FortiGate | IPS: Detects and block intrusions.
DNS Filter: Detects and blocks DNS traffic to known malicious domains associated with this attack |
FortiClient | AV: FortiGuard AV real-time protection blocks ransomware file Botnet C&C: Detects and blocks traffic to known C&C domains |
FortiSandbox | Detects file hashes detected in FortiSandbox logs |
All screen shots provided below for illustration purposes are taken from FortiAnalyzer 6.4.4. 1) Download the Fortinet_SOC-DarkSide-Detection.zip file (contains 2 files) 2) Unzip Fortinet_SOC-DarkSide-Detection.zip 3) Use Outbreak_Alerts_Service_DarkSide_Detection_2.json to import into Event Handlers a. Choose an ADOM (if ADOMs are enabled) b. Choose the FortiSOC module c. Select Event Handler List d. Select the Import option under "More" e. Select Outbreak_Alerts_Service_DarkSide_Detection_2.json Result: Outbreak_Alerts_Service_DarkSide_Detection_2.json is enabled and will be triggered if the appropriate logs are received after the event handler was imported 4) Use Outbreak_Alerts_Service_DarkSide_Report_2.dat to import into Reports a. Choose a Fabric ADOM (if ADOMs are enabled) b. Choose the Report module c. Select the Import option under "More" d. Select Outbreak_Alerts_Service_DarkSide_Report_2.datResult: 'Outbreak_Alerts_Service_DarkSide_Report_2' can be run anytime as determined by an admin user.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.