FortiGuard Outbreak Alerts service 6.4.4
You can use a Zero Trust tagging rule as a predefined rule for FortiGuard outbreak alerts by uploading rule signatures.
To configure a Zero Trust tagging rule as a predefined rule for outbreak alerts by uploading rule signatures:
- In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Import Signatures.
- In the Import FortiGuard Outbreak Alert Signatures dialog, upload a JSON file. The JSON file should contain an array of alert objects, each with a tag name and array of signatures. Each signature should have the following properties:
os
(windows, mac, linux, ios, android
),type
(file, registry, process
), andcontent
. If the import succeeds, EMS displays a FortiGuard outbreak alert signatures imported successfully message. If the file is formatted incorrectly, EMS shows an Invalid JSON error. - View tagged endpoints in Zero Trust Tags > Zero Trust Tag Monitor.