We have recently released content update 402 (6.7.0) and updates for earlier release of FortiSIEM
https://help.fortinet.com/fsiem/6-7-0/Online-Help/HTML5_Help/content_updates.htm#Content
This release includes updates for Outbreak alerts, parser updates and geo database updates.
This content update contains the following:
-
Windows Parsing Enhancements
-
9 x Outbreak Rules and Reports
-
Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Network
-
Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Host
-
Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Network
-
Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Host
-
Outbreak: FortiWeb detected VMware Spring Cloud Func RCE Vulnerability on Network
-
Outbreak: VMware Spring Cloud Func RCE Vulnerability on Network
-
Outbreak: FortiWeb detected Zerobot Botnet Activity on Network
-
Outbreak: Zerobot Botnet Activity Detected on Host
-
Outbreak: Zerobot Botnet Activity Detected on Network
-
UnixParser support for Chronyd events
-
Dedicated rules for detecting FortiGate admin user creation/deletion
-
PaloAlto Parser updated to parse additional attributes for some log types
-
Latest GeoDB Updates
