FortiAnalyzer 7.0.2 adds a Factory-default FortiAI Breach Prevention Report and a FortiAI Malware Detection Event Handler.
- Go to FortiSoC > Handlers > Event Handler List.
The Default-FAI-Malware-Detection-By-FAI device handler is added and is disabled by default.
- Right click on the event handler and select Enable.
- The default FortiAI event handler detects FortiAI attack logs and generates alerts when there are malware logs that exactly matches over 1440 minutes.
- You can view generated alerts in Event Monitor > All Events.
- Go to Report > Report Definitions > Chart Library.
Multiple FortiAI charts have been added.
- Go to Report > Report Definitions > Macro Library.
Macros have been added for FortiAI files Accept/Detected/Processed.
- Go to Report > Report Definitions > Datasets.
Datasets have been added for FortiAI Attack and Event logs.
- Go to Report > Report Definitions > All Reports.
A new folder has been created for FortiAI devices with a default report called FortiAI Breach Prevention Report. You can right click to edit, clone, delete, or run the report.
The report can be run and generated in a HTML, PDF, XML, and CSV format, which can be viewed from Reports > Generated Reports.
Below is an example report.