Fortinet Document Library

Version:


Table of Contents

21.4.0
Download PDF
Copy Link

IOC

IOC alerts administrators about newly found infections and threats to devices in their network. By analyzing UTM logging and activity, IOC provides a comprehensive overview of threats to the network.

IOC detects three threat types, based on the evolving FortiGuard database:

Threat type

Description

Malware

Malicious programs residing on infected endpoints

Potentially unwanted programs

Spyware, adware, and toolbars

Unknown

Threats that the signature has detected but are not associated with any known malware

A subscription grants access to IP address allowlisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices' full IP addresses, allowing you to better control their access to your network.

You must enable the IOC column in Network Overview. See Network Overview.

To purchase an IOC subscription:
  1. Visit FortiGate Cloud Indicators of Compromise for purchase options.
  2. Complete the purchase process, and wait for the key to arrive by email.
  3. Log into the Fortinet Support website.
  4. On the Asset page, register the code as if it were a new product's serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.
To access IOC:
  1. In the FortiGate list, look to the right. A bomb icon is visible. Click the bomb icon.

IOC

IOC alerts administrators about newly found infections and threats to devices in their network. By analyzing UTM logging and activity, IOC provides a comprehensive overview of threats to the network.

IOC detects three threat types, based on the evolving FortiGuard database:

Threat type

Description

Malware

Malicious programs residing on infected endpoints

Potentially unwanted programs

Spyware, adware, and toolbars

Unknown

Threats that the signature has detected but are not associated with any known malware

A subscription grants access to IP address allowlisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices' full IP addresses, allowing you to better control their access to your network.

You must enable the IOC column in Network Overview. See Network Overview.

To purchase an IOC subscription:
  1. Visit FortiGate Cloud Indicators of Compromise for purchase options.
  2. Complete the purchase process, and wait for the key to arrive by email.
  3. Log into the Fortinet Support website.
  4. On the Asset page, register the code as if it were a new product's serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.
To access IOC:
  1. In the FortiGate list, look to the right. A bomb icon is visible. Click the bomb icon.