Fortinet 2024 Gartner® Magic Quadrant™
2024 Gartner® Magic Quadrant™ for Security Information and Event Management
Indicators of Compromise (IOC) Service
Indicators of compromise (IOCs) are artifacts observed on a network or in an operations system where we have a high confidence that said artifact indicates a computer intrusion. FortiGuard’s IOC service helps security analysts identify risky devices and users based on these artifacts.
We gather these observables from a variety of sources, including:
- Over three million sensors deployed around the world which consist of devices and honeypots. These sensors provide early warning of activity in the global cyber space.
- We employ machine learning techniques that capture IOCs, such as bad IP addresses, domains, and URLs.
- Our proprietary web crawler technology uses artificial intelligence, crawling the Internet looking for malicious sites
- FortiGuard Labs maintains threat sharing agreements with over 200 global programs. This consists of strategic vendors, CERTs, ISPs, alliances, and more.
We create an IOC package consisting of around 500K IOCs daily and deliver it via our Fortinet Developers Network (FNDN) to our FortiSIEM, FortiAnalyzer, and FortiGate Cloud products.
The Indicators of Compromise (IOC) service is available for FortiAnalyzer, FortiGate Cloud, and FortiSIEM.
FortiAnalyzer’s Indicator of Compromise Overview
Attacks are getting more complex as the attack surface area increases. Tools for detect attacks have increased exponentially leaving many administrators confused as to how to handle breach detection. This video will help explain how to enable the IoC History Rescan service in FortiAnalyzer. The service helps administrators compare past IoCs with new threat intelligence to help detect and gather intelligence on compromised hosts previously missed.
Watch Now