IOC
The indicators of compromise (IOC) service alerts administrators about newly found infections and threats to devices in their network. By analyzing unified threat management logging and activity, IOC provides a comprehensive overview of threats to the network.
IOC detects the following threat types, based on the evolving FortiGuard database:
Threat type |
Description |
---|---|
Malware |
Malicious programs residing on infected endpoints |
Potentially unwanted programs |
|
Unknown |
Threats that the signature detected but does not associate with any known malware |
A subscription grants access to IP address allowlisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices' full IP addresses, allowing you to better control their access to your network.
You must enable the IOC column in Assets. See Assets.
To purchase an IOC subscription:
- Go to FortiGate Cloud Indicators of Compromise for purchase options.
- Complete the purchase process and wait for the key to arrive by email.
- Log into the Fortinet Support website.
- On the Asset page, register the code as if it is a new product's serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.
To access IOC:
In the FortiGate list, look to the right. A bomb icon is visible. Click the bomb icon.