Fortinet black logo

Administration Guide

Home FortiEDR/XDR 6.0.0 Administration Guide
6.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Threat Hunting

Threat Hunting

FortiEDR’s Threat Hunting functionality enables you to search for many types of Indicators of Compromise (IOCs) and malware across your entire environment in order to enable enhanced detection. Searching can be based on various attributes of files, registry keys and values, network, processes, event log and activity event types. Search operations apply to both Windows and Linux operating system activity.

Select from the following FortiEDR’s Threat Hunting options:

  • Threat Hunting—Search for activities based on a security event’s process or HASH, activity types, Process/File/Registry/Network or Event Log criteria. Use this option for a wide range of threat hunting capabilities for Collectors that run FortiEDR 5.0 or later.

  • Legacy Threat Hunting—Hunt for files and hashes collected before the upgrade to 5.0 on Collectors that runs a FortiEDR version earlier than 5.0. This functionality is unavailable if all Collectors in your system run FortiEDR 5.0 or later.

Note

Threat Hunting is a license-dependent add-on. You may contact Fortinet Support for more information.
Previous
Next

Threat Hunting

FortiEDR’s Threat Hunting functionality enables you to search for many types of Indicators of Compromise (IOCs) and malware across your entire environment in order to enable enhanced detection. Searching can be based on various attributes of files, registry keys and values, network, processes, event log and activity event types. Search operations apply to both Windows and Linux operating system activity.

Select from the following FortiEDR’s Threat Hunting options:

  • Threat Hunting—Search for activities based on a security event’s process or HASH, activity types, Process/File/Registry/Network or Event Log criteria. Use this option for a wide range of threat hunting capabilities for Collectors that run FortiEDR 5.0 or later.

  • Legacy Threat Hunting—Hunt for files and hashes collected before the upgrade to 5.0 on Collectors that runs a FortiEDR version earlier than 5.0. This functionality is unavailable if all Collectors in your system run FortiEDR 5.0 or later.

Note

Threat Hunting is a license-dependent add-on. You may contact Fortinet Support for more information.
Previous
Next