Retrospective IoC - FortiGuard Lookup
This feature enables extensions within the IoC GUI to automatically look up FortiGuard details about any IoC destination, and provide links to feedback forums and FortiGuard.
To look up FortiGuard details and provide feedback:
- Go to SOC > FortiView > Threats > Compromised Hosts and double click on an endpoint to show the threats list for that client.
- In the Blacklist, click an entry in the Detect Pattern column to open threat related information after FortiAnalyzer queries FortiGuard and gets a response for the specific threat.
If no information about the threat is returned from FortiGuard, No match found will be displayed.
- To report a misrated IoC, click Report Misrated IoC to open the FortiGuard Indicator of Compromise Appeal page, with the detected pattern automatically entered in the IP/Domain/URL field.
Fill in your contact information, and describe the reason why you think the threat is misrated, then click Submit to submit the form to the FortiGuard team from review.
- In the Blacklist, click a specific threat type or threat name to view a definition of the entry.