You can use a Zero Trust tagging rule as a predefined rule for FortiGuard outbreak alerts by uploading rule signatures.
To configure a Zero Trust tagging rule as a predefined rule for outbreak alerts by uploading rule signatures:
- In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Import Signatures.
- In the Import FortiGuard Outbreak Alert Signatures dialog, upload a JSON file. The JSON file should contain an array of alert objects, each with a tag name and array of signatures. Each signature should have the following properties:
windows, mac, linux, ios, android),
file, registry, process), and
content. If the import succeeds, EMS displays a FortiGuard outbreak alert signatures imported successfully message. If the file is formatted incorrectly, EMS shows an Invalid JSON error.
- View tagged endpoints in Zero Trust Tags > Zero Trust Tag Monitor.