Skip to content Skip to navigation Skip to footer

Indicators of Compromise (IOC) Service

Indicators of compromise (IOCs) are artifacts observed on a network or in an operations system where we have a high confidence that said artifact indicates a computer intrusion. FortiGuard's IOC service helps security analysts identify risky devices and users based on these artifacts.

We gather these observables from a variety of sources, including:

  • Over three million sensors deployed around the world which consist of devices and honeypots. These sensors provide early warning of activity in the global cyber space.
  • We employ machine learning techniques that capture IOCs, such as bad IP addresses, domains, and URLs.
  • Our proprietary web crawler technology uses artificial intelligence, crawling the Internet looking for malicious sites
  • FortiGuard Labs maintains threat sharing agreements with over 200 global programs. This consists of strategic vendors, CERTs, ISPs, alliances, and more.

We create an IOC package consisting of around 500K IOCs daily and deliver it via our Fortinet Developers Network (FNDN) to our FortiSIEM, FortiAnalyzer, and FortiGate Cloud products.

The Indicators of Compromise (IOC) service is available for FortiAnalyzer, FortiGate Cloud, and FortiSIEM.

FortiAnalyzer's Indicator of Compromise Overview

Attacks are getting more complex as the attack surface area increases. Tools for detect attacks have increased exponentially leaving many administrators confused as to how to handle breach detection. This video will help explain how to enable the IoC History Rescan service in FortiAnalyzer. The service helps administrators compare past IoCs with new threat intelligence to help detect and gather intelligence on compromised hosts previously missed.


IOCs provide more context for security operations centers to know what is happening around the global threat landscape, and provide the ability to scan their internal networks for such. This allows you the ability for historical scanning and help in prioritizing resources to know what to focus on.