Description |
This article describes how to use custom Rules in FortiSIEM to raise incident response related to attacks that attempt to leverage the WordPress WPGateway Plugin vulnerability. A report is also provided to gain historical visibility into the logs.
|
Scope |
The Rules and Reports leverage logs from other Fortinet products that can be used to detect the attack in addition to FortiGate logs.
For more information about this attack, see the following FortiGuard Outbreak Alert: |
Solution |
1) Use FortiSIEM_WordPress_WPGateway_Reports_v1.xml as the file to import the Reports.
- Navigate to Resource/Reports.
- It is recommended to create a new group under Resource/Reports/Security called ‘Apache Path Traversal’ and import reports to this group. - Select FortiSIEM_WordPress_WPGateway_Reports_v1.xml and import.
2) Use FortiSIEM_WordPress_WPGateway_Rules_v1.xml as the file to import the Rules.
- Navigate to Resource/Rules. - It is recommended to create a new group under Resource/Rules/Security/ Threat Hunting is created called 'WordPress WPGateway’ and import the rules to this group. - Select the Import.
FortiSIEM provides content packs for easy installation of these Rules and Reports:
- A FortiSIEM Rule to help with detection. - A FortiSIEM Report to help with historical reporting. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.