Appendix D - FortiGuard Updates
For deployments that have Internet connections, FortiNDR by default relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:
Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr
For v7.0.1 and later, the offline package files have more data compared to the v1.0 and v7.0 packages. The number of packages has increased as well. The v7.0.1 packages have additional data and they will fail to load in previous firmware versions. However, the v1.0/v7.0 ANN packages can be loaded in v7.0.1 and later firmware versions. Please download the corresponding packages according to the firmware version on the support website. For more information about loading offline packages , see the |
Other detection techniques:
The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).
Detection Techniques |
Supports offline manual update |
Comments |
---|---|---|
Malware via ANN |
Yes |
Can be updated manually via GUI or with an offline package via CLI. |
AV engine |
Yes |
Shipped by default. Can be updated with internet via GUI or with an offline package via CLI. |
Botnet detection |
Yes |
Has DB by default. Can be updated with internet via GUI or with an offline package via CLI. |
Network Attacks / Application control |
Yes |
Has DB by default. Can be updated with internet via GUI or with an offline package via CLI. |
Encrypted attacks (via JA3) |
Yes |
Has DB by default. Can be updated with internet via GUI or with an offline package via CLI. |
Weak cipher/vulnerable protocol detection |
NA |
Comes with firmware, no updates required. |
Device inventory |
No |
Lookup IOT services to determine device role/type/OS |
FortiGuard IOC |
No |
Requires Internet to lookup URLs and IP for web campaigns associated. |
ML Discovery |
NA |
Local ML algorithm updates via firmware. |
Geo DB |
No |
Comes with firmware, does not update often, supports FortiGuard Update via internet. |