-safe protection.
        • Setup Guide: The Streamline section of the Setup Guide has been updated to prioritize indicator extraction as the first setup step, offering a smoother and more efficient setup experience.
        These updates make SFSP faster, more efficient, and highly configurable, so you can work smarter and with greater confidence. For details, see the SFSP document.
      • FortiAI, is now more powerful, allowing users to easily create prompts using their own voice. Additionally, you can search any FortiSOAR record simply by providing a prompt, with the flexibility to make searches as complex as needed. These enhancements drastically reduce the time SOC analysts spend querying data or writing complex prompts, empowering them to investigate and complete tasks more efficiently, while also improving accessibility. For details, see the FortiAI document.
      • Lacework FortiCNAPP, now integrates with Microsoft Teams to streamline operations. It also introduces secure authentication for webhooks in incident response, along with other improvements that further enhance incident response capabilities. For details, see the Lacework FortiCNAPP Composite Alert Incident Response document.
    • New and Updated Connectors: Multiple integrations (Fortinet Fabric and third-party) have been released, along with updates to existing connectors – few notable ones being:
      • New integrations include: AWS WAF, Bitbucket, Coralogix, IBM Randori, ManageEngine Log360, Proofpoint TRAP, SonicWall Firewall. Additionally, new threat feed integrations such as alphaMountain Feed, CINS Army Feed, and ViriBack C2 Tracker Feed have also been added.
      • Enhanced Fortinet Fabric integrations include: Fortinet FortiSASE, Lacework FortiCNAPP, Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiWeb Cloud.
      • Enhanced Third-Party integrations include: Exchange, Qualys, Palo Alto Firewall, Palo Alto Cortex XDR, OpenAI, Microsoft Teams, Microsoft WinRM, Microsoft 365 Defender, Joe Sandbox Cloud.
      For details, see the FortiSOAR Content Hub.
    • New and Updated Widgets: Key widgets have been enhanced for better usability and functionality:
      • Playbook Buttons widget adds playbooks as separate buttons in the record's detailed view, allowing them to be executed directly from the record's view panel. For details, see the Playbook Buttons document.
    Previous
    Next

    New Features and Enhancements

    New Features and Enhancements

    This release brings exciting new features and enhancements to improve performance, strengthen data security, and elevate your FortiSOAR™ experience.

    Usage-based licensing for FortiSOAR via FortiFlex

    • Starting with release 7.6.1, FortiSOAR integrates with FortiFlex, offering usage-based licensing. FortiFlex provides a straightforward, points-based approach that empowers organizations to optimize their cybersecurity services and spending, providing flexibility in deployment and scaling.
    • Using the FortiFlex portal you can easily manage and scale your entitlements, license seats, and expirations, as well as monitor your FortiPoint usage for effective cost tracking.
      For details, see the Licensing FortiSOAR chapter in the "Deployment Guide."

    Rolling Upgrade Support for High Availability clusters

    • FortiSOAR now supports rolling upgrades for high availability (HA) clusters, reducing downtime from approximately 30 minutes to just 2 minutes. This optimization ensures minimal disruption during upgrades.
      For details, see the Upgrading a FortiSOAR High Availability Cluster chapter in the "Upgrade Guide."

    Strengthened Data Security: Data-at-Rest encryption for FortiSOAR

    • FortiSOAR introduces a powerful new feature that elevates your data security: encrypting FortiSOAR's data at rest.
      Data at rest encryption is vital for safeguarding sensitive information against unauthorized access. FortiSOAR achieves this using 'Disk Encryption', which is a robust solution that helps to ensure data remains secure on Linux systems, even in the event of physical theft or breaches. This on-demand feature puts you in control of your data security.
      For details, see the Encrypting FortiSOAR's Data At Rest chapter in the "Deployment Guide."

    Administrative Enhancements

    • Retention of customized playbooks that were imported through a solution pack during Solution Packs upgrades: In release 7.6.1, any custom changes you make to your playbooks that are imported through a solution pack will be preserved during solution pack upgrades, saving you time and effort. Previously, if you edited playbooks that were part of a solution pack, it was recommended to clone them first to prevent losing your customizations during upgrades. With this update, you no longer need to take this extra step—your custom playbooks are preserved, simplifying your upgrade process.
      For details, see the Introduction to Playbooks chapter in the "Playbook Guide" and the Solution Packs chapter in the "User Guide."
    • Playbook log movement to optimize workflow logs storage: This enhancement moves playbook logs to historical storage after playbooks are completed. This helps reduce the size of the active storage, improving performance, and making playbooks more efficient.
      For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide" and the System Configuration chapter in the "Administration Guide."
    • Navigation Structure Optimization: The navigation structure options when exporting and creating solution packs have been enhanced. Previously, you could only append navigation items. You can now choose to replace or merge all the navigation items or apply these options to selected individual items. This enhancement offers you greater flexibility in customizing your navigation experience.
      For details, see the Export and Import Wizards topic in the Application Editor chapter of the "Administration Guide."

    Playbook Designer and Executed Playbook Logs Dialog Enhancements

    • Option to view playbooks referencing the current playbook: In release 7.6.1, we've added a new option at the top of the playbook designer canvas. This option allows you to quickly view a list of playbooks that are referencing the current playbook, making it easier to identify the parent playbooks.
      For details, see the Introduction to Playbooks chapter in the "Playbook Guide."
    • Executed Playbook Logs enhancements: In release 7.6.1, we've improved the Executed Playbook Log dialog with the following updates:
      • Bifurcated Log Display: Playbook logs present in the active storage are displayed in the 'Recent Playbooks Logs' list, while logs in the historical storage are shown in the 'Historical Playbook Logs' list.
      • New HA Node Filter: A new filter has been added to the Executed Playbook Logs dialog for high availability (HA) clusters. You can now filter logs by node name, making it easier to find playbook executions on specific HA nodes.
        For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide."

    FortiSOAR User Interface Enhancements

    • Enhanced Widget Configuration: Widgets can now be set to always expand in the list view of modules, allowing for quicker access to important information.
      For details, see the Dashboards, Templates, and Widgets chapter in the "User Guide."
    • Customizable Page Sizes for Grids: Grids now support customizable record display options on the list view of modules, both at the module and user levels. Users can select their preferred default number of records per page from the following options: 5, 10, 30, 50, 100, or 250. This enhancement replaces the previous default of 30 records, offering greater flexibility and a more personalized viewing experience.
      For details, see the Dashboards, Templates, and Widgets chapter in the "User Guide."
    • Pagination Support for Executed Playbook Logs: Pagination support has been added to the Executed Playbook Logs dialog. You can now effortlessly navigate through your executed playbook logs, making it easier to find what you need.
      For details, see the Debugging and Optimizing Playbooks chapter in the "Playbook Guide."
    • Enhanced License Manager page: Added a refresh button next to the Allowed Actions Per Day field. This field displays both the total action count and the remaining number of FortiSOAR actions users can perform each day. With the addition of the refresh button users can quickly update the count without reloading the 'License Manager' page.
      For details, see the Licensing FortiSOAR chapter in the "Deployment Guide."

    Solution Packs, Connectors, and Widget Enhancements

    Several new enhancements are introduced across solution packs, connectors, and widgets. Here are some key updates:

    • Notable New and Updated Solution Packs:
      • Multiple Outbreak Alert Response Solution Packs are added to conduct hunts that help identify and investigate potential Indicators of Compromise (IOCs) related to vulnerabilities across operational environments such as FortiSIEM and FortiAnalyzer.
      • Outbreak Response Framework (ORF) has been revamped with several key enhancements including a dynamic outbreak response dashboard that provides a comprehensive overview. Automation capabilities have been improved with the addition of new schedules, streamlining outbreak response tasks. An enhanced configuration wizard simplifies the process of configuring ORF for various integrations from the configuration wizard page. Additionally, the framework now includes a pluggable threat hunting framework that integrates with FortiSIEM and FortiAnalyzer, enabling more effective outbreak alert detection. For details, see the Outbreak Response Framework document.
      • SOAR Framework Solution Pack (SFSP) includes a single keystore record that simplifies the management of all types of Indicators of Compromise (IOCs). It also comes with optimized pre-installed connectors that accelerate deployment, among other updates. Some key enhancements include:
        • Streamlined Indicator Extraction: A user-friendly, wizard-like interface simplifies the process of:
          • defining indicators to be excluded from extraction, both in small groups and in bulk
          • mapping alert and incident fields to be extracted as indicators
          • creating custom indicator types
          • adding comments to excluded file indicators and creating file indicators from email attachments
        • Enhanced Record Security: The role 'Full App Permission' no longer grants the ability to delete 'Key Store' records, preventing accidental removal and adding an extra layer of fail-safe protection.
        • Setup Guide: The Streamline section of the Setup Guide has been updated to prioritize indicator extraction as the first setup step, offering a smoother and more efficient setup experience.
        These updates make SFSP faster, more efficient, and highly configurable, so you can work smarter and with greater confidence. For details, see the SFSP document.
      • FortiAI, is now more powerful, allowing users to easily create prompts using their own voice. Additionally, you can search any FortiSOAR record simply by providing a prompt, with the flexibility to make searches as complex as needed. These enhancements drastically reduce the time SOC analysts spend querying data or writing complex prompts, empowering them to investigate and complete tasks more efficiently, while also improving accessibility. For details, see the FortiAI document.
      • Lacework FortiCNAPP, now integrates with Microsoft Teams to streamline operations. It also introduces secure authentication for webhooks in incident response, along with other improvements that further enhance incident response capabilities. For details, see the Lacework FortiCNAPP Composite Alert Incident Response document.
    • New and Updated Connectors: Multiple integrations (Fortinet Fabric and third-party) have been released, along with updates to existing connectors – few notable ones being:
      • New integrations include: AWS WAF, Bitbucket, Coralogix, IBM Randori, ManageEngine Log360, Proofpoint TRAP, SonicWall Firewall. Additionally, new threat feed integrations such as alphaMountain Feed, CINS Army Feed, and ViriBack C2 Tracker Feed have also been added.
      • Enhanced Fortinet Fabric integrations include: Fortinet FortiSASE, Lacework FortiCNAPP, Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiWeb Cloud.
      • Enhanced Third-Party integrations include: Exchange, Qualys, Palo Alto Firewall, Palo Alto Cortex XDR, OpenAI, Microsoft Teams, Microsoft WinRM, Microsoft 365 Defender, Joe Sandbox Cloud.
      For details, see the FortiSOAR Content Hub.
    • New and Updated Widgets: Key widgets have been enhanced for better usability and functionality:
      • Playbook Buttons widget adds playbooks as separate buttons in the record's detailed view, allowing them to be executed directly from the record's view panel. For details, see the Playbook Buttons document.
    Previous
    Next