Indicators of Compromise Service

Fortiguard Labs collects indicators of compromise (IOCs) by a variety of methods. Following are some examples:
  • Machine Learning - ML techniques are used to capture IOCs (indicators of compromise) such as malicious IP addresses, domains and urls.
  • Global Sensors - millons of sensors deployed around the globe consisting of participating customer devices, honeypots and deception decoys pick up early signals of compromise in the global cyber space.
  • Web Crawlers - Fortinet propriety web crawlers armed with Artificial Intelligence crawl the Internet looking for malicious sites.
  • Threat Exchange - Fortinet has 200+ threat sharing agreements with Governments, Certs and Strategic vendors around the globe.
  • Hacker Sites/Forums - Troll the underground/darknet to uncover zero-day threat events.
  • Community Submissions - Participating customers submit new threats to Fortinet for analysis. The submission is either manual or through Fortinet Cloud Sandbox technology. On a daily bases, FortiGuard lab executes 500,000+ malware samples to extract IOCs.
  • Human Analysis - 200+ security analysts in the FortiGuard labs tirelessly search and hunt for threats around the globe
The FortiGuard labs collect the IOC indicators and combine them into a package on a daily basis for delivery to Fortinet products via the FDN (Fortiguard distribution network).

For example the FortiAnalyzer product can use the IOC package to alert on suspicous or infected hosts in the network.
FortiGuard hubs are globally situated to provide fast real time updates and signature data for any network.


Submitted samples are processed daily to extract IOCs