Technical Tip: How to enable IOC re-scan
| Description | This article describes how to enable the Indicators of Compromise (IOC) Service re-scan if there is no re-scan tasks seen even though there is a license subscription of 'Threat Detection service'.
The following screenshot tells when there is no re-scan tasks seen for the compromised hosts with the IOC database. The tasks listing is empty.
 |
| Scope | FortiAnalyzer. |
| Solution | Make sure to have the following settings checked and enabled.
1) FortiView -> Threats > Compromised Hosts -> Settings (Top-right radio buttons) -> Compromised Hosts Rescan Global Settings -> Enable Global Compromised Hosts Rescan -> ON.
2) FortiView -> Threats -> Compromised Hosts -> Settings (Top-right radio buttons) -> Compromised Hosts Rescan Current ADOM Settings -> Enable Current ADOM Compromised Hosts Rescan -> ON.
3) FortiView -> Threats -> Compromised Hosts -> Settings (Top-right radio buttons) -> Log Type Filters -> The logs type is checked. - 
It is possible to check any running tasks for the next cycle of re-scan time, on this example here is at 12:00AM daily.
Related link: |