Content Pack Updates

This document provides details about Content updates for various 7.1.x releases.

• Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4 and 7.1.5

• Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3 and 7.1.4

• Content Updates for 7.1.0, 7.1.1, 7.1.2 and 7.1.3

• Content Updates for 7.1.0, 7.1.1 and 7.1.2

• Content Updates for 7.1.0 and 7.1.1

• Content Updates for 7.1.0

Deployment Notes

Content Pack Updates require the use of FortiSIEM version 6.4.0 or later. Procedures related to Content Updates can be found here.

7.1.0 Content Pack Updates release begin with Content Update 601, and increments. If your FortiSIEM does not contain an older content update, it is automatically downloaded and added during your content update.

Content Pack Updates must be done in the following order:  

1. Update FortiSIEM Manager.

2. Update FortiSIEM Supervisor.

3. Update FortiSIEM Worker.

Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4 and 7.1.5

• Content Update 608

• Content Update 607

Content Update 608

Published May 13, 2024

This content update contains the following:

1. 4 x Outbreak Rules and Reports:

   • Outbreak: Akira Ransomware Detected on Network

   • Outbreak: Akira Ransomware Detected on Host

   • Outbreak: CDATA Web Management System RCE Attack Detected on Network

   • Outbreak: CDATA Web Management System RCE Attack Detected on Host

2. Enhancements to FortiMail and Cyxtera parsers.

3. Latest GeoDB updates.

Content Update 607

Published April 17, 2024

This content update contains the following:

1. 5 x Outbreak Rules and Reports:

   • Outbreak: Nice Linear eMerge Command Injection Vuln Detected on Network

   • Outbreak: Sunhillo SureLine Command Injection Attack Detected on Network

   • Outbreak: Sunhillo SureLine Command Injection Attack Detected on Host

   • Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Network

   • Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Host

2. Enhancements to Proofpoint and Unix parsers.

3. Latest GeoDB updates.

Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3 and 7.1.4

• Content Update 606

Content Update 606

Published March 25, 2024

This content update contains the following:

1. Updated Windows Agent Parser for Agent 7.1.4.

2. 2 Outbreak Rules and Reports:

   • Outbreak: ConnectWise ScreenConnect Attack Detected on Network

   • Outbreak: ConnectWise ScreenConnect Attack Detected on Host

3. Updated Ransomware Rule to prevent false positives.

   • Ransomware detected on a host

4. Updated Rule and Watchlist for Windows dormant users.

   • Windows Dormant Account Detected

5. Enhancements to FortiGate, DellNSeries, and Unix parsers.

6. Latest GeoDB updates.

Content Updates for 7.1.0, 7.1.1, 7.1.2 and 7.1.3

• Content Update 605

• Content Update 604

Content Update 605

Published February 08, 2024

This content update contains the following:

1. Updated GenericJSON parser

Content Update 604

Published February 05, 2024

This content update contains the following:

1. 1 x Outbreak Rules and Reports:

   • Outbreak: Ivanti Connect Secure and Policy Secure Attack Detected on Network

2. New parser for Microsoft Graph API Platform

3. Rules, Reports, and new parser for Trend Micro Vision One integration

4. Updated FortiDeceptor and WinOSWmi parsers

Content Updates for 7.1.0, 7.1.1 and 7.1.2

• Content Update 603

Content Update 603

Published January 25, 2024

This content update contains the following:

1. 6 x Outbreak Rules and Reports:

   • Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Network

   • Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Host

   • Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Network

   • Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Host

   • Outbreak: Androxgh0st Malware Attack Detected on Network

   • Outbreak: Androxgh0st Malware Attack Detected on Host

2. Updated FortiGate and FortiProxy event types.

3. Latest GeoDB updates.

Content Updates for 7.1.0 and 7.1.1

• Content Update 602

Content Update 602

Published December 20, 2023

This content update contains the following:

1. 4 x Outbreak Rules and Reports:

   • Outbreak: Lazarus RAT Attack Detected on Network

   • Outbreak: Lazarus RAT Attack Detected on Host

   • Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Network

   • Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Host

2. Enhancements to WinOSWmi and CiscoFTD parsers.

3. Latest GeoDB updates.

Content Updates for 7.1.0

• Content Update 601

Content Update 601

Published November 29, 2023

This content update contains the following:

1. 3 Outbreak Rules and Reports:

   • Outbreak: Citrix Bleed Attack Detected on Network

   • Outbreak: Apache ActiveMQ Ransomware Attack Detected on Network

   • Outbreak: Apache ActiveMQ Ransomware Attack Detected on Host

2. Dedicated rules to detect admin user addition/deletion via console.

   • FortiGate: Admin User Added via Console

   • FortiGate: Admin User Deleted via Console

3. Added FortiEDR specific rules.

   • FortiEDR: Malicious Process Detected

   • FortiEDR: Malicious Process Blocked

   • FortiEDR: Suspicious Process Detected

   • FortiEDR: Suspicious Process Blocked

   • FortiEDR: Inconclusive or PUP Process Detected

   • FortiEDR: Inconclusive or PUP Process Blocked

   • FortiEDR: Likely Safe Process Detected

   • FortiEDR: Likely Safe Process Blocked

   • FortiEDR: Safe Process Detected

   • FortiEDR: Safe Process Blocked

4. Enhancements to FortiGate, CarbonBlackCEF, WinOSWmi, AOWUA_Win, PaloAlto, FortiEDR, FortiDeceptor, and FortiAuthenticator parsers.

5. New parser for ZScaler JSON logs - ZScalerNSSParser.

6. Fixed Application Server dashboard report and Netflow dashboards.

7. Latest GeoDB updates.