SIEM & UEBA

 View Only
Expand all | Collapse all

FortiSIEM 6.6.0 Released

  • 1.  FortiSIEM 6.6.0 Released

    GROUP ADMIN
    Posted Jul 27, 2022 02:00 AM
    Hi FortiSIEM Users,

    Today we have released version 6.6.0, release notes here! This release has several new features, but I would like to highlight three in particular and provide some context around these:

    1. A new Read API for Watch Lists - this is a great new inclusion and is best explained using a use case described in this blog by Silvu, the difference is we have built the capability natively within FortiSIEM. The use case allows a FortiGate or FortiManage to incorporate a FortiSIEM Watch List as a threat feed and apply this within policies!

    2. Generic REST API Integrator - say you have an API that you need to integrate FortiSIEM with, could be a custom one or a vendor that we don't yet support, this is the feature to allow you to do so! This is a no-code method to integrate with API's and once done, you can export the config and hopefully, consider sharing it with the community.
    3. Scale-out ClickHouse Cluster - we introduced ClickHouse as an integrated and embedded event database within 6.5.0, but there was a limitation that it only ran on the Super node. In this release, we can scale out to support a ClickHouse cluster where the FortiSIEM Worker nodes also run ClickHouse. This allows FortiSIEM to scale not only EPS ingestion but significantly improve analytic reporting performance. Check out the sizing guide and release information.


    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------


  • 2.  RE: FortiSIEM 6.6.0 Released

    Posted Jul 28, 2022 01:30 AM
    Hi Daniel,

    nice :-)

    Is my assumption right, that if using ClickHouse, the shared NFS storage (for Supervisor and Workers) is obsolete (if not using NFS archive)?

    Regards
    Manuel


  • 3.  RE: FortiSIEM 6.6.0 Released

    GROUP ADMIN
    Posted Jul 28, 2022 03:18 AM
    Hi Manuel,

    With ClickHouse the storage is virtual disks attached to the Super or Worker VM, as you mention you can still use NFS as an archive destination and that will utilise the FortiSIEM eventDB.

    Thanks

    Dan

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------