Trigger - FortiCloud-based IOC
This feature expands topology, FortiView, and automation to support Indicators of Compromise (IOC) detection from the FortiCloud IOC service.
FortiGate can now list IOC entries on the FortiView pane and use the IOC event logs as a trigger for automation framework.
FortiGate requires an IOC license and a Webfilter license to use this feature. In addition, you must enabled FortiCloud logging on the FortiGate.
To view compromised hosts, go to FortiView > Compromised Hosts. The IOC entries are displayed when the source is FortiCloud.
You can also view the IOC entries on FortiCloud portal: