Outbreak Alerts
The FortiAnalyzer Outbreak Detection Service is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.
When FortiAnalyzer has a valid license for the Outbreak Detection Service, outbreak alerts from Fortinet are displayed in the FortiSoC > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM. You can navigate between outbreak alerts by clicking on the corresponding tab at the top of the pane, and click the download icon to download a copy of the outbreak alert.
Outbreak event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. Outbreak reports and event handlers are automatically downloaded so that they are available in your environment. See Viewing imported event handlers and reports.
Without a valid license for the Outbreak Detection Service, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid license, contact Fortinet FortiCare.
Viewing imported event handlers and reports
With a valid license, the FortiAnalyzer Outbreak Detection Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. This section includes information on how to view downloaded outbreak event handlers and reports.
To view outbreak event handlers and reports:
- Go to FortiSoC > Handlers > Event Handler List.
Event handlers created by the FortiAnalyzer Outbreak Detection Service are displayed with the Outbreak Alert prefix. See Event handlers. - Go to Reports > All Reports.
The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak Detection Service. Reports can be run in HTML, PDF, XML, and CSV output formats. See Generating reports.