Outbreak Alerts
The FortiAnalyzer Outbreak Detection Service is a licensed feature that allows FortiAnalyzer administrators to view outbreak alerts and automatically download related event handlers and reports from FortiGuard.
When FortiAnalyzer has a valid license for the Outbreak Detection Service, outbreak alerts from Fortinet are displayed in the Incidents & Events > Outbreak Alerts pane. Outbreak alerts can be viewed from any ADOM. You can navigate between outbreak alerts using the side bar, grouping the alerts by date or severity. You can also use the search bar to find specific outbreak alerts. Click the outbreak alert to view the information, and click the download icon to save a PDF of the alert information. When new outbreak alerts are added, you will receive a notification in the banner.
Outbreak event handlers and reports are created in real-time by Fortinet to detect and respond to emerging outbreaks. Outbreak reports and event handlers are automatically downloaded so that they are available in your environment. See Viewing imported event handlers and reports.
Without a valid license for the Outbreak Detection Service, Outbreak Alerts displays a default alert page, and outbreak event handlers and reports are not available from FortiGuard. To obtain a valid license for FortiAnalyzer Outbreak Detection Service, contact Fortinet FortiCare.
Viewing imported event handlers and reports
With a valid license, the FortiAnalyzer Outbreak Detection Service automatically downloads event handlers and reports created by Fortinet in response to known outbreaks. Handlers and reports are downloaded from FortiGuard as part of the FOAS package. This section includes information on how to view downloaded outbreak event handlers and reports.
To view outbreak event handlers and reports:
-
To view the event handlers, go to Incidents & Events > Handlers > Basic Handlers.
Event handlers created by the FortiAnalyzer Outbreak Detection Service are displayed with the Outbreak Alert prefix. See Event handlers.
In FortiAnalyzer 7.6.0 and later, these event handlers will also have the Automatically Create Incident option enabled. The incidents generated by these event handlers can be found in Incidents & Events > Incidents > Incidents.
- To view the reports, go to Reports > Report Definitions > All Reports.
- The Outbreak Alert Reports folder includes available reports from the FortiAnalyzer Outbreak Detection Service. Reports can be run in HTML, PDF, XML, CSV, and JSON output formats. See Generating reports.
- In FortiAnalyzer 7.4.2 and later, new reports included in the FOAS package are displayed in the global Outbreak Alert Reports folder. Outbreak Alert reports released prior to this release remain at the ADOM level. The global folder and global reports are identified with the system theme's color applied to the icon.
- Outbreak alert reports received as FortiGuard packages display FortiGuard in the Origin column.