Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    New Features

    7.6.0
    8.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    GUI support for enhanced logging for threat feeds

    GUI support for enhanced logging for threat feeds

    FortiOS includes two new fields have been added to the threat feed system event log Log Details pane, Total External Resource Entries and Invalid External Resource Entries. These fields display the total number of entries and the number of invalid entries in the Threat Feed. The additional information from these new fields can assist in detecting configuration errors and setting up alerts to spot significant and potentially abnormal changes in the size of the threat feed.

    These new fields are available on these threat feeds:

    • MAC address

    • IP address

    • Category

    • Malware hash

    • Domain

    When viewing threat feed logs in the CLI, exttotal and extinvalid have been added to the CLI:

    CLI threat feed examples:

    • MAC address
      1: date=2024-06-17 time=11:09:21 eventtime=1718647761458961985 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-mac' updated successfully" desc="threat-feed" exttotal=266 extinvalid=10

    • IP address
      1: date=2024-06-17 time=13:49:48 eventtime=1718657388125965730 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-ip-address' updated successfully" desc="threat-feed" exttotal=24 extinvalid=1

    • Category
      1: date=2024-06-17 time=13:37:52 eventtime=1718656671378406008 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-category' updated successfully" desc="threat-feed" exttotal=30 extinvalid=3

    • Malware hash
      1: date=2024-06-17 time=13:50:57 eventtime=1718657456529812599 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-mal' updated successfully" desc="threat-feed" exttotal=11 extinvalid=4

    • Domain
      1: date=2024-06-17 time=13:54:23 eventtime=1718657663324715674 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-domain' updated successfully" desc="threat-feed" exttotal=44 extinvalid=3

    To view these new fields on threat feeds:

    1. From the Log & Report > System Events page, click the Logs tab.

    2. Enable these setting options in the window:

      • General System Events

      • Memory

    3. Search for any threat feed and double-click a threat feed entry. The Log Details pane is displayed. The results for valid and invalid entries are displayed at the bottom of the pane.

    Previous
    Next

    GUI support for enhanced logging for threat feeds

    GUI support for enhanced logging for threat feeds

    FortiOS includes two new fields have been added to the threat feed system event log Log Details pane, Total External Resource Entries and Invalid External Resource Entries. These fields display the total number of entries and the number of invalid entries in the Threat Feed. The additional information from these new fields can assist in detecting configuration errors and setting up alerts to spot significant and potentially abnormal changes in the size of the threat feed.

    These new fields are available on these threat feeds:

    • MAC address

    • IP address

    • Category

    • Malware hash

    • Domain

    When viewing threat feed logs in the CLI, exttotal and extinvalid have been added to the CLI:

    CLI threat feed examples:

    • MAC address
      1: date=2024-06-17 time=11:09:21 eventtime=1718647761458961985 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-mac' updated successfully" desc="threat-feed" exttotal=266 extinvalid=10

    • IP address
      1: date=2024-06-17 time=13:49:48 eventtime=1718657388125965730 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-ip-address' updated successfully" desc="threat-feed" exttotal=24 extinvalid=1

    • Category
      1: date=2024-06-17 time=13:37:52 eventtime=1718656671378406008 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-category' updated successfully" desc="threat-feed" exttotal=30 extinvalid=3

    • Malware hash
      1: date=2024-06-17 time=13:50:57 eventtime=1718657456529812599 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-mal' updated successfully" desc="threat-feed" exttotal=11 extinvalid=4

    • Domain
      1: date=2024-06-17 time=13:54:23 eventtime=1718657663324715674 tz="-0700" logid="0100022220" type="event" subtype="system" level="information" vd="vd1" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-vd1.test-domain' updated successfully" desc="threat-feed" exttotal=44 extinvalid=3

    To view these new fields on threat feeds:

    1. From the Log & Report > System Events page, click the Logs tab.

    2. Enable these setting options in the window:

      • General System Events

      • Memory

    3. Search for any threat feed and double-click a threat feed entry. The Log Details pane is displayed. The results for valid and invalid entries are displayed at the bottom of the pane.

    Previous
    Next