Threat Intelligence Capabilities

FortiSOAR enhances your organization’s cybersecurity posture through integrated threat intelligence features. Powered by FortiGuard Labs, these capabilities support proactive threat detection, faster incident response, and enhanced situational awareness.

To enable threat intelligence and outbreak management features, install and configure the Threat Intel Management and Outbreak Response Management Solution Packs. For installation instructions, see the Solution Packs chapter.

To access unrestricted FortiGuard or other threat feeds and advanced Threat Intelligence Management features, a Threat Intel Management Service Subscription is required. For more information, see the Licensing FortiSOAR chapter in the "Deployment Guide".

Key Features

• Outbreak Management: Detect, monitor, and respond to widespread cyberattacks with significant business impact. Outbreak Management provides tools to assess and mitigate high-severity threats in real time.
  
• Threat Intelligence Management: Aggregate, normalize, and analyze threat data — including Threat Feeds, Reports, and Actor profiles — from internal and external sources to accelerate threat detection and response. Key capabilities include:
  • Threat Intel Search: Query FortiGuard’s extensive threat intelligence database to investigate Indicators of Compromise (IOCs), including associated malware, threat actors, CVEs, and threat correlations. This feature provides contextual insights to support faster threat validation and informed decision-making.
  • CVE Correlation with Threat Reports and Threat Actors:Correlate Common Vulnerabilities and Exposures (CVE) data with active threat reports and actors to identify vulnerabilities currently being exploited in the wild. This helps prioritize remediation efforts based on real-world threat activity.