FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
keithli_FTNT
Staff
Staff
Article Id 192508

Description

This article describes how to use a custom Event Handler and Report in FortiAnalyzer to detect indicators attributed to ProxyShell. ProxyShell is an exploit attack chain involving three Microsoft exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Theses can be exploited on vulnerable Microsoft Exchange servers. 
 
For more information on the threat, also see the FortiGuard Lab Threat Signal Report:
 
Coverage of the vulnerabilities can be found in latest IPS and Endpoint Vulnerability signatures:
 
Information on FortiAnalyzer's Event Handler and Report is coming soon.

 

Contributors