Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Alerts Reference

    Home FortiCNAPP Alerts Reference

    Threat intel alerts reference

    Threat intel alerts reference

    This section provides information about the available threat intel alerts.

    Threat intel alerts provide warning of potential threats based on the latest intelligence and threat analysis. Each alert provides supporting facts that can be useful to you when investigating or implementing remediation steps.

    For each documented alert, the following information is provided:

    • A summary of the alert.
    • Why the alert is important.
    • Information about investigating the event that triggered the alert.
    • Information about how to resolve the alert.

    Advantages of Threat Intel alerts

    The following are key advantages of Lacework FortiCNAPP's threat intel alerts, contributing to our prevention and detection cybersecurity strategies:

    • Dynamic Severity Calculation - Our system determines severity based on the number of threat intel providers marking the Indicators of Compromise (IOC) as malicious, resulting in more precise threat assessment and prioritization. This reduces false positives and enhances accuracy for customers.
    • Leveraging Customer Databases - We utilize Lacework FortiCNAPP Customer Databases (CDBs) containing attacking external IP addresses to power indicator-based detection approach. This enables more accurate measurement of severity.
      • Targeted Customer Mapping: Severity levels dynamically consider the number of targeted customers for an indicator, providing an accurate representation of potential threats and estimated impact across Lacework FortiCNAPP's customer base.
      • Daily IOC Database Updates: Our IOC database is now updated daily, ensuring up-to-date and fresh data.
      • Automated Time-To-Live (TTL) Evaluation: A daily automated process evaluates the time to live (TTL) of an IOC, ensuring the database remains current and relevant. We have a 90-day maximum retention period by default.
    • Enhanced Tag System - We have revamped the tag system to provide more contextual information in the Console.
      • Malicious Intel Provider Hit Count: Tags now include the hit count of malicious intel providers, offering additional insight.
      • Additional Filtration Layer: A new filtration layer excludes specific Autonomous System Number (ASN) owners and networks from VirusTotal. Contact Fortinet Support for the list of excluded ASN owners.

    These advancements strengthen Lacework FortiCNAPP's threat intel alerts, empowering organizations with greater visibility and actionable intelligence for comprehensive cybersecurity.

    Note

    Inbound IOC alerts are assigned a severity one level lower compared to outbound alerts. For example, if an IOC is identified as malicious by 10 or more providers, it will be classified as Medium severity for inbound connections and High severity for outbound connections. For more information, refer to Alert Severity.
    Previous
    Next

    Threat intel alerts reference

    Threat intel alerts reference

    This section provides information about the available threat intel alerts.

    Threat intel alerts provide warning of potential threats based on the latest intelligence and threat analysis. Each alert provides supporting facts that can be useful to you when investigating or implementing remediation steps.

    For each documented alert, the following information is provided:

    • A summary of the alert.
    • Why the alert is important.
    • Information about investigating the event that triggered the alert.
    • Information about how to resolve the alert.

    Advantages of Threat Intel alerts

    The following are key advantages of Lacework FortiCNAPP's threat intel alerts, contributing to our prevention and detection cybersecurity strategies:

    • Dynamic Severity Calculation - Our system determines severity based on the number of threat intel providers marking the Indicators of Compromise (IOC) as malicious, resulting in more precise threat assessment and prioritization. This reduces false positives and enhances accuracy for customers.
    • Leveraging Customer Databases - We utilize Lacework FortiCNAPP Customer Databases (CDBs) containing attacking external IP addresses to power indicator-based detection approach. This enables more accurate measurement of severity.
      • Targeted Customer Mapping: Severity levels dynamically consider the number of targeted customers for an indicator, providing an accurate representation of potential threats and estimated impact across Lacework FortiCNAPP's customer base.
      • Daily IOC Database Updates: Our IOC database is now updated daily, ensuring up-to-date and fresh data.
      • Automated Time-To-Live (TTL) Evaluation: A daily automated process evaluates the time to live (TTL) of an IOC, ensuring the database remains current and relevant. We have a 90-day maximum retention period by default.
    • Enhanced Tag System - We have revamped the tag system to provide more contextual information in the Console.
      • Malicious Intel Provider Hit Count: Tags now include the hit count of malicious intel providers, offering additional insight.
      • Additional Filtration Layer: A new filtration layer excludes specific Autonomous System Number (ASN) owners and networks from VirusTotal. Contact Fortinet Support for the list of excluded ASN owners.

    These advancements strengthen Lacework FortiCNAPP's threat intel alerts, empowering organizations with greater visibility and actionable intelligence for comprehensive cybersecurity.

    Note

    Inbound IOC alerts are assigned a severity one level lower compared to outbound alerts. For example, if an IOC is identified as malicious by 10 or more providers, it will be classified as Medium severity for inbound connections and High severity for outbound connections. For more information, refer to Alert Severity.
    Previous
    Next