Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Outbreak Alerts

The FortiAnalyzer Outbreak Alert Service (FOAS) is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.

When FortiAnalyzer has a valid FOAS license, outbreak alerts from Fortinet are displayed in the FortiSoC > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM. You can navigate between outbreak alerts by clicking on the corresponding tab at the top of the pane, and click the download icon to download a copy of the outbreak alert.

Outbreak event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. Outbreak reports and event handlers are automatically downloaded so that they are available in your environment. See Viewing imported event handlers and reports.

Without a valid license, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid FOAS license, contact Fortinet FortiCare.

Viewing imported event handlers and reports

With a valid license, the FortiAnalyzer Outbreak Alert Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. This section includes informaton on how to view downloaded outbreak event handlers and reports.

To view FOAS event handlers and reports:
  1. Go to FortiSoC > Handlers > Event Handler List.
    Event handlers created by the FortiAnalyzer Outbreak Alert Service are displayed with the Outbreak Alert prefix. See Event handlers.

  2. Go to Reports > All Reports.
    The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak and Alert Service. Reports can be run in HTML, PDF, XML, and CSV output formats. See Generating reports.

Outbreak Alerts

The FortiAnalyzer Outbreak Alert Service (FOAS) is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.

When FortiAnalyzer has a valid FOAS license, outbreak alerts from Fortinet are displayed in the FortiSoC > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM. You can navigate between outbreak alerts by clicking on the corresponding tab at the top of the pane, and click the download icon to download a copy of the outbreak alert.

Outbreak event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. Outbreak reports and event handlers are automatically downloaded so that they are available in your environment. See Viewing imported event handlers and reports.

Without a valid license, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid FOAS license, contact Fortinet FortiCare.

Viewing imported event handlers and reports

With a valid license, the FortiAnalyzer Outbreak Alert Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. This section includes informaton on how to view downloaded outbreak event handlers and reports.

To view FOAS event handlers and reports:
  1. Go to FortiSoC > Handlers > Event Handler List.
    Event handlers created by the FortiAnalyzer Outbreak Alert Service are displayed with the Outbreak Alert prefix. See Event handlers.

  2. Go to Reports > All Reports.
    The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak and Alert Service. Reports can be run in HTML, PDF, XML, and CSV output formats. See Generating reports.