FortiSIEM Content Update 402

FortiSIEM Discussions

We have recently released content update 402 (6.7.0) and updates for earlier release of FortiSIEM

https://help.fortinet.com/fsiem/6-7-0/Online-Help/HTML5_Help/content_updates.htm#Content

This release includes updates for Outbreak alerts, parser updates and geo database updates.

This content update contains the following:

Windows Parsing Enhancements
9 x Outbreak Rules and Reports
- Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Network
- Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Host
- Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Network
- Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Host
- Outbreak: FortiWeb detected VMware Spring Cloud Func RCE Vulnerability on Network
- Outbreak: VMware Spring Cloud Func RCE Vulnerability on Network
- Outbreak: FortiWeb detected Zerobot Botnet Activity on Network
- Outbreak: Zerobot Botnet Activity Detected on Host
- Outbreak: Zerobot Botnet Activity Detected on Network
UnixParser support for Chronyd events
Dedicated rules for detecting FortiGate admin user creation/deletion
- FortiGate: Admin User Added
- FortiGate: Admin User Deleted
PaloAlto Parser updated to parse additional attributes for some log types
Latest GeoDB Updates

467

0 REPLIES 0

Top Kudoed Authors

User

Count

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

FortiSIEM Content Update 402

Nominate a Forum Post for Knowledge Article Creation