Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.6.3 Administration Guide
    7.6.3
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Outbreak Alerts

    Outbreak Alerts

    The FortiAnalyzer Outbreak Detection Service is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.

    When FortiAnalyzer has a valid license for the Outbreak Detection Service, outbreak alerts from Fortinet are displayed in the Incidents & Events > FortiGuard Services > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM.

    An outbreak alert is a comprehensive report that provides in-depth insights into cybersecurity threats serving as a vital tool for organizations to stay informed about critical and or emerging cybersecurity risks that may compromise sensitive data, disrupt business operations, and pose significant risks to the organization’s overall security.

    Each report provides the background of the attack, the timeline of events, affected technologies, and related threat intelligence such as Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs), and Attack sequence used by the adversaries.

    Without a valid license for the Outbreak Detection Service, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid license for FortiAnalyzer Outbreak Detection Service, contact Fortinet FortiCare.

    The following columns are available for the table in Outbreak Alerts:

    Column

    Description

    Outbreak

    The outbreak name and the related CVE numbers.

    Severity

    The severity of the outbreak.

    Description

    A description of the outbreak.

    Vendor

    The vendor affected by the outbreak.

    Types

    The type of outbreak, such as vulnerability, ransomware, or attack.

    Publish Time

    The publish date from FortiGuard for the outbreak alert.

    Update Time

    The latest update from FortiGuard for the outbreak alert.

    You can sort and filter the table by each column. To filter the table by a column, mouse-over the column header and click the filter icon. You can filter by Contains, Exact Match, and NOT. Enter the filter and click Apply. You can apply multiple filters at once. To remove a filter, mouse-over the column header and click the filter icon; delete the filter or click Remove to remove all filters for that column and click Apply.

    You can use the Search field to find outbreak alerts in the table.

    You can review the complete details of the outbreak alert by double-clicking a record in the table. Alternatively, you can select the outbreak alert in the table and click View. The outbreak alert details from FortiGuard display within the FortiAnalyzer GUI.

    The header for the outbreak alert includes the alert name, release date, most recent update, severity, and type. You can click Download PDF to save the outbreak alert information as a PDF.

    Click the tabs to review the related information. Outbreak alerts typically include the following information:

    Tab

    Description

    Overview

    Includes a brief description of the outbreak, its background, and the related CVE numbers. The overview also includes a Threat Radar, which displays threat ratings from different sources.

    Analysis

    Displays the latest developments for the outbreak organized in a timeline. If applicable, this section may also include an attack sequence, which is a simple diagram of the cyber-attack and its components when deployed to compromise a target system or network.

    Solutions

    Includes relevant links for FortiGuard services to help mitigate the outbreak. This information is typically organized by services that will help to:

    • Protect

    • Detect

    • Respond

    • Recover

    • Identify

    Threat Intelligence

    Includes information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware, and related vulnerabilities.

    The information is organized into widgets that display tables and charts. If there is MITRE ATT&CK® information for the outbreak, you can click the widget to review the related matrix.

    References

    Links to sources for supporting information in relation to the outbreak alert.

    In some cases, the Outbreak Alert may not have charts available. In this case, it will display the information in a print layout with the overview information in the sidebar. For example, see below:

    Event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. With a valid license for the Outbreak Detection Service, these event handlers and reports are automatically downloaded so that they are available in your environment. To find these reports in your FortiAnalyzer GUI, see Viewing imported event handlers and reports.

    Viewing imported event handlers and reports

    With a valid license, the FortiAnalyzer Outbreak Detection Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. Handlers and reports are downloaded from FortiGuard as part of the FOAS package. This section includes information on how to view downloaded outbreak event handlers and reports.

    To view outbreak alert event handlers:

    1. To view the event handlers, go to Incidents & Events > Event Handlers > Event Handlers.

      Event handlers created by the FortiAnalyzer Outbreak Detection Service are displayed with the Outbreak Alert prefix and their Origin is FortiGuard. See Event handlers.

      In FortiAnalyzer 7.6.0 and later, these event handlers will also have the Automatically Create Incident option enabled. The incidents generated by these event handlers can be found in Incidents & Events > Incidents > Incidents.

    To view outbreak alert reports:

    1. To view the reports, go to Reports > Report Definitions > All Reports.

      The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak Detection Service. Reports can be run in HTML, PDF, XML, CSV, and JSON output formats. See Generating reports.

      In FortiAnalyzer 7.4.2 and later, new reports included in the FOAS package are displayed in the global Outbreak Alert Reports folder. Outbreak Alert reports released prior to this release remain at the ADOM level. The global folder and global reports are identified with the system theme's color applied to the icon.

      Outbreak alert reports received as FortiGuard packages display FortiGuard in the Origin column.

    Previous
    Next

    Outbreak Alerts

    Outbreak Alerts

    The FortiAnalyzer Outbreak Detection Service is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.

    When FortiAnalyzer has a valid license for the Outbreak Detection Service, outbreak alerts from Fortinet are displayed in the Incidents & Events > FortiGuard Services > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM.

    An outbreak alert is a comprehensive report that provides in-depth insights into cybersecurity threats serving as a vital tool for organizations to stay informed about critical and or emerging cybersecurity risks that may compromise sensitive data, disrupt business operations, and pose significant risks to the organization’s overall security.

    Each report provides the background of the attack, the timeline of events, affected technologies, and related threat intelligence such as Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs), and Attack sequence used by the adversaries.

    Without a valid license for the Outbreak Detection Service, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid license for FortiAnalyzer Outbreak Detection Service, contact Fortinet FortiCare.

    The following columns are available for the table in Outbreak Alerts:

    Column

    Description

    Outbreak

    The outbreak name and the related CVE numbers.

    Severity

    The severity of the outbreak.

    Description

    A description of the outbreak.

    Vendor

    The vendor affected by the outbreak.

    Types

    The type of outbreak, such as vulnerability, ransomware, or attack.

    Publish Time

    The publish date from FortiGuard for the outbreak alert.

    Update Time

    The latest update from FortiGuard for the outbreak alert.

    You can sort and filter the table by each column. To filter the table by a column, mouse-over the column header and click the filter icon. You can filter by Contains, Exact Match, and NOT. Enter the filter and click Apply. You can apply multiple filters at once. To remove a filter, mouse-over the column header and click the filter icon; delete the filter or click Remove to remove all filters for that column and click Apply.

    You can use the Search field to find outbreak alerts in the table.

    You can review the complete details of the outbreak alert by double-clicking a record in the table. Alternatively, you can select the outbreak alert in the table and click View. The outbreak alert details from FortiGuard display within the FortiAnalyzer GUI.

    The header for the outbreak alert includes the alert name, release date, most recent update, severity, and type. You can click Download PDF to save the outbreak alert information as a PDF.

    Click the tabs to review the related information. Outbreak alerts typically include the following information:

    Tab

    Description

    Overview

    Includes a brief description of the outbreak, its background, and the related CVE numbers. The overview also includes a Threat Radar, which displays threat ratings from different sources.

    Analysis

    Displays the latest developments for the outbreak organized in a timeline. If applicable, this section may also include an attack sequence, which is a simple diagram of the cyber-attack and its components when deployed to compromise a target system or network.

    Solutions

    Includes relevant links for FortiGuard services to help mitigate the outbreak. This information is typically organized by services that will help to:

    • Protect

    • Detect

    • Respond

    • Recover

    • Identify

    Threat Intelligence

    Includes information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware, and related vulnerabilities.

    The information is organized into widgets that display tables and charts. If there is MITRE ATT&CK® information for the outbreak, you can click the widget to review the related matrix.

    References

    Links to sources for supporting information in relation to the outbreak alert.

    In some cases, the Outbreak Alert may not have charts available. In this case, it will display the information in a print layout with the overview information in the sidebar. For example, see below:

    Event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. With a valid license for the Outbreak Detection Service, these event handlers and reports are automatically downloaded so that they are available in your environment. To find these reports in your FortiAnalyzer GUI, see Viewing imported event handlers and reports.

    Viewing imported event handlers and reports

    With a valid license, the FortiAnalyzer Outbreak Detection Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. Handlers and reports are downloaded from FortiGuard as part of the FOAS package. This section includes information on how to view downloaded outbreak event handlers and reports.

    To view outbreak alert event handlers:

    1. To view the event handlers, go to Incidents & Events > Event Handlers > Event Handlers.

      Event handlers created by the FortiAnalyzer Outbreak Detection Service are displayed with the Outbreak Alert prefix and their Origin is FortiGuard. See Event handlers.

      In FortiAnalyzer 7.6.0 and later, these event handlers will also have the Automatically Create Incident option enabled. The incidents generated by these event handlers can be found in Incidents & Events > Incidents > Incidents.

    To view outbreak alert reports:

    1. To view the reports, go to Reports > Report Definitions > All Reports.

      The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak Detection Service. Reports can be run in HTML, PDF, XML, CSV, and JSON output formats. See Generating reports.

      In FortiAnalyzer 7.4.2 and later, new reports included in the FOAS package are displayed in the global Outbreak Alert Reports folder. Outbreak Alert reports released prior to this release remain at the ADOM level. The global folder and global reports are identified with the system theme's color applied to the icon.

      Outbreak alert reports received as FortiGuard packages display FortiGuard in the Origin column.

    Previous
    Next