Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FSM_FTNT
Staff
Staff

Created on ‎12-06-2022 05:08 AM Edited on ‎01-07-2025 11:05 PM By Moderator

Article Id 232371

Technical Tip: Using FortiSIEM Content Updates to detect activities identified by FortiGuard Outbreaks service

Description

This article describes how the Rules and Reports the FortiSIEM Content Update service provides access to to detect potential incidents or compromises.
Scope

This article applies to FortiSIEM.

 

The Rules and Reports provided with the Outbreak Alerts leverage logs from other Fortinet products that can be used to detect the attacks.

 

For more information about FortiGuard Outbreak Alerts visit https://www.fortiguard.com/outbreak-alert.

 

FortiSIEM Content Update requires an active support subscription to allow access to the latest updates.
Solution

For steps on how to apply the latest content update, visit https://help.fortinet.com/fsiem/6-7-0/Online-Help/HTML5_Help/content_update.htm.

 

Note: The display format of "Content Update xxx (x.x.x)" e.g. 524 (7.0.x) means the following:
The content update version is 524, and this applies to all FortiSIEM versions starting with v7.0 (Major.Minor)
All FortiSIEM versions released after the content update publication date, will already contain all the prior released content unless explicitly retired.

Content Update 801 (7.3.x) adds the detection of the following outbreaks:

  • Outbreak: Mitel MiCollab Unauthorized Access Attack Detected on Network.
  • Outbreak: Mitel MiCollab Unauthorized Access Attack Detected on Host.
  • Outbreak: Apache Struts 2 RCE Attack Detected on Network.
  • Outbreak: Apache Struts 2 RCE Attack Detected on Host.

 

Content update 524 (7.0.x), 617 (7.1.x), 708 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: Palo Alto Networks Management Interface Attack Detected on Network.
  • Outbreak: Palo Alto Expedition Missing Authentication Vuln Detected on Network.
  • Outbreak: Progress Kemp LoadMaster OS Command Injection Vulnerability Detected on Network.
  • Outbreak: Mitel MiCollab Unauthorized Access Attack Detected on Network.
  • Outbreak: Mitel MiCollab Unauthorized Access Attack Detected on Host.
  • Outbreak: Apache Struts 2 RCE Attack Detected on Network.
  • Outbreak: Apache Struts 2 RCE Attack Detected on Host.

 

Content update 430 (6.7.x), 523 (7.0.x), 616 (7.1.x), 707 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: Mallox Ransomware Detected on Network.
  • Outbreak: Mallox Ransomware Detected on Host.

 

Content update 429 (6.7.x), 522 (7.0.x), 615 (7.1.x), 706 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: FortiManager Command Execution Vulnerability Detected on Network.
  • Outbreak: FortiManager Command Execution Vulnerability Detected on Device.

 

Content update 428 (6.7.x), 521 (7.0.x), 614 (7.1.x), 705 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: Synacor Zimbra Collaboration Command Execution Vuln Detected on Network.
  • Outbreak: Synacor Zimbra Collaboration Command Execution Vuln Detected on Host.

 

Content update 427 (6.7.x), 520 (7.0.x), 613 (7.1.x), 704 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: CISA Alert AA24-249A Russian Cyber Espionage Attack Detected on Network.
  • Outbreak: CISA Alert AA24-249A Russian Cyber Espionage Attack Detected on Host.
  • Outbreak: GeoServer RCE Attack Detected on Network.

 

Content update 426 (6.7.x), 519 (7.0.x), 612 (7.1.x), 703 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: ServiceNow Remote Code Execution Attack Detected on Network.
  • Outbreak: Apache OFBiz RCE Attack Detected on Network.
  • Outbreak: Jenkins RCE Attack Detected on Network.
  • Outbreak: Jenkins RCE Attack Detected on Host.

 

Content update 424 (6.7.x), 517 (7.0.x), 610 (7.1.x), 701 (7.2.x) adds detection of the following outbreaks:

  • Outbreak: Dlink Multiple Devices Attack Detected on Network.
  • Outbreak: Check Point Quantum Security Gateways Information Disclosure Attack Detected on Network.
  • Outbreak: PHP CGI OS Command Injection Vuln Detected on Network.

 

Content update 331 (6.6.x), 423 (6.7.x), 516 (7.0.x), 609 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Black Basta Ransomware Detected on Network.
  • Outbreak: Black Basta Ransomware Detected on Host.

 

Content update 330 (6.6.x), 422 (6.7.x), 515 (7.0.x), 608 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Akira Ransomware Detected on Network.
  • Outbreak: Akira Ransomware Detected on Host.
  • Outbreak: CDATA Web Management System RCE Attack Detected on Network.
  • Outbreak: CDATA Web Management System RCE Attack Detected on Host.

 

Content update 329 (6.6.x), 421 (6.7.x), 514 (7.0.x), 607 (7.1.x) adds detection of the following outbreaks:

  •  Outbreak: Nice Linear eMerge Command Injection Vuln Detected on Network.
  •  Outbreak: Sunhillo SureLine Command Injection Attack Detected on Network.
  •  Outbreak: Sunhillo SureLine Command Injection Attack Detected on Host.
  •  Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Network.
  •  Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Host.

 

Content update 328 (6.6.x), 420 (6.7.x), 513 (7.0.x), 606 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: ConnectWise ScreenConnect Attack Detected on Network.
  • Outbreak: ConnectWise ScreenConnect Attack Detected on Host.

 

Content update 325 (6.6.x), 417 (6.7.x), 510 (7.0.x), 604 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Ivanti Connect Secure and Policy Secure Attack Detected on Network.

 

Content update 324 (6.6.x), 416 (6.7.x), 509 (7.0.x), 603 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Network.
  • Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Host.
  • Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Network.
  • Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Host.
  • Outbreak: Androxgh0st Malware Attack Detected on Network.
  • Outbreak: Androxgh0st Malware Attack Detected on Host. 

 

Content update 323 (6.6.x), 415 (6.7.x), 508 (7.0.x), 602 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Lazarus RAT Attack Detected on Network.
  • Outbreak: Lazarus RAT Attack Detected on Host.
  • Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Network.
  • Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Host.

 

Content update 322 (6.6.x), 414 (6.7.x), 507 (7.0.x), 601 (7.1.x) adds detection of the following outbreaks:

  • Outbreak: Citrix Bleed Attack Detected on Network.
  • Outbreak: Apache ActiveMQ Ransomware Attack Detected on Network.
  • Outbreak: Apache ActiveMQ Ransomware Attack Detected on Host.

 

Content update 224 (6.5.x), 321 (6.6.x), 413 (6.7.x), 506 (7.0.x) adds detection of the following outbreaks:

  • Outbreak: Cisco IOS XE Web UI Attack Detected on Network.
  • Outbreak: HTTP2 Rapid Reset Attack Detected on Network.
  • Outbreak: HTTP2 Rapid Reset Attack Detected on Host.

 

Content update 223 (6.5.x), 320 (6.6.x), 412 (6.7.x), 505 (7.0.x) adds detection of the following outbreaks:

  • Outbreak: Google Chromium WebP Vuln Detected on Network.
  • Outbreak: Google Chromium WebP Vuln Detected on Host.

 

Content update 222 (6.5.x), 319 (6.6.x), 411 (6.7.x), 504 (7.0.x) adds detection of the following outbreaks:

  • Outbreak: Adobe ColdFusion Deserialization of Untrusted Data Vuln Detected on Network.
  • Outbreak: Adobe ColdFusion Deserialization of Untrusted Data Vuln Detected on Host.
  • Outbreak: WooCommerce Payments Improper Authentication Vuln Detected on Network.
  • Outbreak: WooCommerce Payments Improper Authentication Vuln Detected on Host.
  • Outbreak: Agent Tesla Malware Attack Detected on Network.
  • Outbreak: Agent Tesla Malware Attack Detected on Host.

 

Content update 221 (6.5.x), 318 (6.6.x), 410 (6.7.x), 503 (7.0.0) adds detection of the following outbreaks:

  • Outbreak: Microsoft Office and Windows HTML RCE Vuln Detected on Network.
  • Outbreak: Microsoft Office and Windows HTML RCE Vuln Detected on Host.
  • Outbreak: Zyxel Router Command Injection Attack Detected on Network.
  • Outbreak: Ivanti Endpoint Manager Mobile Authentication Bypass Vuln Detected on Network.
  • Outbreak: Ivanti Endpoint Manager Mobile Authentication Bypass Vuln Detected on Host.

 

Content update 220 (6.5.x), 317 (6.6.x), 409 (6.7.x), 502 (7.0.0) adds detection of the following outbreaks:

  • Outbreak: VMware Aria Operations for Networks Command Injection Vuln Detected on Network.
  • Outbreak: Apache RocketMQ RCE Vuln Detected on Network.
  • Outbreak: SolarView Compact Command Injection Vuln Detected on Network.

 

Content update 316 (6.6.x), 408 (6.7.x), 501 (7.0.x) adds detection of the following outbreaks:

  • Outbreak: Multiple Vendor Camera System Attack Detected on Network.
  • Outbreak: TP-Link Archer AX-21 Command Injection Attack Detected on Network.
  • Outbreak: TP-Link Archer AX-21 Command Injection Attack Detected on Host.
  • Outbreak: Zyxel Multiple Firewall Vuln Detected on Network.
  • Outbreak: Zyxel Multiple Firewall Vuln Detected on Host.
  • Outbreak: Progress MOVEit Transfer SQL Injection Vuln Detected on Network.
  • Outbreak: Progress MOVEit Transfer SQL Injection Vuln Detected on Host.
  • Outbreak: CosmicEnergy Malware Detected on Network.
  • Outbreak: CosmicEnergy Malware Detected on Host.

 

Content update 315 (6.6.x), 407 (6.7.x) adds detection of the following outbreaks:

  •  Outbreak: PaperCut MF/NG Improper Access Control Vulnerability Detected on Network.
  • Outbreak: PaperCut MF/NG Improper Access Control Vulnerability Detected on Host.
  • Outbreak: TBK DVR Authentication Bypass Attack Detected on Network.
  •  Outbreak: Oracle WebLogic Server Vulnerability Detected on Network.

 

Content update 314 (6.6.x), 406 (6.7.x) adds detection of the following outbreaks:

  • Outbreak: Zoho ManageEngine RCE Vulnerability Detected on Network.
  • Outbreak: ThinkPHP Remote Code Execution Vulnerability Detected on Network.
  • Outbreak: ThinkPHP Remote Code Execution Vulnerability Detected on Host.
  • Outbreak: Realtek SDK Attack Detected on Network.
  • Outbreak: Realtek SDK Attack Detected on Host.

 

Content update 313 (6.6.x), 405 (6.7.x) adds detection of the following outbreaks:

  • Outbreak: IBM Aspera Faspex Code Execution Vulnerability Detected on Network.
  • Outbreak: IBM Aspera Faspex Code Execution Vulnerability Detected on Host
  • Outbreak: Joomla! CMS Improper Access Check Vulnerability Detected on Network.
  • Outbreak: Teclib GLPI Remote Code Execution Vulnerability Detected on Network.
  • Outbreak: Progress Telerik UI Attack Detected on Network.
  • Outbreak: Progress Telerik UI Attack Detected on Host.
  • Outbreak: Microsoft Outlook Elevation of Privilege Vulnerability Detected on Network.
  • Outbreak: Microsoft Outlook Elevation of Privilege Vulnerability Detected on Host.
  • Outbreak: 3CX Supply Chain Attack Detected on Network.
  • Outbreak: 3CX Supply Chain Attack Detected on Host.

 

Content update 312 (6.6.x), 404 (6.7.x) adds detection of the following outbreaks:

  • Outbreak: VMware ESXi Server Ransomware Attack Detected on Network.
  • Outbreak: Cacti Server Command Injection Attack Detected on Network.
  • Outbreak: Cacti Server Command Injection Vulnerability Detected on Host.
  • Outbreak: Fortra GoAnywhere MFT RCE Vulnerability Detected on Host.
  • Outbreak: Fortra GoAnywhere MFT RCE Vulnerability Detected on Network.

 

Content update 311 (6.6.x), 403 (6.7.x) adds detection of the following outbreaks:

  • Outbreak: Control Web Panel Login Exploit Detected on Host.
  • Outbreak: Control Web Panel Login Exploit Detected on Network.
  • Outbreak: Router Malware Attack Detected on Host.
  • Outbreak: Router Malware Attack Detected on Network.

 

Content update 310 (6.6.x), 402 (6.7.x) adds detection of the following outbreaks:

  • Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Network.
  • Outbreak: Atlassian Pre-Auth Arbitrary File Read Vuln detected on Host.
  • Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Network.
  • Outbreak: BURNTCIGAR MS Signed Driver Malware detected on Host.
  • Outbreak: FortiWeb detected VMware Spring Cloud Func RCE - Vulnerability on Network.
  • Outbreak: VMware Spring Cloud Func RCE Vulnerability on Network.
  • Outbreak: FortiWeb detected Zerobot Botnet Activity on Network.
  • Outbreak: Zerobot Botnet Activity Detected on Host.
  • Outbreak: Zerobot Botnet Activity Detected on Network.

 

Content update 309 (6.6.x), 401 (6.7.0) adds detection of the following outbreaks:

  • Outbreak: VMWare Workspace ONE Vulnerability - CVE-2022-22954 on Network.
  • Outbreak: Redigo Malware Detected on Network.
  • Outbreak: Redigo Malware Detected on Host.
  • Outbreak: FortiOS SSLVPN Heap Buffer Overflow Attack - CVE-2022-42475 Detected on Network.

 

Content update 308 adds the detection of the following outbreaks:

  •  Outbreak: ABB Flow Computer Path Traversal Vulnerability Detected on Network.
  • Outbreak: Sandbreak vm2 sandbox module RCE Vulnerability Detected on Network.
  • Outbreak: Hive Ransomware Detected on Network.
  • Outbreak: Hive Ransomware Detected on Host.
  • Outbreak: X.509 Email Address Buffer Overflow in OpenSSL 3.0.0 to 3.0.6 detected on Network.
  • Outbreak: X.509 Email Address Buffer Overflow in OpenSSL 3.0.0 to 3.0.6 detected on Host.
  • Outbreak: CISA Top 20 Vulnerability detected on Host.
  • Outbreak: FortiGate detected CISA's Top 20 Vulnerability on the Network.
  • Outbreak: FortiWeb detected CISA Top 20 Vulnerability on Network.
2069
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.