IOC

FortiGate Cloud IOC alerts administrators about newly found infections and threats to devices in their network. By analyzing UTM logging and activity, IOC provides a comprehensive overview of threats to the network.

IOC detects three threat types, based on the evolving FortiGuard database:

The free version of IOC is currently available on all accounts in the North America datacenter. The free version alerts you to threats and automatically prepares a comprehensive threat report. Threats listed only provide infected devices’ partial IP addresses: server and subnet.

A subscription grants access to IP address whitelisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices’ full IP addresses, allowing you to better control their access to your network.

To purchase an IOC subscription:

1. Open the Plan page in the FortiGate Cloud IOC site, and select Buy Online.
2. Complete the purchase process, and wait for the key to arrive by email.
3. Log into the Fortinet Support website.
4. On the Asset page, register the code as if it were a new product’s serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.

To access IOC using a non-multitenancy account:

1. In the FortiGate list, click the Threats/Suspicious label under System Status. This only appears if the FortiGate has detected any threats.

To access IOC using a multitenancy account:

1. In the FortiGate list, look to the right. If your FortiGate has detected any threats, a bomb icon is visible. Click the bomb icon.