|
1) Use Fortinet_FortiSIEM_Confluence_RCE_Reports_v1.xml as the file to import the Reports.
- Navigate to Resource / Reports.
- It is recommended to create a new group under Resource / Reports / Security called 'Confluence RCE' and import reports to this group.
- Select the Import option under More.
- Select Fortinet_FortiSIEM_Confluence_RCE_Reports_v1.xml and import.
2) Use Fortinet_FortiSIEM_Confluence_RCE_Rules_v1.xml as the file to import the Rules.
- Navigate to Resource / Rules.
- It is recommended to create a new group under Resource / Rules / Security / Threat Hunting is created called 'Confluence RCE' and import the rules to this group.
- Select the Import.
- Select Fortinet_FortiSIEM_Follinat_Confluence_RCE_v1.xml and import.
- Select the Import.
- Select Fortinet_FortiSIEM_Follina_Confluence_RCE_v1.xml and import.
- Validate that these Rules are enabled.
FortiSIEM provides content packs for easy installation of these Rules and Reports:
6.4.0, 6.4.1
https://help.fortinet.com/fsiem/6-4-0/Online-Help/HTML5_Help/content_updates.htm#Content9
6.5.0
https://help.fortinet.com/fsiem/6-5-0/Online-Help/HTML5_Help/content_updates.htm#Content3
What is included in Fortinet_FortiSIEM_Confluence_RCE.zip?
- A FortiSIEM Rule to help with detection.
- A FortiSIEM Report to help with historical reporting.
|
