Indicators of compromise (IOCs) are artifacts observed on a network or in an operations system where we have a high confidence that said artifact indicates a computer intrusion. FortiGuard's IOC service helps security analysts identify risky devices and users based on these artifacts.
We gather these observables from a variety of sources, including:
We create an IOC package consisting of around 500K IOCs daily and deliver it via our 188BET×ãÇò Developers Network (FNDN) to our FortiSIEM, FortiAnalyzer, and FortiGate Cloud products.
The Indicators of Compromise (IOC) service is available for FortiAnalyzer, FortiGate Cloud, and FortiSIEM.
Attacks are getting more complex as the attack surface area increases. Tools for detect attacks have increased exponentially leaving many administrators confused as to how to handle breach detection. This video will help explain how to enable the IoC History Rescan service in FortiAnalyzer. The service helps administrators compare past IoCs with new threat intelligence to help detect and gather intelligence on compromised hosts previously missed.
IOCs provide more context for security operations centers to know what is happening around the global threat landscape, and provide the ability to scan their internal networks for such. This allows you the ability for historical scanning and help in prioritizing resources to know what to focus on.?
