FortiGate Cloud-based IOC
Topology, FortiView, and automation support Indicators of Compromise (IOC) detection from the FortiGate Cloud IOC service.
FortiGate lists IOC entries on the FortiView pane, and uses the IOC event logs as a trigger for automation stitches. IOC and web filter licenses are required to use this feature. You must also enable FortiGate Cloud logging on the FortiGate.
To view compromised hosts, go to FortiView > Compromised Hosts. The IOC entries are displayed when the source is FortiGate Cloud.
You can also view the IOC entries in the FortiGate Cloud portal.