How to open a ticket with the FortiGuard team to request the creation (and testing) of a definition
A while back, I came across the very cool piece of software called ScreenHero. It is a screen sharing + IM client that I’ve installed on several of my family members’ PCs and Macs. Unfortunately for my co-workers, I also wanted to block it through the use of the FortiGuard UTM services featured on our Fortigate firewall.
It is quite easy to request a new definition to be added.
Request a new application control definition:
1) Go to the FortiGuard App Control search page and click New App.
2) Fill out the form.
For my ScreenHero request, for which I provided nothing more than the URL to the software, my time line was as follows:
Monday 12PM: Submitted request through FortiGuard site.
Monday 12:52PM: Received confirmation of open ticket.
Monday 1:46PM: Confirmation that signature was developed and has entered Beta testing.
Monday 2:30PM: IDS definition delivered to me:
F-SBID(--protocol tcp; --service SSL; --flow from_server; --pattern ".powwow.cc"; --context host; --no_case;)
Tuesday 2:40PM: IPS package 4.333 released globally to all FortiGuard subscribed appliances which contains the definition for Screen Hero.
That’s 24 hours for investigation and testing, and push to prod to be done globally. Not bad.