Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Uploading signatures for FortiGuard Outbreak Alerts service

You can use a Zero Trust tagging rule as a predefined rule for FortiGuard outbreak alerts by uploading rule signatures.

To configure a Zero Trust tagging rule as a predefined rule for outbreak alerts by uploading rule signatures:
  1. In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Import Signatures.

  3. In the Import FortiGuard Outbreak Alert Signatures dialog, upload a JSON file. The JSON file should contain an array of alert objects, each with a tag name and array of signatures. Each signature should have the following properties: os (windows, mac, linux, ios, android), type (file, registry, process), and content. If the import succeeds, EMS displays a FortiGuard outbreak alert signatures imported successfully message. If the file is formatted incorrectly, EMS shows an Invalid JSON error.
  4. View tagged endpoints in Zero Trust Tags > Zero Trust Tag Monitor.

Uploading signatures for FortiGuard Outbreak Alerts service

You can use a Zero Trust tagging rule as a predefined rule for FortiGuard outbreak alerts by uploading rule signatures.

To configure a Zero Trust tagging rule as a predefined rule for outbreak alerts by uploading rule signatures:
  1. In EMS, go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Import Signatures.

  3. In the Import FortiGuard Outbreak Alert Signatures dialog, upload a JSON file. The JSON file should contain an array of alert objects, each with a tag name and array of signatures. Each signature should have the following properties: os (windows, mac, linux, ios, android), type (file, registry, process), and content. If the import succeeds, EMS displays a FortiGuard outbreak alert signatures imported successfully message. If the file is formatted incorrectly, EMS shows an Invalid JSON error.
  4. View tagged endpoints in Zero Trust Tags > Zero Trust Tag Monitor.