Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSOAR Discussions
- Fortinet Community
- Community Groups
- FortiSOAR
- Discussions
- Responding to Recent Outbreaks with FortiSOAR
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Anonymous
Not applicable
Created on ‎02-04-2024 11:00 PM Edited on ‎03-01-2024 03:15 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Responding to Recent Outbreaks with FortiSOAR
Recent cybersecurity threats demand a comprehensive and proactive response, and FortiSOAR stands at the forefront by integrating with dedicated solution packs. Here's a detailed overview:
Lazarus RAT Attack (CVE-2021-44228):
- Lazarus Group targets manufacturing, agriculture, and security firms leveraging the Log4j vulnerability.
- DLang-based RATs exploit Log4j, establishing a Command and Control channel for malicious activities.
- Solution Pack Reference Link: FortiSOAR - Lazarus RAT Attack
JetBrains TeamCity Authentication Bypass (CVE-2023-42793):
- Critical vulnerability in JetBrains TeamCity exposes CI/CD servers to unauthenticated remote code execution.
- Threat actors can compromise source code, service secrets, and gain control over build agents.
- Solution Pack Reference Link: FortiSOAR - JetBrains TeamCity Authentication Bypass
Microsoft SharePoint Server Elevation of Privilege (CVE-2023-29357):
- Authentication bypass vulnerability in Microsoft SharePoint Server allows adversaries to escalate privileges.
- Solution Pack Reference Link: FortiSOAR - Microsoft SharePoint Server Elevation of Privilege
Ivanti Connect Secure and Policy Secure Attack:
- Ivanti Connect Secure is an SSL VPN solution enabling secure remote access to corporate resources.
- Widespread exploitation of two zero-day vulnerabilities affecting Ivanti Connect Secure (ICS) and Policy Secure gateways is underway.
- Solution Pack Reference Link: FortiSOAR - Ivanti Connect Secure and Policy Secure Attack
For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.
Labels:
- Labels:
-
ution
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 REPLIES 2
Anonymous
Not applicable
Created on ‎02-29-2024 10:50 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread will serve as a platform to showcase recent outbreak updates since our last communication.
Here, we present two newly released versions from FortiSOAR.
-
Adobe ColdFusion Security Alert:
- FortiGuard Labs detected critical exploitation attempts on Adobe ColdFusion, targeting vulnerabilities like CVE-2023-38203.
- Users are urged to apply Adobe's security updates and patches promptly to mitigate risks.
- For detailed information and solution pack, visit here.
-
Androxgh0st Malware Outbreak:
- Androxgh0st malware exploits vulnerabilities in PHPUnit, Laravel Framework, and Apache Web Server for information gathering attacks.
- FortiGuard Labs actively blocks Androxgh0st on over 40,000 FortiGate devices daily.
- A joint advisory by the FBI and CISA provides insights and protection measures against Androxgh0st. For details, see here.
For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.
Anonymous
Not applicable
Created on ‎04-17-2024 09:44 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread will serve as a platform to showcase recent outbreak updates since our last communication.
-
Outbreak Response - Nice Linear eMerge Command Injection Vulnerability
- Description: This solution addresses vulnerabilities in eMerge systems susceptible to command injection attacks.
- Reference Link: Outbreak Response - Nice Linear eMerge Command Injection Vulnerability
-
Outbreak Response - Sunhillo SureLine Command Injection Attack
- Description: Targets vulnerabilities in SureLine systems vulnerable to command injection attacks.
- Reference Link: Outbreak Response - Sunhillo SureLine Command Injection Attack
-
Outbreak Response - PAN-OS GlobalProtect Command Injection Vulnerability
- Description: Addresses vulnerabilities in PAN-OS GlobalProtect systems prone to command injection attacks.
- Reference Link: Outbreak Response - PAN-OS GlobalProtect Command Injection Vulnerability
These solutions, integrated with the Outbreak Response Framework, enable efficient threat hunts and the investigation of potential Indicators of Compromise (IOCs) across supported operational environments such as FortiSIEM, FortiAnalyzer, QRadar, Splunk, and Azure Log Analytics. FortiSOAR's proactive measures aim to mitigate vulnerabilities and enhance overall security posture.
For an in-depth overview of the FortiSOAR Outbreak Response Framework, visit FortiSOAR - Outbreak Response Framework Overview.
Labels
-
FortiSOAR
54 -
Connector
8 -
FortiSOAR v7.x
6 -
SOAR
5 -
playbooks
3 -
Jinja
3 -
FortiSOAR 7.4.0
2 -
FortiSOAR v7.6
2 -
Schedule
2 -
poonvert
1 -
enrichement
1 -
loops
1 -
FortiSOAR v7.4.x
1 -
ution
1 -
crowdstrike
1 -
Update Record Correlations
1 -
Data Ingestion
1 -
Queued Workflow
1 -
secops
1 -
HybridAnalysis
1 -
Forcepoint
1 -
RegionalSOC
1 -
Artificial intelligence
1 -
Microsoft Exchange Connector
1 -
Staging
1 -
External Postgresql DB
1 -
Threat Intel Management
1 -
Arrow
1 -
FortiSIEM
1 -
FortiGuard
1 -
FortiWeb
1 -
FortiEDR
1 -
upgrade
1 -
Machine Learning
1 -
azure
1 -
Admin Access
1 -
license
1 -
indicators
1 -
Time
1 -
Trial
1 -
FortiSOAR v7.2.x
1 -
FortiSOAR 7.3.x
1 -
Playbook
1 -
People
1 -
SOC
1 -
FortiAnalyzer
1 -
FortiSASE
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.