Fortinet Document Library

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiGuard outbreak and alert service

A new FortiGuard Outbreak Alert Service (FOAS) is now available through the Enterprise Protection bundle to protect customer's networks against malware outbreaks. The Outbreak Alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts, including DearCry, Hafnium, and SolarWinds, are displayed and can be browsed in all ADOMs.
    The outbreak alert can be downloaded by clicking on the download icon.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder. Current outbreak reports include DearCry Report, Hafnium M.S.Exchange Attack Detection Report, and SolarWinds Normalized Report, available in Fabric ADOMs.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid FOAS license, a default Fortinet Outbreak Alert page is displayed with a reminder that to get outbreak alert services, you need a license. The option to download outbreak alerts is not available until you have a valid license.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the new Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
To configure FortiGuard settings in the CLI:
  1. In the FortiAnalyzer CLI, enter the following command:

    config fmupdate fds-setting

    (fds-setting) # show

    config fmupdate fds-setting

    config server-override

    set status enable

    config servlist

    edit 1

    set ip 192.168.X.X

FortiGuard outbreak and alert service

A new FortiGuard Outbreak Alert Service (FOAS) is now available through the Enterprise Protection bundle to protect customer's networks against malware outbreaks. The Outbreak Alert content package consists of a FortiGuard Report for the outbreak, an Event Handler, and a Report Template to detect the outbreak.

To view outbreak alerts, reports, and event handlers:
  1. Go to FortiSoC > Outbreak Alerts. Available outbreak alerts, including DearCry, Hafnium, and SolarWinds, are displayed and can be browsed in all ADOMs.
    The outbreak alert can be downloaded by clicking on the download icon.
  2. Go to FortiSoC > Handlers > Event Handler List. Corresponding outbreak alert event handlers are installed and listed in related ADOMs automatically.
  3. Go to Reports > Report Definitions > All Reports.
    A new Outbreak Alert Reports folder is available in all ADOMs. All outbreak reports are stored in this folder. Current outbreak reports include DearCry Report, Hafnium M.S.Exchange Attack Detection Report, and SolarWinds Normalized Report, available in Fabric ADOMs.
    Right click a report to run the report. Reports can be generated in HTML, PDF, XML, and CSV formats.

    Below is an example of the Hafnium M.S.Exchange Attack Detection Report.
  4. When FortiAnalyzer does not have a valid FOAS license, a default Fortinet Outbreak Alert page is displayed with a reminder that to get outbreak alert services, you need a license. The option to download outbreak alerts is not available until you have a valid license.
  5. Go to FortiSoC > Handlers > Event Handler List.
    Without a valid license, no outbreak related event handlers are available.
  6. Go to Reports > Report Definitions > All Reports.
    Without a valid license, the new Outbreak Alerts Reports folder is displayed, but no reports are assigned to it.
To configure FortiGuard settings in the CLI:
  1. In the FortiAnalyzer CLI, enter the following command:

    config fmupdate fds-setting

    (fds-setting) # show

    config fmupdate fds-setting

    config server-override

    set status enable

    config servlist

    edit 1

    set ip 192.168.X.X