Fortinet black logo

Administration Guide

Home FortiNDR 7.0.4 Administration Guide
7.0.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Appendix D - FortiGuard Updates

Appendix D - FortiGuard Updates

For deployments that have Internet connections, FortiNDR by default relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:

Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr

Note

For v7.0.1 and later, the offline package files have more data compared to the v1.0 and v7.0 packages. The number of packages has increased as well.

The v7.0.1 packages have additional data and they will fail to load in previous firmware versions. However, the v1.0/v7.0 ANN packages can be loaded in v7.0.1 and later firmware versions. Please download the corresponding packages according to the firmware version on the support website.

For more information about loading offline packages , see the exec restore kdb, exec restore avdb, and exec restore ipsdb commands in the CLI Reference Guide. IPSDB offline packages includes 3 DB (network attacks, botnet and JA3 encrypted attacks).

Other detection techniques:

The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).

Detection Techniques

Supports offline manual update

Comments

Malware via ANN

Yes

Can be updated manually via GUI or with an offline package via CLI.

AV engine

Yes

Shipped by default. Can be updated with internet via GUI or with an offline package via CLI.

Botnet detection

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Network Attacks / Application control

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Encrypted attacks (via JA3)

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Weak cipher/vulnerable protocol detection

NA

Comes with firmware, no updates required.

Device inventory

No

Lookup IOT services to determine device role/type/OS

FortiGuard IOC

No

Requires Internet to lookup URLs and IP for web campaigns associated.

ML Discovery

NA

Local ML algorithm updates via firmware.

Geo DB

No

Comes with firmware, does not update often, supports FortiGuard Update via internet.
Previous
Next

Appendix D - FortiGuard Updates

For deployments that have Internet connections, FortiNDR by default relies on the Internet to get updates via the FortiGuard Distribution Network. In the occasions where FortiNDR cannot reach the Internet, you have the following options:

Malware artificial neural network (ANN) updates: You can update the ANN manually. These updates (in several GB) can be obtained via support website (https://support.fortinet.com) with a registered support contract. The latest ANN version can be viewed at: https://www.fortiguard.com/services/fortindr

Note

For v7.0.1 and later, the offline package files have more data compared to the v1.0 and v7.0 packages. The number of packages has increased as well.

The v7.0.1 packages have additional data and they will fail to load in previous firmware versions. However, the v1.0/v7.0 ANN packages can be loaded in v7.0.1 and later firmware versions. Please download the corresponding packages according to the firmware version on the support website.

For more information about loading offline packages , see the exec restore kdb, exec restore avdb, and exec restore ipsdb commands in the CLI Reference Guide. IPSDB offline packages includes 3 DB (network attacks, botnet and JA3 encrypted attacks).

Other detection techniques:

The following table summarises whether detection will work on/off line (no internet access). All of the detection techniques below can be updated via FortiGuard Distribution Network (Internet).

Detection Techniques

Supports offline manual update

Comments

Malware via ANN

Yes

Can be updated manually via GUI or with an offline package via CLI.

AV engine

Yes

Shipped by default. Can be updated with internet via GUI or with an offline package via CLI.

Botnet detection

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Network Attacks / Application control

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Encrypted attacks (via JA3)

Yes

Has DB by default. Can be updated with internet via GUI or with an offline package via CLI.

Weak cipher/vulnerable protocol detection

NA

Comes with firmware, no updates required.

Device inventory

No

Lookup IOT services to determine device role/type/OS

FortiGuard IOC

No

Requires Internet to lookup URLs and IP for web campaigns associated.

ML Discovery

NA

Local ML algorithm updates via firmware.

Geo DB

No

Comes with firmware, does not update often, supports FortiGuard Update via internet.
Previous
Next