The FortiGuard Outbreak Alerts service has added support for rules that include common vulnerabilities and exposures (CVE) IDs. You can now also configure Common Vulnerabilities and Exposures Zero Trust tagging rules. This makes it more convenient for you to check and patch an endpoint that has the critical known vulnerabilities.
The following shows a FortiGuard Outbreak rule that EMS has downloaded from FortiGuard. You can view the configured CVE IDs when viewing the rule details in EMS. You can also read more details about these vulnerabilities in the information that the Comments field provides. In this example, the rule is applicable to an endpoint where CVE-2022-24508, CVE-2021-34523, or CVE-2021-31207 is present.
When FortiClient detects one of the configured CVEs on an endpoint, the endpoint summary in EMS shows that EMS has tagged the endpoint with the appropriate FortiGuard outbreak tag.
You can also go to Zero Trust Tags > Zero Trust Tag Monitor and filter by Outbreak Tags to view the endpoint.
- Go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Add.
- Click Add Rule.
- From the Rule Type dropdown list, select Common Vulnerabilities and Exposures.
- In the CVEs field, enter the desired CVE ID in the format CVE-xxxx-xxxxx. If desired, click the + button to configure multiple CVE IDs.
- Click Save.
- Configure other fields as desired, then save the rule.
When FortiClient detects one of the configured CVEs on an endpoint, the endpoint summary in EMS shows that EMS has tagged the endpoint with the appropriate Zero Trust tag.
You can also go to Zero Trust Tags > Zero Trust Tag Monitor and filter by Zero Trust Tags to view the endpoint.