Fortinet black logo

New Features

Home FortiAnalyzer 7.0.0 New Features

FortiGuard outbreak detection service

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:371125
Download PDF

FortiGuard outbreak detection service

A new FortiGuard Outbreak Detection Service is now available through the Enterprise Protection bundle to protect customer's networks against malware outbreaks. The outbreak alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts, including DearCry, Hafnium, and SolarWinds, are displayed and can be browsed in all ADOMs.
    The outbreak alert can be downloaded by clicking on the download icon.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder. Current outbreak reports include DearCry Report, Hafnium M.S.Exchange Attack Detection Report, and SolarWinds Normalized Report, available in Fabric ADOMs.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid license for the Outbreak Detection Service, a default Fortinet Outbreak Alert page is displayed with a reminder that to get outbreak alert services, you need a license. The option to download outbreak alerts is not available until you have a valid license.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the new Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
To configure FortiGuard settings in the CLI:
  1. In the FortiAnalyzer CLI, enter the following command:

    config fmupdate fds-setting

    (fds-setting) # show

    config fmupdate fds-setting

    config server-override

    set status enable

    config servlist

    edit 1

    set ip 192.168.X.X

Previous
Next

FortiGuard outbreak detection service

A new FortiGuard Outbreak Detection Service is now available through the Enterprise Protection bundle to protect customer's networks against malware outbreaks. The outbreak alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts, including DearCry, Hafnium, and SolarWinds, are displayed and can be browsed in all ADOMs.
    The outbreak alert can be downloaded by clicking on the download icon.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder. Current outbreak reports include DearCry Report, Hafnium M.S.Exchange Attack Detection Report, and SolarWinds Normalized Report, available in Fabric ADOMs.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid license for the Outbreak Detection Service, a default Fortinet Outbreak Alert page is displayed with a reminder that to get outbreak alert services, you need a license. The option to download outbreak alerts is not available until you have a valid license.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the new Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
To configure FortiGuard settings in the CLI:
  1. In the FortiAnalyzer CLI, enter the following command:

    config fmupdate fds-setting

    (fds-setting) # show

    config fmupdate fds-setting

    config server-override

    set status enable

    config servlist

    edit 1

    set ip 192.168.X.X

Previous
Next