What's New in 5.4.0

This release contains the following bug fixes, enhancements and new device support.

Bug Fixes and Enhancements

Bug ID Severity Module Description
664708 Major App Server All Super Global users can see all Incidents for all Organizations, regardless of their role restrictions.
655557 Major Query Real time Query results not shown if there is no overlap between Event workers and Query workers.
665994 Minor App Server Selecting a incident category first in search panel will cause aggregation count of other criteria to be blank.
665387 Minor App Server Analytics filter operator IN / NOT IN doesn't work for individual CMDB selections.
664245 Minor App Server Incident comments filled with debug messages when running CVE Integration.
659678 Minor App Server Geo Maps do not show location on Dashboard map widget.
653426 Minor App Server Dashboard using Google API does not work for Org if the Org user does not have read permission of Google key (in Admin).
651528 Minor App Server FortiSIEM CMDB to ServiceNow Duplicates.
660734 Minor Device Support Aruba Parser parses causes high CPU because of excessive use of regular expression.
659163 Minor Device Support Fortigate on AWS logs are not recognized in FortiSIEM because of new devices.
652184 Minor Device Support Update Unix Parser with a new time stamp format.
652182 Minor Device Support Update F5BigIP Parser Update for Unsupported (New/Custom) Syslog Header.
649906 Minor Device Support CentOS CROND events incorrectly parsed as McAfee-WebGw-Run-Cmd because logs are too similar.
647216 Minor Device Support Not all attributes for Windows Security Events 4754, 4759, 4749 are parsed.
640196 Minor Device Support Not all attributes for Windows Security Event Parsing for Event ID 4625 is incorrect.
634374 Minor Device Support Windows Security Event ID 4688 is not parsed fully.
634372 Minor Device Support Windows Sysmon Parser needs to be extended.
607339 Minor Device Support Sysmon PowerShell Commands not correctly parsed if .exe is called from within Powershell.
594078 Minor Device Support Rule "Windows Audit Log Cleared" does not include user as an incident attribute.
592946 Minor Device Support Set Windows Event ID, Category, Subcategory and Login failure reason as description in Windows Security logs.
659018 Minor Elastic Search Many phDataManager errors may occur in some situations, caused by FortiSIEM sending malformed JSON to Elastocsearch.
662556 Minor Event Pulling AWS CloudTrailParser.xml parses event time incorrectly, which can cause event collection delay.
662540 Minor Event Pulling Azure CLI: mLastPollTime is not updated when job failed, causing data collection errors.
662450,
661806,
655562
Minor Event Pulling Azure Event Hub event collection errors can cause data collection to stop after running for some time.
660938 Minor Event Pulling Guard Duty max count event sometimes does not get picked up.
654551 Minor Event Pulling AgentManager can consume memory after running for a while, causing process to stop functioning.
656337 Minor GUI Analytics tab - Trend Bar Graph does not show continuity with time and results.
663683,
638773
Minor Integration Alienvault STIX OTX Integration may not work for pulling IOCs.
662899 Minor Parser Parser function for resolving Hostname to IP address does not work correctly.
659180 Minor Parser Collector caches time stamp when rejected from Appserver from Check-in.
659171 Minor Parser Two events attributes exist with same name Total Connections.
598471 Minor Parser Parse MITRE mapping event attributes in Windows Sysmon events.
516477 Enhancement App Server Cannot Discover Multiple Devices through Multiple Collectors through API.
665694 Enhancement Data The list of public DNS Servers need to be updated.
530467 Enhancement Device Support FortiSIEM not detecting certain event SSH/Audit events using UnixParser.
521230 Enhancement Device Support Need to support Barracuda F Series Log.
661711 Enhancement Event Pulling Parse out SQS log of when Cloudtrail package is logged.
544522 Enhancement GUI Cannot delete many credentials at one time.

New Device Support

  • Tigera Calico - K8 log analysis
  • Alcide.io Kubernetes and Microservices Audit log