Description |
This article describes how to use custom rules in FortiSIEM to raise alerts for incident response related to attacks that attempt to leverage the Microsoft Driver RCE vulnerability - CVE-2022-26809.
Reports are also included to analyze past logs for transpired attacks. |
Scope |
These FortiSIEM rules and reports will help to detect attempts to send a specially crafted RPC call to an RPC host in an attempt to execute code on the server-side.
|
Solution |
For information about this attack, see the following FortiGuard Outbreak Alert: Microsoft Windows RPC RCE Vulnerability
What is included in Fortinet_FortiSIEM_RPC_RCE_Vulnerability.zip? - A FortiSIEM Rule to help with detection.
4) Use Fortinet_FortiSIEM_Windows_RPC_RCE_Rules_v1.xml as the file to import the Rules.
- Select Fortinet_FortiSIEM_Windows_RPC_RCE_v1.xml and import.
https://help.fortinet.com/fsiem/6-4-0/Online-Help/HTML5_Help/content_updates.htm |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.