Vendor: Fortinet

April 15, 2026 · View on GitHub

Product: FortiGate

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
279	116	45	15	19

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-activity ↳fortinet-fortigate-cef-http-session-app-ctrl ↳fortinet-fortigate-cef-app-activity-success-router ↳fortinet-fortigate-cef-app-activity-success-vpn ↳fortinet-fortigate-kv-app-activity-wireless ↳fortinet-fortigate-cef-app-activity-success-system ↳fortinet-fortigate-cef-app-activity-success-ha ↳fortinet-fortigate-cef-app-activity-success-connector ↳fortinet-fortigate-kv-app-activity-system app-login ↳fortinet-fortigate-kv-app-activity-system authentication-failed ↳fortinet-vpn-kv-app-authentication-fail-0102043011 ↳fortinet-fortigate-kv-endpoint-login-success-fail-systemevent authentication-successful ↳fortinet-fortigate-cef-app-authentication-user ↳fortinet-fortiauthenticator-kv-endpoint-login-success-0102043039 ↳fortinet-vpn-kv-endpoint-login-success-logdesc ↳fortinet-fortigate-kv-endpoint-login-success-fail-systemevent failed-app-login ↳fortinet-fortigate-kv-app-activity-system failed-vpn-login ↳fortinet-vpn-kv-vpn-login-fail-loginfailed vpn-login ↳fortinet-vpn-cef-vpn-login-success-connection ↳fortinet-vpn-kv-vpn-login-success-ssl ↳fortinet-vpn-cef-vpn-login-success-login vpn-logout ↳fortinet-vpn-cef-vpn-logout-success-down ↳fortinet-vpn-cef-vpn-logout-success-connection web-activity-allowed ↳fortinet-fortigate-cef-http-traffic-waf ↳fortinet-fortigate-cef-http-session-app-ctrl ↳fortinet-fortigate-cef-http-session-webfilter web-activity-denied ↳fortinet-fortigate-cef-http-session-app-ctrl ↳fortinet-fortigate-cef-http-session-webfilter	T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	35 Rules 13 Models
Account Manipulation	app-activity ↳fortinet-fortigate-cef-http-session-app-ctrl ↳fortinet-fortigate-cef-app-activity-success-router ↳fortinet-fortigate-cef-app-activity-success-vpn ↳fortinet-fortigate-kv-app-activity-wireless ↳fortinet-fortigate-cef-app-activity-success-system ↳fortinet-fortigate-cef-app-activity-success-ha ↳fortinet-fortigate-cef-app-activity-success-connector ↳fortinet-fortigate-kv-app-activity-system vpn-logout ↳fortinet-vpn-cef-vpn-logout-success-down ↳fortinet-vpn-cef-vpn-logout-success-connection	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1484 - Group Policy Modification	10 Rules 7 Models
Brute Force Attack	vpn-logout ↳fortinet-vpn-cef-vpn-logout-success-down ↳fortinet-vpn-cef-vpn-logout-success-connection	T1110 - Brute Force	1 Rules 1 Models
Physical Security	vpn-login ↳fortinet-vpn-cef-vpn-login-success-connection ↳fortinet-vpn-kv-vpn-login-success-ssl ↳fortinet-vpn-cef-vpn-login-success-login	T1133 - External Remote Services	1 Rules 1 Models
Workforce Protection	web-activity-allowed ↳fortinet-fortigate-cef-http-traffic-waf ↳fortinet-fortigate-cef-http-session-app-ctrl ↳fortinet-fortigate-cef-http-session-webfilter	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts Exploitation for Privilege Escalation Group Policy Modification	Group Policy Modification Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information	Brute Force Steal or Forge Kerberos Tickets Credentials from Password Stores Steal or Forge Kerberos Tickets: Kerberoasting		Remote Services Internal Spearphishing	Email Collection Email Collection: Email Forwarding Rule	Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Exfiltration Over Physical Medium: Exfiltration over USB Exfiltration Over C2 Channel Exfiltration Over Physical Medium Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking