Malware Domains

The Malware Domains page lists domains that are known to generate spam, host botnets, create DDoS attacks, and generally contain malware. The three default groups included in your FortiSIEM deployment, MalwareDomainList, Zeus Domains, and SANS Domains, contain malware domains that are derived from the websites malwaredomainlist.comzeustracker.abuse.ch, and isc.sans.edu. Since Malware Domains are constantly changing, FortiSIEM recommends maintaining a dynamically generated list of IP addresses provided by services such as these that is updated on a regular schedule, but you can also add or remove blocked IP addresses from these system-defined groups, and create your own groups based on manual entry of IP addresses or file upload.

The following sections describe about managing Malware Domains: