Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
Filter Products
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
Filter Products
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
Introducing FortiEDR
FortiEDR Components
How Does FortiEDR Work?
Using FortiEDR - Workflow
Deploying FortiEDR Collectors
Installing FortiEDR Collectors
Before you start
Installing a FortiEDR Collector on Windows
Installing a FortiEDR Collector on macOS
Installing a FortiEDR Collector on Linux
Automated FortiEDR Collector Deployment
Installing FortiEDR on Mac Big Sur Devices using Jamf PRO
Setting up exclusions with other AV products
Working with FortiEDR on VDI Environments
Uninstalling FortiEDR Collectors
Upgrading the Collector
Security Settings
Introducing FortiEDR Security Policies
Out-of-the-box Policies
Protection or Simulation Mode
Security Policies Page
Setting a Security Policy’s Prevention or Simulation Mode
Creating a New Security Policy
Assigning a Security Policy to a Collector Group
Playbook Policies
Automated Incident Response - Playbooks Page
Assigned Collector Groups
Advanced Playbooks Data
Playbook Policy Actions
Exception Manager
Threat Hunting Settings
Assigning a Collector Group to a Profile
Creating/Cloning a Profile
Exclusion Manager
Filters
Defining Exclusion Lists
Defining Exclusions
Inventory
Introducing the Inventory
Collectors
Defining a New Collector Group
Assigning Collectors to a Collector Group
Deleting a Collector Group/Collector
Enabling/Disabling a Collector
Device Isolation
Unmanaged Devices
IoT Devices
Defining a New IoT Group
Assigning Devices to an IoT Group
Deleting an IoT Device/IoT Group
Refreshing IoT Device Data
Exporting IoT Information
System Components
Aggregators
Cores
Repositories
Exporting Logs
Exporting Logs for Collectors
Exporting Logs for Cores
Exporting Logs for Aggregators
Dashboard
Introduction
Security Events Chart
Communication Control Chart
Collectors Chart
Most Targeted Charts
External Destinations
System Components
Executive Summary Report
Event Statistics
Destinations
Most-targeted Devices
Most-targeted Processes
Communication Control
System Components
License Status
Event Viewer
Introducing the Event Viewer
Events Pane
Advanced Data
Event Graph
Geo Location
Automated Analysis
Marking a Security Event as Handled/Unhandled
Manually Changing the Classification of a Security Event
Defining Security Event Exceptions
Defining the Scope of an Exception
Defining a Security Event as an Exception
Device Control Exceptions
Editing Security Event Exceptions
Marking a Security Event as Read/Unread
Viewing Relevant Activity Events
Viewing Expired Security Events
Viewing Device Control Security Events
Other Options in the Event Viewer
Classification Details
Communication Control
Application Communication Control - How Does it Work?
Introducing Communication Control
Applications
Reputation Score
Vulnerability
Resolved vs. Unresolved Applications
Sorting the Application List
Marking an Entry as Read/Unread
Modifying a Policy Action
Searching the Application List
Other Options in the Application Pane
Advanced Data
Policies
Predefined Policies
Policy Mode
Policy Rules
Assigning a Policy to a Collector Group
Creating a New Communication Control Policy
Other Options in the Policies Pane
Forensics
Introduction
Flow Analyzer View
Stack View
Compare View
Defining an Exception
Remediating a Device Upon Malware Detection
Retrieving Memory
Isolating a Device
Threat Hunting
Threat Hunting
Filters
Facets
Activity Events Tables
Details Pane
Legacy Threat Hunting
Administration
Licensing
Updating the Collector Version
Loading a Server Certificate
Requesting and Obtaining a Collector Installer
Users
Two-Factor Authentication
Resetting a User Password
LDAP Authentication
SAML Authentication
SAML IdP configuration with Azure
SAML IdP Configuration with Okta
SAML IdP Configuration with FortiAuthenticator
Setting up FortiAuthenticator as an IdP
Setting up User Group Management
Setting up Service Provider for FortiEDR
Distribution Lists
Export Settings
SMTP
Open Ticket
Syslog
Tools
Audit Trail
Component Authentication
Automatic Collector Updates
File Scan
End-user Notifications
IoT Device Discovery
Personal Data Handling
Windows Security Center
System Events
IP Sets
Integrations
Adding Connectors
Firewall Integration
Network Access Control (NAC) Integration
Sandbox Integration
eXtended Detection Source Integration
Custom Integration
Action Manager
Troubleshooting
A FortiEDR Collector Does Not Display in the INVENTORY Tab
User Cannot Communicate Externally or Files Modification Activity Is Blocked
Threat Hunting Tab Does Not Show Expected Activity Events
Collector is slow or hangs
Multi-tenancy (Organizations)
What is a Multi-organization Environment in FortiEDR?
Component Registration in a Multi-organization Environment
Workflow
Step 1 – Logging In to a Multi-organization System
Step 2 – Defining or Importing an Organization
Step 3 - Navigating Between Organizations
Step 4 – Defining a Local Administrator for an Organization
Step 5 – Performing Operations in the FortiEDR System
Migrating an Organization
Hoster View
Licensing
Users
Tools
Dashboard
Event Viewer
Forensics
Communication Control
Threat Hunting
Security Settings
Exception Manager
Inventory
Appendix A – Setting up an Email Feed for Open Ticket
Appendix B - Lucene Syntax
Appendix C – ON PREMISE DEPLOYMENTS
Setting up the FortiEDR Central Manager and FortiEDR Aggregator
Setting up the FortiEDR Central Manager and Aggregator on the Same Machine
Setting up the FortiEDR Central Manager and Aggregator on different machines
Setting up a VM to be the FortiEDR Central Manager
Setting up a VM to be the FortiEDR Aggregator
Configuring the FortiEDR Central Manager Server and Console
Setting up the FortiEDR Threat Hunting Repository
Setting up the FortiEDR Core
FortiEDR CLI Commands
Upgrading FortiEDR Components
Upgrading the Central Manager
Upgrading the Aggregator
Upgrading the Threat Hunting Repository
Upgrading the Core
Change Log
Home
FortiEDR/XDR 5.0.0
Administration Guide
5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Communication Control
Communication Control
The Communication Control window is not available in Hoster view.
Previous
Next
Communication Control
The Communication Control window is not available in Hoster view.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Introducing FortiEDR
FortiEDR Components
How Does FortiEDR Work?
Using FortiEDR - Workflow
Deploying FortiEDR Collectors
Installing FortiEDR Collectors
Before you start
Installing a FortiEDR Collector on Windows
Installing a FortiEDR Collector on macOS
Installing a FortiEDR Collector on Linux
Automated FortiEDR Collector Deployment
Installing FortiEDR on Mac Big Sur Devices using Jamf PRO
Setting up exclusions with other AV products
Working with FortiEDR on VDI Environments
Uninstalling FortiEDR Collectors
Upgrading the Collector
Security Settings
Introducing FortiEDR Security Policies
Out-of-the-box Policies
Protection or Simulation Mode
Security Policies Page
Setting a Security Policy’s Prevention or Simulation Mode
Creating a New Security Policy
Assigning a Security Policy to a Collector Group
Playbook Policies
Automated Incident Response - Playbooks Page
Assigned Collector Groups
Advanced Playbooks Data
Playbook Policy Actions
Exception Manager
Threat Hunting Settings
Assigning a Collector Group to a Profile
Creating/Cloning a Profile
Exclusion Manager
Filters
Defining Exclusion Lists
Defining Exclusions
Inventory
Introducing the Inventory
Collectors
Defining a New Collector Group
Assigning Collectors to a Collector Group
Deleting a Collector Group/Collector
Enabling/Disabling a Collector
Device Isolation
Unmanaged Devices
IoT Devices
Defining a New IoT Group
Assigning Devices to an IoT Group
Deleting an IoT Device/IoT Group
Refreshing IoT Device Data
Exporting IoT Information
System Components
Aggregators
Cores
Repositories
Exporting Logs
Exporting Logs for Collectors
Exporting Logs for Cores
Exporting Logs for Aggregators
Dashboard
Introduction
Security Events Chart
Communication Control Chart
Collectors Chart
Most Targeted Charts
External Destinations
System Components
Executive Summary Report
Event Statistics
Destinations
Most-targeted Devices
Most-targeted Processes
Communication Control
System Components
License Status
Event Viewer
Introducing the Event Viewer
Events Pane
Advanced Data
Event Graph
Geo Location
Automated Analysis
Marking a Security Event as Handled/Unhandled
Manually Changing the Classification of a Security Event
Defining Security Event Exceptions
Defining the Scope of an Exception
Defining a Security Event as an Exception
Device Control Exceptions
Editing Security Event Exceptions
Marking a Security Event as Read/Unread
Viewing Relevant Activity Events
Viewing Expired Security Events
Viewing Device Control Security Events
Other Options in the Event Viewer
Classification Details
Communication Control
Application Communication Control - How Does it Work?
Introducing Communication Control
Applications
Reputation Score
Vulnerability
Resolved vs. Unresolved Applications
Sorting the Application List
Marking an Entry as Read/Unread
Modifying a Policy Action
Searching the Application List
Other Options in the Application Pane
Advanced Data
Policies
Predefined Policies
Policy Mode
Policy Rules
Assigning a Policy to a Collector Group
Creating a New Communication Control Policy
Other Options in the Policies Pane
Forensics
Introduction
Flow Analyzer View
Stack View
Compare View
Defining an Exception
Remediating a Device Upon Malware Detection
Retrieving Memory
Isolating a Device
Threat Hunting
Threat Hunting
Filters
Facets
Activity Events Tables
Details Pane
Legacy Threat Hunting
Administration
Licensing
Updating the Collector Version
Loading a Server Certificate
Requesting and Obtaining a Collector Installer
Users
Two-Factor Authentication
Resetting a User Password
LDAP Authentication
SAML Authentication
SAML IdP configuration with Azure
SAML IdP Configuration with Okta
SAML IdP Configuration with FortiAuthenticator
Setting up FortiAuthenticator as an IdP
Setting up User Group Management
Setting up Service Provider for FortiEDR
Distribution Lists
Export Settings
SMTP
Open Ticket
Syslog
Tools
Audit Trail
Component Authentication
Automatic Collector Updates
File Scan
End-user Notifications
IoT Device Discovery
Personal Data Handling
Windows Security Center
System Events
IP Sets
Integrations
Adding Connectors
Firewall Integration
Network Access Control (NAC) Integration
Sandbox Integration
eXtended Detection Source Integration
Custom Integration
Action Manager
Troubleshooting
A FortiEDR Collector Does Not Display in the INVENTORY Tab
User Cannot Communicate Externally or Files Modification Activity Is Blocked
Threat Hunting Tab Does Not Show Expected Activity Events
Collector is slow or hangs
Multi-tenancy (Organizations)
What is a Multi-organization Environment in FortiEDR?
Component Registration in a Multi-organization Environment
Workflow
Step 1 – Logging In to a Multi-organization System
Step 2 – Defining or Importing an Organization
Step 3 - Navigating Between Organizations
Step 4 – Defining a Local Administrator for an Organization
Step 5 – Performing Operations in the FortiEDR System
Migrating an Organization
Hoster View
Licensing
Users
Tools
Dashboard
Event Viewer
Forensics
Communication Control
Threat Hunting
Security Settings
Exception Manager
Inventory
Appendix A – Setting up an Email Feed for Open Ticket
Appendix B - Lucene Syntax
Appendix C – ON PREMISE DEPLOYMENTS
Setting up the FortiEDR Central Manager and FortiEDR Aggregator
Setting up the FortiEDR Central Manager and Aggregator on the Same Machine
Setting up the FortiEDR Central Manager and Aggregator on different machines
Setting up a VM to be the FortiEDR Central Manager
Setting up a VM to be the FortiEDR Aggregator
Configuring the FortiEDR Central Manager Server and Console
Setting up the FortiEDR Threat Hunting Repository
Setting up the FortiEDR Core
FortiEDR CLI Commands
Upgrading FortiEDR Components
Upgrading the Central Manager
Upgrading the Aggregator
Upgrading the Threat Hunting Repository
Upgrading the Core
Change Log