Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSOAR Discussions
- Fortinet Community
- Community Groups
- FortiSOAR
- Discussions
- Re: FortiSOAR's C2 Malware Traffic Response Soluti...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Anonymous
Not applicable
Created on 03-05-2024 04:50 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSOAR's C2 Malware Traffic Response Solution Pack v1.0.1
The C2 Malware Traffic Response Solution Pack offers a suite of playbooks tailored for investigating and countering C2 (Command and Control) attacks. During these attacks, a system compromised by malware establishes a connection with the attacker's server, known as the C2 server, to facilitate ongoing communication. The primary objectives of such attacks include gaining control over the infected system, exfiltrating data, or deploying additional malicious software.
C2 Malware Traffic Response Solution Pack v1.0.1 release brings a range of enhancements and new features designed to bolster your defenses against Command and Control (C2) attacks.
Key Enhancements
New Playbooks:
-
IP Address - Fortinet FortiGate - Isolate/Block:
- Introducing a new playbook to fortify your defenses on Fortinet FortiGate firewalls. This playbook empowers you to swiftly isolate or block malicious IP addresses, mitigating potential threats at the network level.
-
Get Related IOCs For An IP:
- A valuable addition to your investigative toolkit, this playbook allows you to search for known Indicators of Compromise (IOCs) related to a specific malicious IP address. Strengthen your threat intelligence and proactively respond to evolving cyber threats.
- To access further details, refer to the Release Notes available at https://github.com/fortinet-fortisoar/solution-pack-c2-malware-traffic-response/blob/release/1.0.1/r...
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSOAR’s automated response to C2 malware traffic looks impressive, especially with its playbook-driven mitigation approach. Integrating dynamic threat intelligence feeds directly into the workflow reduces response time significantly. I’d be curious how well it scales in hybrid environments where network telemetry comes from both FortiGate and third-party sensors. The orchestration potential seems strong for SOC automation.
Labels
-
FortiSOAR
73 -
Connector
8 -
FortiSOAR v7.x
6 -
FortiSOAR v7.6
6 -
SOAR
5 -
playbooks
3 -
Jinja
3 -
Schedule
2 -
FortiSOAR 7.4.0
2 -
FortiSOAR 7.5
2 -
Threat Intel Management
2 -
FortiSIEM
2 -
RegionalSOC
1 -
enrichement
1 -
Splunk_ingestion
1 -
FortiSIEM v7.4.x
1 -
ution
1 -
crowdstrike
1 -
CMDB
1 -
Update Record Correlations
1 -
Data Ingestion
1 -
Queued Workflow
1 -
poonvert
1 -
HybridAnalysis
1 -
alert
1 -
Forcepoint
1 -
secret management
1 -
queue and shift management
1 -
templates
1 -
related modules
1 -
Artificial intelligence
1 -
fields
1 -
FortiSOAR Awards
1 -
Microsoft Exchange Connector
1 -
Staging
1 -
External Postgresql DB
1 -
Content-Hub
1 -
splunk
1 -
Vault
1 -
secrets
1 -
FortiSOAR v7.2.x
1 -
FortiAnalyzer
1 -
FortiGuard
1 -
FortiWeb
1 -
FortiEDR
1 -
upgrade
1 -
Machine Learning
1 -
performance
1 -
API
1 -
Azure
1 -
Admin Access
1 -
License
1 -
Arrow
1 -
Time
1 -
Trial
1 -
Query
1 -
FortiSOAR v7.4.x
1 -
FortiSOAR 7.3.x
1 -
Upgrading FortiSOAR
1 -
Playbook
1 -
People
1 -
TAXII
1 -
SOC
1 -
secops
1 -
FortiSASE
1 -
C
1 -
Asset
1 -
Threat feed
1 -
indicators
1 -
FortiGate
1 -
loops
1 -
ClickHouse
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.