FortiGuard outbreak and alert service 6.4.6
The FortiGuard Outbreak Alert Service is available with a valid FOAS license to protect customers' networks against malware outbreaks. The Outbreak Alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.
To view outbreak alerts, reports, and event handlers:
- Go to FortiSoC > Outbreak Alerts. Available outbreak alerts are displayed and can be browsed in all ADOMs.
- Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically. The events can be triggered by logs which satisfy the event handlers' filter conditions.
- Go to Reports > Report Definitions > All Reports.
A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder.
Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.
Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
- When FortiAnalyzer does not have a valid FOAS license, a default Fortinet Outbreak Alert page is displayed with a warning that the service is not available in this ADOM yet.
- Go to FortiSoC > Handlers > Event Handler List.
Without a valid license, no outbreak related event handlers are available. - Go to Reports > Report Definitions > All Reports.
Without a valid license, the Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.