Content Pack Updates

This document provides details about Content updates for various 7.2.x releases.

• Content Updates for 7.2.0, 7.2.1, 7.2.2 and 7.2.3

• Content Updates for 7.2.0, 7.2.1, and 7.2.2

• Content Updates for 7.2.0 and 7.2.1

• Content Updates for 7.2.0

Deployment Notes

• Content Pack Updates require the use of FortiSIEM version 6.4.0 or later. Procedures related to Content Updates can be found here.

• Content Pack Updates are available for the latest major release and the most recent prior three major releases. For example, If the latest release was 7.2.0, Content Pack Updates would include 7.2.0, 7.1.x, 7.0.x, and 6.7.x releases.

• 7.2.0 Content Pack Updates release begin with Content Update 701, and increments. If your FortiSIEM does not contain an older content update, it is automatically downloaded and added during your content update.

• Content Pack Updates must be done in the following order:  

  1. Update FortiSIEM Supervisor.

  2. Update FortiSIEM Worker.

Content Updates for 7.2.0, 7.2.1, 7.2.2 and 7.2.3

• Content Update 707
• Content Update 706
• Content Update 705
• Content Update 704

Content Update 707

Published November 11, 2024

This content update contains the following:

1. 2 x Outbreak Rules and Reports:

   • Outbreak: Mallox Ransomware Detected on Network

   • Outbreak: Mallox Ransomware Detected on Host

2. New indicators added to FortiManager Rules/Reports.

   • Outbreak: FortiManager Command Execution Vulnerability Detected on Network

   • Outbreak: FortiManager Command Execution Vulnerability Detected on Device

3. Updates to FortiGate Reports.

   • FortiGate: Top Applications by Bandwidth

   • FortiGate: Top non-HTTP Applications by Bandwidth

4. Updates to Access Violation Rules.

   • Concurrent Successful Authentications To Same Account From Multiple Cities

   • Concurrent Failed Authentications To Same Account From Multiple Countries

   • Concurrent Failed Authentications To Same Account From Multiple Cities

5. Latest GeoDB updates.

Content Update 706

Published October 29, 2024

This content update contains the following:

1. 2 x Outbreak Rules and Reports:

   • Outbreak: FortiManager Command Execution Vulnerability Detected on Network

   • Outbreak: FortiManager Command Execution Vulnerability Detected on Device

2. Latest GeoDB updates.

Content Update 705

Published October 17, 2024

This content update contains the following:

1. 2 x Outbreak Rules and Reports:

   • Outbreak: Synacor Zimbra Collaboration Command Execution Vuln Detected on Network

   • Outbreak: Synacor Zimbra Collaboration Command Execution Vuln Detected on Host

2. Enhancements to FortiGate and WinOSXml parsers.

3. New parser for FortiAuthenticator Debug Logs.

4. Latest GeoDB updates.

Content Update 704

Published September 24, 2024

This content update contains the following:

1. 3 x Outbreak Rules and Reports:

   • Outbreak: CISA Alert AA24-249A Russian Cyber Espionage Attack Detected on Network

   • Outbreak: CISA Alert AA24-249A Russian Cyber Espionage Attack Detected on Host

   • Outbreak: GeoServer RCE Attack Detected on Network

2. Additional event attributes to support new parsing.

3. Enhancements to Apache, CiscoDuo, FortiClient, FortiMail, FortiRecon, Sendmail, TenableVuln, Unix, VMwareVCenter, WinOSWmi, and WinOSXml parsers.

4. Updated descriptive metadata for several rules.

5. Latest GeoDB updates.

Content Updates for 7.2.0, 7.2.1, and 7.2.2

• Content Update 703

Content Update 703

Published August 28, 2024

This content update contains the following:

1. 4 x Outbreak Rules and Reports:

   • Outbreak: ServiceNow Remote Code Execution Attack Detected on Network

   • Outbreak: Apache OFBiz RCE Attack Detected on Network

   • Outbreak: Jenkins RCE Attack Detected on Network

   • Outbreak: Jenkins RCE Attack Detected on Host

2. Enhancements to Okta, LinuxAudit, Unix, and BlueCatAddressManager parsers.

3. Latest GeoDB updates.

Content Updates for 7.2.0 and 7.2.1

• Content Update 702

Content Update 702

Published August 1, 2024

1. Enhancements to parsers: Office365, FortiPAM, FortiEDRRest, CitrixNetScaler, Dragos, VMwareVCenter, VMwareEvent, CiscoNxOS, OracleDB, FortiGate, PHBox, GitHubWebhooksJson, CarbonBlackCEF, TenableVuln, TrendMicroApexCentral, and WinOSXml.

2. New parsers added: ADAuditPlusParser, BlueCatAddressManagerParser, CiscoACISyslogParser, DellUnityParser, DellPowerEdgeParser, HashiCorpVaultParser, and TrendMicroVisionOneCEFParser.

3. Updated report "Slow FortiSIEM Queries".

4. Latest GeoDB updates.

Content Updates for 7.2.0

• Content Update 701

Content Update 701

Published June 17, 2024

This content update contains the following:

1. 3 x Outbreak Rules and Reports:

   • Outbreak: Dlink Multiple Devices Attack Detected on Network

   • Outbreak: Check Point Quantum Security Gateways Information Disclosure Attack Detected on Network

   • Outbreak: PHP CGI OS Command Injection Vuln Detected on Network

2. Enhancements to WinOSWmi, WinOSXml, FortiSandbox, FortiNDR, FortiAuthenticator, and JunipSSGFirewallLog parsers.

3. Updated Windows rule to fix incorrect logic.

   • Windows: Active Directory User Backdoors

4. Dedicated FortiSandbox rule to detect phishing URLs.

   • FortiSandbox detects Phishing URL

5. Latest GeoDB updates.