Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiSOAR 7.6.4 Release Notes
    7.6.4
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.5.2
    7.5.1
    7.5.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.2
    7.2.1
    7.2.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.4
    6.4.3
    6.4.1
    6.4.0
    6.0.0

    New Features and Enhancements

    New Features and Enhancements

    This release brings exciting new features and enhancements to improve usability, boost performance, fortify data security, and enhance your FortiSOAR™ experience.

    Threat Intelligence Capabilities integrated into FortiSOAR

    • FortiSOAR now integrates advanced Threat Intelligence capabilities, powered by FortiGuard intelligence, Outbreak Alerts, and automated response workflows. These enhancements help security teams detect, respond to, and mitigate advanced threats faster—improving visibility and strengthening the security posture of your digital environment.
      To enable threat intelligence and outbreak management features, install and configure the Threat Intel Management and Outbreak Response Management Solution Packs.
      Key Highlights:

      • Outbreak Management:
        Receive real-time Outbreak Alerts from FortiGuard Labs, enabling your team to monitor, contain, and resolve widespread cyberattacks efficiently.
      • Threat Intelligence Management:
        Collect, analyze, and centralize threat intelligence from multiple sources. Enrich the data with context to better understand attacker tactics, techniques, and motivations. You can also correlate Common Vulnerabilities and Exposures (CVEs) with active threat reports and actors to identify which vulnerabilities are actively being targeted—prioritizing your patching efforts for maximum impact.
        The Threat Intelligence Management menu in FortiSOAR's left navigation contains the following items:
        • Dashboard:
          The TIM Overview and ROI dashboard offers insights into feed ingestion effectiveness, the connection between observables and indicators, and the relevance of threat feeds.
        • Threat Intel Search:
          Search FortiGuard’s vast threat intelligence database to uncover detailed information on Indicators of Compromise (IOCs), including malware, threat actors, CVEs, and threat relationships.
        • Intelligence:
          • Provides a centralized location to manage threat feeds, actors, and reports. It contains the following tabs:
            • Threat Reports: Displays threat intelligence reports ingested from FortiGuard, FortiRecon ACI, and other sources.
            • Threat Feeds: Allows you to set up feed connectors such as FortiGuard, Anomali Limo, Cisco Talos, etc.
              Note: By default, Fortinet FortiGuard Threat Intelligence is added as a threat source.
            • Threat Actors: The Threat Actors (TA) page gets data from FortiGuard and gives analysts detailed information about attackers, their motives, and methods (TTPs).
            • WorkSpaces: The WorkSpaces page lets you create workspaces based on Priority Intelligence Requests (PIRs) to support focused workflows.
            • Feed Configurations: The Feed Configurations page manages feed settings, lets you set up a TAXII Server to share threat intelligence externally, and create rules to automate feed ingestion.
          • MITRE ATT&CK:
            The installation of the TIM Solution Pack configures the MITRE ATT&CK connector and schedules its data ingestion by default, allowing use of the globally accessible MITRE ATT&CK® Framework.
          • Hunts:
            A centralized module to store and manage threat hunting activities.

      For details, see the Threat Intel Management and Outbreak Response Management Solution Packs and the Threat Intelligence Capabilities chapter in the "User Guide."

    Enhanced Browser Performance & Memory Efficiency

    • FortiSOAR 7.6.4, FortiSOAR includes several improvements designed to reduce memory usage and boost browser performance, especially for memory-intensive tasks.
      Key Enhancements:
      • Faster, More Responsive UI:
        • Optimized User Interface: Refined codebase to minimize memory footprint and deliver faster performance.
        • Smart Field Loading: Lazy loading has been implemented for UI fields, so required fields load immediately at the top of the screen, allowing you to focus on essential data right away. Additional fields load dynamically as you scroll, ensuring a fast and seamless experience.
        • Improved Data Ingestion Wizard (Field Mapping screen):
          • Lazy Loading Support: As with the UI, required fields appear first, allowing you to start quickly. Other fields load progressively as you scroll, maintaining efficiency and responsiveness.
          • Enhanced Rich Text Fields: Rich text fields now display as plain text inputs by default, improving initial loading times. You can toggle to the rich text view whenever needed, ensuring flexibility without sacrificing performance.
        • Form View Update: If a form structure is not defined for the records in a module, only fields marked as required or required by condition will be loaded in the Form View Template, i.e., in the Add Record form in the List view and the Edit Record form in the Detail view. This improves performance by avoiding the loading of all fields.
        • Internationalization: Improved management of translation keys by implementing one-time binding for UI translations in HTML files, reducing overhead and improving load performance.
        • Widget Updates:
          • Playbook Buttons Widget: More efficient rendering.
          • Tabs Widget: Only the active tab loads content, significantly reducing the initial load time and enhancing overall responsiveness.
          • Uncategorized Fields Widget: Lazy loading has been implemented to enhance performance. Fields now load dynamically as you scroll, providing a faster and more responsive experience.

      For details, see the 'Best Practices' topics in the Working with Modules - Alerts & Incidents chapter of the "User Guide."

    Support for FortiSOAR Agent on Docker

    • Starting with release 7.6.4, FortiSOAR Agents can now be deployed in Docker environments. This allows organizations that prefer containerization over traditional virtual machines to easily install and manage Agents within existing Docker environments and automate containerized operations.
      For details on deploying Agents on Docker instances, see the Deploying an FSR Agent on a Docker Platform chapter in the "Deployment Guide."

    Support for Configuring Vaults on FortiSOAR Agents

    • Release 7.6.4 introduces support for installing and configuring vault connectors on FortiSOAR (FSR) Agents, enabling those agents to access their associated vault and perform actions such as retrieving credentials for use in remote or isolated sites. This enhancement enables secure, seamless integration between FortiSOAR Cloud and on-premises Agents configured with Vaults—allowing users to centrally manage sensitive credentials while ensuring compliance with internal security policies.
      Key highlights are as follows:
      • Agent Vault Access: FSR Agents can retrieve credentials from their associated vaults, enabling operations in remote or isolated sites.
      • Secure Access Model: Each tenant or agent is limited to accessing only its own vault, ensuring secure and segregated access.
      • Central Node Support: FSR Agents can be deployed on a central node, such as the master node in an MSSP setup. The master node can access vaults configured on any associated agent or tenant and use the credentials for executing actions.
      • Note

      If the FortiSOAR and Agent systems are on different networks, network latency may affect playbook execution time when the playbook needs to access a vault configuration on the agent node.

      For details, see the Configuring the Password Vault Manager in the Security Management chapter of the "Administration Guide."

    Extended Internationalization Support with French and Traditional Chinese

    • FortiSOAR now supports French and Traditional Chinese, expanding its internationalization capabilities. This update enhances the platform’s accessibility and usability for global teams by enabling native language support and alignment with local preferences.
      For details on internationalization settings in FortiSOAR, see the Setting a language other than English for your FortiSOAR system topic in the System Configuration chapter of the "Administration Guide."

    FortiSOAR User Interface Enhancements

    • Chart Enhancements:
      • Enhanced Line and TimeSeries Charts:
        • Support continuous monthly series rendering, displaying all months even when some have no data. This ensures all months are displayed, improving trend visibility over time
        • Added a Quarterly option to the X-Axis Date Range drop-down. Users can now view data by quarter based on the selected X-Axis date field (e.g., Created On, Modified On). Quarters are displayed in a year-quarter format (e.g., 2024-Q3, 2025-Q1) in charts and/or tables. Daily and Monthly options remain available.
      • Enhanced Pie, Bar, Timeseries, and Line Charts:
        Improved to offer greater flexibility in data visualization. Users can now choose to display data as a chart, a table, or both. For example, an aggregation table can be viewed independently of the chart, enabling more focused analysis when needed.

      For details on charts, see the Charts and Metrics topic in the Dashboards, Templates, and Widgets chapter of the "User Guide."

    Security Enhancements

    • New: Advanced Development Features Tab in System Configuration: introduced a new Advanced Development Features tab in the System Configuration page! This tab empowers administrators to review security risks and usage guidelines for creating or updating custom connectors and widgets. With this update, administrators now need to provide explicit consent—based on their organization's requirements—before users can create new connectors, widgets, or update existing ones.
      For details, see the Advanced Development Features topic in the System Configuration chapter of the "Administration Guide."
    • Enhanced iFrame Widget Security: The iFrame widget now runs in a sandboxed environment by default, fully restricting the loading of external content. This update enhances the security by preventing Stored Cross-Site Scripting (XSS) attacks.
      For details on the iFrame widget, see the Dashboards, Templates, and Widgets chapter in the "User Guide."

    Playbook Enhancements

    • Jinja Editor Enhancement: In Release 7.6.4, the Choose A Recent Playbook Execution drop-down (Tools > Jinja Editor in Playbook Designer) now shows execution times in "MM/dd/yyyy hh:mm a" format (e.g., 09/21/2025 07:08 PM) instead of relative times like "2 hours 23 minutes ago." This change provides precise timestamps, improving debugging—especially when multiple executions occur close together.
      For details, see the 'Jinja Editor' topic in the Dynamic Values chapter of the "Playbooks Guide."

    Solution Packs, Connectors, and Widget Enhancements

    FortiSOAR 7.6.4 introduces key enhancements across solution packs, connectors, and widgets—designed to expand automation and integration for SecOps teams:

    • Notable Enhanced Solution Packs:
      • Threat Intel Management v2.1.0: Now integrates with MITRE ATT&CK as a submenu, offering easy access to threat intelligence. A new Threat Actor Info page enhances investigations, while the Threat Intel Search feature enables customizable widget-based indicator searches, supporting faster, more accurate incident response.

      • Continuous Delivery Solution Pack v3.1.0: The Continuous Delivery pack simplifies lifecycle management of FortiSOAR content, enabling efficient change control across development, staging, and production. Key enhancements:

        • Improved CR tracking with new CR Status visibility
        • Better environment synchronization and automated export/import workflows.
        • Pull request monitoring and pre-approval content review.
        • Simplified reviewer selection via dropdown.
        • Unified Source Control Settings card for managing playbooks, modules, and connectors.
        • Enhanced import wizards for smoother deployments.

        This release boosts operational consistency by improving transparency, auditability, and control over SOC content deployment.

      • SOAR Framework Solution Pack (SFSP) v3.2.1: Improves user experience with new language support (Traditional Chinese and French). A KeyStore module update resolves post-installation issues by populating the new JSON Value field by default, enhancing installation reliability.
      • Outbreak Response Framework v2.2.1: This update (for FSR v7.6.1 and later) enhances outbreak response with smarter automation and richer threat context. Key features include:
        • Streamlined solution pack installation.
        • New Summary tab for critical alert details.
        • Improved dashboards with reorganized, clearer data.
        • Real-time automation actions for CVEs, IOCs, and outbreak alerts.
        • Renamed playbooks and restructured schedules for better manageability.
        • Expanded field mapping for Threat Actors and Reports, providing deeper context for SOC analysts.

        Additionally, a series of Outbreak Response solution packs have been introduced to provide countermeasures for newly detected security outbreaks. These packs include custom detection rules to mitigate risks from various attack types, enhancing proactive threat detection. Recent additions—such as Citrix Bleed 2, Microsoft SharePoint Zero-day, and Earth Lamia APT—demonstrate coverage of high-impact vulnerabilities and advanced persistent threats. When outbreak auto-deployment is enabled, these packs are automatically deployed, providing SOC teams with timely, prebuilt defenses without manual effort.
        These enhancements support faster, more efficient responses using up-to-date intelligence from FortiGuard Labs.

      • FortiAI v4.0.1: Includes bug fixes and performance improvements. User prompts now work as expected when key mappings are missing in the KeyStore (with Recommendation Engine enabled). Module performance is optimized for better responsiveness during operations.

      NOTE: All widgets in the respective solution packs have been updated.

    • Enhanced Connectors: Multiple integrations (System, Fortinet Fabric and third-party) have updated – few notable ones being:
      • System Connectors:
        • Utilities Connector v3.7.0:
          • Adds a new FSR: Evaluate Email Template Expressions action, which evaluates Jinja2 expressions from the subject and content fields within email templates.
          • Enhances Utils: Make REST API Call with an Upload File parameter.
          • Fixes attachment extraction issues from .eml/.msg files with invalid byte sequences.
            For details, see the Utilities Connector v3.7.0 document.
        • Code Snippet Connector v2.1.4:
          • Defaults to 'Safe Mode'.
          • Includes security-related fixes making working with this connector more secure.
            For details, see the Code Snippet Connector v2.1.4 document.
      • Fabric Connectors:
        Enhanced Fortinet Fabric connectors include:
        • FortiSIEM: Resolves API rate limit issues in Get Events For Incident (FSRv7.4.0+).
        • FortiEDR: Adds operations for collector search and management.
        • FortiGuard Outbreak: Adds a new action to retrieve threat actor details.
        • FortiRecon ACI: Supports new reporting and IOC actions, removes deprecated ones to streamline ingestion. These updates collectively enhance threat visibility and response across the Fortinet security ecosystem.
      • Third-Party Connectors:
        Key Updates include:
        • Zscaler: Now supports OAuth 2.0 for improved security and easier setup.
        • Microsoft Graph API: Adds new parameters and actions for enhanced alert management (supports API versions V1 and V2).
        • AWS EC2: Resolves health check issues with an updated boto3 library for better stability.

    For details, see the FortiSOAR Content Hub.

    Previous
    Next

    New Features and Enhancements

    New Features and Enhancements

    This release brings exciting new features and enhancements to improve usability, boost performance, fortify data security, and enhance your FortiSOAR™ experience.

    Threat Intelligence Capabilities integrated into FortiSOAR

    • FortiSOAR now integrates advanced Threat Intelligence capabilities, powered by FortiGuard intelligence, Outbreak Alerts, and automated response workflows. These enhancements help security teams detect, respond to, and mitigate advanced threats faster—improving visibility and strengthening the security posture of your digital environment.
      To enable threat intelligence and outbreak management features, install and configure the Threat Intel Management and Outbreak Response Management Solution Packs.
      Key Highlights:

      • Outbreak Management:
        Receive real-time Outbreak Alerts from FortiGuard Labs, enabling your team to monitor, contain, and resolve widespread cyberattacks efficiently.
      • Threat Intelligence Management:
        Collect, analyze, and centralize threat intelligence from multiple sources. Enrich the data with context to better understand attacker tactics, techniques, and motivations. You can also correlate Common Vulnerabilities and Exposures (CVEs) with active threat reports and actors to identify which vulnerabilities are actively being targeted—prioritizing your patching efforts for maximum impact.
        The Threat Intelligence Management menu in FortiSOAR's left navigation contains the following items:
        • Dashboard:
          The TIM Overview and ROI dashboard offers insights into feed ingestion effectiveness, the connection between observables and indicators, and the relevance of threat feeds.
        • Threat Intel Search:
          Search FortiGuard’s vast threat intelligence database to uncover detailed information on Indicators of Compromise (IOCs), including malware, threat actors, CVEs, and threat relationships.
        • Intelligence:
          • Provides a centralized location to manage threat feeds, actors, and reports. It contains the following tabs:
            • Threat Reports: Displays threat intelligence reports ingested from FortiGuard, FortiRecon ACI, and other sources.
            • Threat Feeds: Allows you to set up feed connectors such as FortiGuard, Anomali Limo, Cisco Talos, etc.
              Note: By default, Fortinet FortiGuard Threat Intelligence is added as a threat source.
            • Threat Actors: The Threat Actors (TA) page gets data from FortiGuard and gives analysts detailed information about attackers, their motives, and methods (TTPs).
            • WorkSpaces: The WorkSpaces page lets you create workspaces based on Priority Intelligence Requests (PIRs) to support focused workflows.
            • Feed Configurations: The Feed Configurations page manages feed settings, lets you set up a TAXII Server to share threat intelligence externally, and create rules to automate feed ingestion.
          • MITRE ATT&CK:
            The installation of the TIM Solution Pack configures the MITRE ATT&CK connector and schedules its data ingestion by default, allowing use of the globally accessible MITRE ATT&CK® Framework.
          • Hunts:
            A centralized module to store and manage threat hunting activities.

      For details, see the Threat Intel Management and Outbreak Response Management Solution Packs and the Threat Intelligence Capabilities chapter in the "User Guide."

    Enhanced Browser Performance & Memory Efficiency

    • FortiSOAR 7.6.4, FortiSOAR includes several improvements designed to reduce memory usage and boost browser performance, especially for memory-intensive tasks.
      Key Enhancements:
      • Faster, More Responsive UI:
        • Optimized User Interface: Refined codebase to minimize memory footprint and deliver faster performance.
        • Smart Field Loading: Lazy loading has been implemented for UI fields, so required fields load immediately at the top of the screen, allowing you to focus on essential data right away. Additional fields load dynamically as you scroll, ensuring a fast and seamless experience.
        • Improved Data Ingestion Wizard (Field Mapping screen):
          • Lazy Loading Support: As with the UI, required fields appear first, allowing you to start quickly. Other fields load progressively as you scroll, maintaining efficiency and responsiveness.
          • Enhanced Rich Text Fields: Rich text fields now display as plain text inputs by default, improving initial loading times. You can toggle to the rich text view whenever needed, ensuring flexibility without sacrificing performance.
        • Form View Update: If a form structure is not defined for the records in a module, only fields marked as required or required by condition will be loaded in the Form View Template, i.e., in the Add Record form in the List view and the Edit Record form in the Detail view. This improves performance by avoiding the loading of all fields.
        • Internationalization: Improved management of translation keys by implementing one-time binding for UI translations in HTML files, reducing overhead and improving load performance.
        • Widget Updates:
          • Playbook Buttons Widget: More efficient rendering.
          • Tabs Widget: Only the active tab loads content, significantly reducing the initial load time and enhancing overall responsiveness.
          • Uncategorized Fields Widget: Lazy loading has been implemented to enhance performance. Fields now load dynamically as you scroll, providing a faster and more responsive experience.

      For details, see the 'Best Practices' topics in the Working with Modules - Alerts & Incidents chapter of the "User Guide."

    Support for FortiSOAR Agent on Docker

    • Starting with release 7.6.4, FortiSOAR Agents can now be deployed in Docker environments. This allows organizations that prefer containerization over traditional virtual machines to easily install and manage Agents within existing Docker environments and automate containerized operations.
      For details on deploying Agents on Docker instances, see the Deploying an FSR Agent on a Docker Platform chapter in the "Deployment Guide."

    Support for Configuring Vaults on FortiSOAR Agents

    • Release 7.6.4 introduces support for installing and configuring vault connectors on FortiSOAR (FSR) Agents, enabling those agents to access their associated vault and perform actions such as retrieving credentials for use in remote or isolated sites. This enhancement enables secure, seamless integration between FortiSOAR Cloud and on-premises Agents configured with Vaults—allowing users to centrally manage sensitive credentials while ensuring compliance with internal security policies.
      Key highlights are as follows:
      • Agent Vault Access: FSR Agents can retrieve credentials from their associated vaults, enabling operations in remote or isolated sites.
      • Secure Access Model: Each tenant or agent is limited to accessing only its own vault, ensuring secure and segregated access.
      • Central Node Support: FSR Agents can be deployed on a central node, such as the master node in an MSSP setup. The master node can access vaults configured on any associated agent or tenant and use the credentials for executing actions.
      • Note

      If the FortiSOAR and Agent systems are on different networks, network latency may affect playbook execution time when the playbook needs to access a vault configuration on the agent node.

      For details, see the Configuring the Password Vault Manager in the Security Management chapter of the "Administration Guide."

    Extended Internationalization Support with French and Traditional Chinese

    • FortiSOAR now supports French and Traditional Chinese, expanding its internationalization capabilities. This update enhances the platform’s accessibility and usability for global teams by enabling native language support and alignment with local preferences.
      For details on internationalization settings in FortiSOAR, see the Setting a language other than English for your FortiSOAR system topic in the System Configuration chapter of the "Administration Guide."

    FortiSOAR User Interface Enhancements

    • Chart Enhancements:
      • Enhanced Line and TimeSeries Charts:
        • Support continuous monthly series rendering, displaying all months even when some have no data. This ensures all months are displayed, improving trend visibility over time
        • Added a Quarterly option to the X-Axis Date Range drop-down. Users can now view data by quarter based on the selected X-Axis date field (e.g., Created On, Modified On). Quarters are displayed in a year-quarter format (e.g., 2024-Q3, 2025-Q1) in charts and/or tables. Daily and Monthly options remain available.
      • Enhanced Pie, Bar, Timeseries, and Line Charts:
        Improved to offer greater flexibility in data visualization. Users can now choose to display data as a chart, a table, or both. For example, an aggregation table can be viewed independently of the chart, enabling more focused analysis when needed.

      For details on charts, see the Charts and Metrics topic in the Dashboards, Templates, and Widgets chapter of the "User Guide."

    Security Enhancements

    • New: Advanced Development Features Tab in System Configuration: introduced a new Advanced Development Features tab in the System Configuration page! This tab empowers administrators to review security risks and usage guidelines for creating or updating custom connectors and widgets. With this update, administrators now need to provide explicit consent—based on their organization's requirements—before users can create new connectors, widgets, or update existing ones.
      For details, see the Advanced Development Features topic in the System Configuration chapter of the "Administration Guide."
    • Enhanced iFrame Widget Security: The iFrame widget now runs in a sandboxed environment by default, fully restricting the loading of external content. This update enhances the security by preventing Stored Cross-Site Scripting (XSS) attacks.
      For details on the iFrame widget, see the Dashboards, Templates, and Widgets chapter in the "User Guide."

    Playbook Enhancements

    • Jinja Editor Enhancement: In Release 7.6.4, the Choose A Recent Playbook Execution drop-down (Tools > Jinja Editor in Playbook Designer) now shows execution times in "MM/dd/yyyy hh:mm a" format (e.g., 09/21/2025 07:08 PM) instead of relative times like "2 hours 23 minutes ago." This change provides precise timestamps, improving debugging—especially when multiple executions occur close together.
      For details, see the 'Jinja Editor' topic in the Dynamic Values chapter of the "Playbooks Guide."

    Solution Packs, Connectors, and Widget Enhancements

    FortiSOAR 7.6.4 introduces key enhancements across solution packs, connectors, and widgets—designed to expand automation and integration for SecOps teams:

    • Notable Enhanced Solution Packs:
      • Threat Intel Management v2.1.0: Now integrates with MITRE ATT&CK as a submenu, offering easy access to threat intelligence. A new Threat Actor Info page enhances investigations, while the Threat Intel Search feature enables customizable widget-based indicator searches, supporting faster, more accurate incident response.

      • Continuous Delivery Solution Pack v3.1.0: The Continuous Delivery pack simplifies lifecycle management of FortiSOAR content, enabling efficient change control across development, staging, and production. Key enhancements:

        • Improved CR tracking with new CR Status visibility
        • Better environment synchronization and automated export/import workflows.
        • Pull request monitoring and pre-approval content review.
        • Simplified reviewer selection via dropdown.
        • Unified Source Control Settings card for managing playbooks, modules, and connectors.
        • Enhanced import wizards for smoother deployments.

        This release boosts operational consistency by improving transparency, auditability, and control over SOC content deployment.

      • SOAR Framework Solution Pack (SFSP) v3.2.1: Improves user experience with new language support (Traditional Chinese and French). A KeyStore module update resolves post-installation issues by populating the new JSON Value field by default, enhancing installation reliability.
      • Outbreak Response Framework v2.2.1: This update (for FSR v7.6.1 and later) enhances outbreak response with smarter automation and richer threat context. Key features include:
        • Streamlined solution pack installation.
        • New Summary tab for critical alert details.
        • Improved dashboards with reorganized, clearer data.
        • Real-time automation actions for CVEs, IOCs, and outbreak alerts.
        • Renamed playbooks and restructured schedules for better manageability.
        • Expanded field mapping for Threat Actors and Reports, providing deeper context for SOC analysts.

        Additionally, a series of Outbreak Response solution packs have been introduced to provide countermeasures for newly detected security outbreaks. These packs include custom detection rules to mitigate risks from various attack types, enhancing proactive threat detection. Recent additions—such as Citrix Bleed 2, Microsoft SharePoint Zero-day, and Earth Lamia APT—demonstrate coverage of high-impact vulnerabilities and advanced persistent threats. When outbreak auto-deployment is enabled, these packs are automatically deployed, providing SOC teams with timely, prebuilt defenses without manual effort.
        These enhancements support faster, more efficient responses using up-to-date intelligence from FortiGuard Labs.

      • FortiAI v4.0.1: Includes bug fixes and performance improvements. User prompts now work as expected when key mappings are missing in the KeyStore (with Recommendation Engine enabled). Module performance is optimized for better responsiveness during operations.

      NOTE: All widgets in the respective solution packs have been updated.

    • Enhanced Connectors: Multiple integrations (System, Fortinet Fabric and third-party) have updated – few notable ones being:
      • System Connectors:
        • Utilities Connector v3.7.0:
          • Adds a new FSR: Evaluate Email Template Expressions action, which evaluates Jinja2 expressions from the subject and content fields within email templates.
          • Enhances Utils: Make REST API Call with an Upload File parameter.
          • Fixes attachment extraction issues from .eml/.msg files with invalid byte sequences.
            For details, see the Utilities Connector v3.7.0 document.
        • Code Snippet Connector v2.1.4:
          • Defaults to 'Safe Mode'.
          • Includes security-related fixes making working with this connector more secure.
            For details, see the Code Snippet Connector v2.1.4 document.
      • Fabric Connectors:
        Enhanced Fortinet Fabric connectors include:
        • FortiSIEM: Resolves API rate limit issues in Get Events For Incident (FSRv7.4.0+).
        • FortiEDR: Adds operations for collector search and management.
        • FortiGuard Outbreak: Adds a new action to retrieve threat actor details.
        • FortiRecon ACI: Supports new reporting and IOC actions, removes deprecated ones to streamline ingestion. These updates collectively enhance threat visibility and response across the Fortinet security ecosystem.
      • Third-Party Connectors:
        Key Updates include:
        • Zscaler: Now supports OAuth 2.0 for improved security and easier setup.
        • Microsoft Graph API: Adds new parameters and actions for enhanced alert management (supports API versions V1 and V2).
        • AWS EC2: Resolves health check issues with an updated boto3 library for better stability.

    For details, see the FortiSOAR Content Hub.

    Previous
    Next