FortiGuard Indicators of Compromise (IOC) Service
Indicators of compromise (IOCs) are artifacts observed on a network or in an operations system where we have a high confidence that said artifact indicates a computer intrusion. FortiGuard's IOC service helps security analysts identify risky devices and users based on these artifacts.
We gather these observables from a variety of sources, including:
- Over three million sensors deployed around the world which consist of devices and honeypots. These sensors provide early warning of activity in the global cyber space.
- We employ machine learning techniques that capture IOCs, such as bad IP addresses, domains, and URLs.
- Our proprietary web crawler technology uses artificial intelligence, crawling the Internet looking for malicious sites
- FortiGuard Labs maintains threat sharing agreements with over 200 global programs. This consists of strategic vendors, CERTs, ISPs, alliances, and more.
We create an IOC package consisting of around 500K IOCs daily and deliver it via our Fortinet Developers Network (FNDN) to our FortiSIEM, FortiAnalyzer, and FortiCloud products.
IOCs provide more context for security operations centers to know what is happening around the global threat landscape, and provide the ability to scan their internal networks for such. This allows you the ability for historical scanning and help in prioritizing resources to know what to focus on.
The Indicators of Compromise (IOC) service is available for FortiAnalyzer, FortiCloud, and FortiSIEM.