Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

FortiGuard outbreak and alert service 6.4.6

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:371125
Download PDF

FortiGuard outbreak and alert service 6.4.6

The FortiGuard Outbreak Alert Service is available with a valid FOAS license to protect customers' networks against malware outbreaks. The Outbreak Alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts are displayed and can be browsed in all ADOMs.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically. The events can be triggered by logs which satisfy the event handlers' filter conditions.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid FOAS license, a default Fortinet Outbreak Alert page is displayed with a warning that the service is not available in this ADOM yet.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
Previous
Next

FortiGuard outbreak and alert service 6.4.6

The FortiGuard Outbreak Alert Service is available with a valid FOAS license to protect customers' networks against malware outbreaks. The Outbreak Alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts are displayed and can be browsed in all ADOMs.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically. The events can be triggered by logs which satisfy the event handlers' filter conditions.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid FOAS license, a default Fortinet Outbreak Alert page is displayed with a warning that the service is not available in this ADOM yet.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
Previous
Next