Content Pack Updates
This document provides details about Content updates for various 7.1.x releases.
Deployment Notes
Content Pack Updates require the use of FortiSIEM version 6.4.0 or later. Procedures related to Content Updates can be found here.
7.1.0 Content Pack Updates release begin with Content Update 601, and increments. If your FortiSIEM does not contain an older content update, it is automatically downloaded and added during your content update.
Content Pack Updates must be done in the following order:
-
Update FortiSIEM Manager.
-
Update FortiSIEM Supervisor.
-
Update FortiSIEM Worker.
Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4 and 7.1.5
Content Update 608
Published May 13, 2024
This content update contains the following:
-
4 x Outbreak Rules and Reports:
-
Outbreak: Akira Ransomware Detected on Network
-
Outbreak: Akira Ransomware Detected on Host
-
Outbreak: CDATA Web Management System RCE Attack Detected on Network
-
Outbreak: CDATA Web Management System RCE Attack Detected on Host
-
-
Enhancements to FortiMail and Cyxtera parsers.
-
Latest GeoDB updates.
Content Update 607
Published April 17, 2024
This content update contains the following:
-
5 x Outbreak Rules and Reports:
-
Outbreak: Nice Linear eMerge Command Injection Vuln Detected on Network
-
Outbreak: Sunhillo SureLine Command Injection Attack Detected on Network
-
Outbreak: Sunhillo SureLine Command Injection Attack Detected on Host
-
Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Network
-
Outbreak: PAN OS GlobalProtect Command Injection Vuln Detected on Host
-
-
Enhancements to Proofpoint and Unix parsers.
-
Latest GeoDB updates.
Content Updates for 7.1.0, 7.1.1, 7.1.2, 7.1.3 and 7.1.4
Content Update 606
Published March 25, 2024
This content update contains the following:
-
Updated Windows Agent Parser for Agent 7.1.4.
-
2 Outbreak Rules and Reports:
-
Outbreak: ConnectWise ScreenConnect Attack Detected on Network
-
Outbreak: ConnectWise ScreenConnect Attack Detected on Host
-
-
Updated Ransomware Rule to prevent false positives.
-
Ransomware detected on a host
-
-
Updated Rule and Watchlist for Windows dormant users.
-
Windows Dormant Account Detected
-
-
Enhancements to FortiGate, DellNSeries, and Unix parsers.
-
Latest GeoDB updates.
Content Updates for 7.1.0, 7.1.1, 7.1.2 and 7.1.3
Content Update 605
Published February 08, 2024
This content update contains the following:
-
Updated GenericJSON parser
Content Update 604
Published February 05, 2024
This content update contains the following:
-
1 x Outbreak Rules and Reports:
-
Outbreak: Ivanti Connect Secure and Policy Secure Attack Detected on Network
-
-
New parser for Microsoft Graph API Platform
-
Rules, Reports, and new parser for Trend Micro Vision One integration
-
Updated FortiDeceptor and WinOSWmi parsers
Content Updates for 7.1.0, 7.1.1 and 7.1.2
Content Update 603
Published January 25, 2024
This content update contains the following:
-
6 x Outbreak Rules and Reports:
-
Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Network
-
Outbreak: Microsoft SharePoint Server Elevation of Privilege Vuln Detected on Host
-
Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Network
-
Outbreak: Adobe ColdFusion Access Control Bypass Attack Detected on Host
-
Outbreak: Androxgh0st Malware Attack Detected on Network
-
Outbreak: Androxgh0st Malware Attack Detected on Host
-
-
Updated FortiGate and FortiProxy event types.
-
Latest GeoDB updates.
Content Updates for 7.1.0 and 7.1.1
Content Update 602
Published December 20, 2023
This content update contains the following:
-
4 x Outbreak Rules and Reports:
-
Outbreak: Lazarus RAT Attack Detected on Network
-
Outbreak: Lazarus RAT Attack Detected on Host
-
Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Network
-
Outbreak: JetBrains TeamCity Authentication Bypass Attack Detected on Host
-
-
Enhancements to WinOSWmi and CiscoFTD parsers.
-
Latest GeoDB updates.
Content Updates for 7.1.0
Content Update 601
Published November 29, 2023
This content update contains the following:
-
3 Outbreak Rules and Reports:
-
Outbreak: Citrix Bleed Attack Detected on Network
-
Outbreak: Apache ActiveMQ Ransomware Attack Detected on Network
-
Outbreak: Apache ActiveMQ Ransomware Attack Detected on Host
-
-
Dedicated rules to detect admin user addition/deletion via console.
-
FortiGate: Admin User Added via Console
-
FortiGate: Admin User Deleted via Console
-
-
Added FortiEDR specific rules.
-
FortiEDR: Malicious Process Detected
-
FortiEDR: Malicious Process Blocked
-
FortiEDR: Suspicious Process Detected
-
FortiEDR: Suspicious Process Blocked
-
FortiEDR: Inconclusive or PUP Process Detected
-
FortiEDR: Inconclusive or PUP Process Blocked
-
FortiEDR: Likely Safe Process Detected
-
FortiEDR: Likely Safe Process Blocked
-
FortiEDR: Safe Process Detected
-
FortiEDR: Safe Process Blocked
-
-
Enhancements to FortiGate, CarbonBlackCEF, WinOSWmi, AOWUA_Win, PaloAlto, FortiEDR, FortiDeceptor, and FortiAuthenticator parsers.
-
New parser for ZScaler JSON logs - ZScalerNSSParser.
-
Fixed Application Server dashboard report and Netflow dashboards.
-
Latest GeoDB updates.