FortiSIEM Discussions
FSM_FTNT
Staff
Staff

FortiSIEM Content Update 402

We have recently released content update 402 (6.7.0) and updates for earlier release of FortiSIEM

 

https://help.fortinet.com/fsiem/6-7-0/Online-Help/HTML5_Help/content_updates.htm#Content

 

This release includes updates for Outbreak alerts, parser updates and geo database updates.

 

This content update contains the following:

  • Windows Parsing Enhancements

  • 9 x Outbreak Rules and Reports

    • Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Network

    • Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Host

    • Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Network

    • Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Host

    • Outbreak: FortiWeb detected VMware Spring Cloud Func RCE Vulnerability on Network

    • Outbreak: VMware Spring Cloud Func RCE Vulnerability on Network

    • Outbreak: FortiWeb detected Zerobot Botnet Activity on Network

    • Outbreak: Zerobot Botnet Activity Detected on Host

    • Outbreak: Zerobot Botnet Activity Detected on Network

  • UnixParser support for Chronyd events

  • Dedicated rules for detecting FortiGate admin user creation/deletion

    • FortiGate: Admin User Added

    • FortiGate: Admin User Deleted

  • PaloAlto Parser updated to parse additional attributes for some log types

  • Latest GeoDB Updates

0 REPLIES 0
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"