Fortinet
Communication and Collaboration
Fortinet - Next-gen firewalls and cybersecurity solutions for network security.
Provider: Fortinet
| Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Anomalous Network Traffic | Discovery | Network Service Discovery (T1046) | High | ||||||||
|
|||||||||||
| Unauthorized Access Attempts | Initial Access | Brute Force (T1110) | Critical | ||||||||
|
|||||||||||
| Malware Detection | Execution | Malicious File Execution (T1203) | Critical | ||||||||
|
|||||||||||
| Policy Violations | Defense Evasion | Application Layer Protocol Manipulation (T1502) | Medium | ||||||||
|
|||||||||||
| DDoS Attack Detection | Impact | Network Denial of Service (T1498) | Critical | ||||||||
|
|||||||||||
| Data Exfiltration | Exfiltration | Exfiltration Over Command and Control Channel (T1041) | High | ||||||||
|
|||||||||||
| Internal Reconnaissance | Discovery | Account Discovery (T1087) | Medium | ||||||||
|
|||||||||||
| Credential Dumping | Credential Access | Credential Dumping (T1003) | High | ||||||||
|
|||||||||||
| Lateral Movement | Lateral Movement | Remote Services (T1021) | High | ||||||||
|
|||||||||||
| Command and Control (C2) Activity | Command and Control | Application Layer Protocol (T1071) | Critical | ||||||||
|
|||||||||||
APIs and Their Scopes
| Detection Rule | API Required | API Scope |
|---|---|---|
| Anomalous Network Traffic | /api/v2/firewall/logs | read:logs |
| Unauthorized Access Attempts | /api/v2/authentication/failures | read:authentication |
| Malware Detection | /api/v2/endpoint/detection | read:endpoint |
| Policy Violations | /api/v2/user/access | read:access |
| DDoS Attack Detection | /api/v2/network/traffic | read:traffic |
| Data Exfiltration | /api/v2/data/exfiltration | read:data |
| Internal Reconnaissance | /api/v2/user/accounts | read:accounts |
| Credential Dumping | /api/v2/credential/access | read:credentials |
| Lateral Movement | /api/v2/remote/access | read:remote |
| Command and Control (C2) Activity | /api/v2/network/connections | read:connections |
Reports and Widgets for CISO
| Report Name | Widgets | Description |
|---|---|---|
| Executive Summary Report | Total Incidents | High-level overview of overall security posture, including incident trends and compliance metrics. |
|
Current Threat Level Compliance Status |
||
| Incident Response Summary | Incidents by Type | Details incidents handled, including response times and resolutions. |
|
Average Response Time Resolved vs. Open Incidents |
||
| Threat Landscape Report | Top 10 Threats Detected | Overview of threats detected, categorized by type and source. |
|
Origin of Threats Threats by Severity Level |
||
| Policy Compliance Report | Number of Violations by Policy | Analyzes adherence to security policies and identifies violations. |
|
Policy Violation Trends Top Violators |
||
| Network Traffic Analysis Report | Traffic Volume Over Time | Insights into network traffic patterns and anomalies. |
|
Anomalous Traffic Events Top Talkers (IP Addresses) |
||
| User Activity Report | User Logins Over Time | Monitors user behavior and identifies anomalies. |
|
Suspicious User Activity Top 10 Users by Access Frequency |
||
| Vulnerability Assessment Report | Vulnerabilities by Severity | Identifies vulnerabilities within the network and their statuses. |
|
Patch Status Overview Top Vulnerable Assets |
||
| Endpoint Protection Report | Malware Incidents by Endpoint | Summary of endpoint security incidents and status. |
|
Endpoint Compliance Status Number of Active Agents |
||
| DDoS Attack Analysis Report | DDoS Events Over Time | Reviews DDoS attacks and their impact on the organization. |
|
Traffic Volume During DDoS Sources of DDoS Attacks |
||
| Data Exfiltration Report | Data Transfer Volume Over Time | Overview of potential data exfiltration incidents and outcomes. |
|
Exfiltration Attempts Detected Top Targeted Data |