Data Source: Fortinet | Detection.FYI

Elastic Defend and Network Security Alerts Correlation

Nov 24, 2025 · Use Case: Threat Detection Rule Type: Higher-Order Rule Resources: Investigation Guide Data Source: Elastic Defend Data Source: Fortinet Data Source: PAN-OS ·
Share on:

This rule correlate any Elastic Defend alert with a set of suspicious events from Network security devices like Palo Alto Networks (PANW) and Fortinet Fortigate by host.ip and source.ip. This may indicate that this host is compromised and triggering multi-datasource alerts.

Read More
SOCKS Traffic from an Unusual Process

Nov 24, 2025 · Domain: Endpoint OS: Linux OS: Windows OS: macOS Use Case: Threat Detection Tactic: Command and Control Data Source: Elastic Defend Data Source: Fortinet Resources: Investigation Guide ·
Share on:

This detection correlates FortiGate's application control SOCKS events with Elastic Defend network event to identify the source process performing SOCKS traffic. Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure.

Read More