This article describes how to enable the Indicators of Compromise (IOC) Service re-scan if there is no re-scan tasks seen even though there is a license subscription of 'Threat Detection service'.
The following screenshot tells when there is no re-scan tasks seen for the compromised hosts with the IOC database.
The tasks listing is empty.
Make sure to have the following settings checked and enabled.
1) FortiView -> Threats > Compromised Hosts -> Settings (Top-right radio buttons) -> Compromised Hosts Rescan Global Settings -> Enable Global Compromised Hosts Rescan -> ON.
2) FortiView -> Threats -> Compromised Hosts -> Settings (Top-right radio buttons) -> Compromised Hosts Rescan Current ADOM Settings -> Enable Current ADOM Compromised Hosts Rescan -> ON.
3) FortiView -> Threats -> Compromised Hosts -> Settings (Top-right radio buttons) -> Log Type Filters -> The logs type is checked.
It is possible to check any running tasks for the next cycle of re-scan time, on this example here is at 12:00AM daily.
Technical Tip: IOC license false positive
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.