Home > Uncategorized > How to open a ticket with the FortiGuard team to request the creation (and testing) of a definition

How to open a ticket with the FortiGuard team to request the creation (and testing) of a definition

A while back, I came across the very cool piece of software called ScreenHero. It is a screen sharing + IM client that I’ve installed on several of my family members’ PCs and Macs. Unfortunately for my co-workers, I also wanted to block it through the use of the FortiGuard UTM services featured on our Fortigate firewall.

It is quite easy to request a new definition to be added.


Request a new application control definition:
1) Go to the FortiGuard App Control search page and click New App.

2) Fill out the form.

3) Wait.

Expected Timeline:
For my ScreenHero request, for which I provided nothing more than the URL to the software, my time line was as follows:

Monday 12PM: Submitted request through FortiGuard site.
Monday 12:52PM: Received confirmation of open ticket.
Monday 1:46PM: Confirmation that signature was developed and has entered Beta testing.
Monday 2:30PM: IDS definition delivered to me:

F-SBID(--protocol tcp; --service SSL; --flow from_server; --pattern ".powwow.cc"; --context host; --no_case;)

Tuesday 2:40PM: IPS package 4.333 released globally to all FortiGuard subscribed appliances which contains the definition for Screen Hero.

That’s 24 hours for investigation and testing, and push to prod to be done globally. Not bad.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: