Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cajuntank
Contributor II

Created on ‎09-08-2023 10:17 AM

New threats and Intrusion Prevention

Just wondering, as I did not want to just assume things, but had 2 questions as it relates to new threats/vulnerabilities and using IPS to mitigate against.

1. If an IPS profile is created via filter, will any new signature, updated from the subscription, that matches to said filter, automatically also apply? eg... if I have a filter based on macOS, is a new signature that is macOS applicable, dynamically applied as well since it is a dynamic filter (again, sounds logical, but don't want to assume)?

2. What is the normal turn-around for new vulnerabilities to then be turned around into IPS signatures from FortiGuard for the database to be updated? eg... Apple has some new vulnerabilities (CVE-2023-41064, CVE-2023-41061) that was disclosed yesterday (but CVE was created back on the 22nd of last month). FortiGuard has nothing about those on their website as of yet.

Labels:
3007
0 Kudos
1 Solution
FortiNet_Newb
Contributor
In response to Cajuntank

Created on ‎09-11-2023 11:19 AM

According to the Administrative Guide (for FortiOS 7.2.5 anyway), your assumption is correct.  If you have an active IPS license, the new signatures will be automatically applied to any existing filters.  Here is the excerpt:

 

"The FortiGuard Service periodically adds new predefined signatures to counter new threats. New predefined signatures are automatically included in IPS sensors that are configured to use filters when the new signatures match existing filter specifications. For example, if you have an IPS sensor with a filter that includes all signatures for the Windows operating system, your filter will automatically incorporate new Windows signatures that the FortiGuard Service adds to the database."

View solution in original post

2854
0 Kudos
7 REPLIES 7
Raghu_Kumar
Staff
Staff

Created on ‎09-09-2023 07:07 AM Edited on ‎09-09-2023 07:08 AM

Hello Cajuntank,

 

1. If you have active license for IPS, the signatures are actively updated if you have active connectivity to FortiGuard servers.

 

2.Once CVE is reported globally. It takes some time for PSIRT (Product Security Incident Response Team)  for an official release about the CVE.

For the detail of the respective CVE, kindly be informed that the relevant will be shared via our official PSIRT announcement in short future. Please monitor this page: https://www.fortiguard.com/psirt as the respective information would be published in the respective page.
Raghuram Kumar
2933
unknown1020
Contributor
In response to Raghu_Kumar

Created on ‎09-09-2023 09:31 AM

Hello, is there a way that the new vulnerabilities published on this page can reach me by email? as notification

2923
0 Kudos
Raghu_Kumar
Staff
Staff
In response to unknown1020

Created on ‎09-09-2023 09:35 AM

To get PSIRT notifications:

  1. Log into support.fortinet.com

  2. In the top right corner, click on your name and select My Account

  3. On the Account page, click on My Account (IAM version)

  4. On the left side, click on Account Preferences

  5. On the top right corner of the Account Preferences page click Edit

  6. At the bottom, under PSIRT Contact, enter the email addresses you’d like to have notified of any future PSIRTs released (comma delimited)

  7. Click Update in the top right corner, where you clicked Edit in step 5.

This should get you all email notifications on future PSIRTS

Raghuram Kumar
2918
unknown1020
Contributor
In response to Raghu_Kumar

Created on ‎09-09-2023 01:14 PM

Thank you very much, I already added my email. So from now on, if there are new vulnerabilities in fortios or other equipment, you should receive a notification.

2901
0 Kudos
Cajuntank
Contributor II
In response to Raghu_Kumar

Created on ‎09-10-2023 12:29 PM

I appreciate and thank you for your time responding. I would like to restate and get clarification on question 1 however since I don't feel like it was confirmed as to what I was asking. The assumption to my inquiry was that of a active license for IPS signatures. What I was wanting a confirmation on, was if the sensor was built using a filter, would any new signatures applicable for said filter, be dynamically applied to the sensor (which makes logical sense) or is that sensor static at that moment in time of being built (even though a filter was used... i.e.. it made the sensor with what was available at that moment in time, but does not dynamically add new signatures that match against the filter until you refresh the sensor yourself), thus making it necessary to refresh that sensor periodically? Again, I feel like the answer logically makes sense the it is dynamically built to include all new IPS signatures as they match up, but don't want to assume, thus needing confirmation.

2880
0 Kudos
FortiNet_Newb
Contributor
In response to Cajuntank

Created on ‎09-11-2023 11:19 AM

According to the Administrative Guide (for FortiOS 7.2.5 anyway), your assumption is correct.  If you have an active IPS license, the new signatures will be automatically applied to any existing filters.  Here is the excerpt:

 

"The FortiGuard Service periodically adds new predefined signatures to counter new threats. New predefined signatures are automatically included in IPS sensors that are configured to use filters when the new signatures match existing filter specifications. For example, if you have an IPS sensor with a filter that includes all signatures for the Windows operating system, your filter will automatically incorporate new Windows signatures that the FortiGuard Service adds to the database."

2855
0 Kudos
Cajuntank
Contributor II
In response to FortiNet_Newb

Created on ‎09-11-2023 12:01 PM

Thank you. Exactly what I was looking for.

2847
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.