Topology, FortiView, and automation support Indicators of Compromise (IOC) detection from the FortiGate Cloud IOC service.
FortiGate lists IOC entries on the FortiView pane, and uses the IOC event logs as a trigger for automation stitches. IOC and webfilter licenses are required to use this feature. You must also enabled FortiGate Cloud logging on the FortiGate.
To view compromised hosts, go to FortiView > Compromised Hosts. The IOC entries are displayed when the source is FortiGate Cloud.
You can also view the IOC entries on FortiGate Cloud portal.