FortiGate Cloud – IOC

IOC

FortiGate Cloud IOC alerts administrators about newly found infections and threats to devices in their network. By analyzing UTM logging and activity, IOC provides a comprehensive overview of threats to the network.

IOC detects three threat types, based on the evolving FortiGuard database:

Threat type Description
Malware Malicious programs residing on infected endpoints
Potentially unwanted programs Spyware, adware, and toolbars
Unknown Threats that the signature has detected but are not associated with any known malware

The free version of IOC is currently available on all accounts in the North America datacenter. The free version alerts you to threats and automatically prepares a comprehensive threat report. Threats listed only provide infected devices’ partial IP addresses: server and subnet.

A subscription grants access to IP address whitelisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices’ full IP addresses, allowing you to better control their access to your network.

To purchase an IOC subscription:

  1. Open the Plan page in the FortiGate Cloud IOC site, and select Buy Online.
  2. Complete the purchase process, and wait for the key to arrive by email.
  3. Log into the Fortinet Support website.
  4. On the Asset page, register the code as if it were a new product’s serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.

To access IOC using a non-multitenancy account:

  1. In the FortiGate list, click the Threats/Suspicious label under System Status. This only appears if the FortiGate has detected any threats.

To access IOC using a multitenancy account:

  1. In the FortiGate list, look to the right. If your FortiGate has detected any threats, a bomb icon is visible. Click the bomb icon.
This entry was posted in Administration Guides, FortiGate, FortiGate Cloud on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.