LoFP / a firewall policy can be added for legitimate purposes.

Techniques

• t1562

Sample rules

FortiGate - New Firewall Policy Added

• source: sigma
• technicques:
  • t1562

Description

Detects the addition of a new firewall policy on a Fortinet FortiGate Firewall.

Detection logic

condition: selection
selection:
  action: Add
  cfgpath: firewall.policy