FortiGate - User Group Modified

Rule Info

Name
FortiGate - User Group Modified
Author
Marco Pedrinazzi @pedrinazziM (InTheCyber)
Description
Detects the modification of a user group on a Fortinet FortiGate Firewall. The group could be used to grant VPN access to a network.
Reference
https://www.fortiguard.com/psirt/FG-IR-24-535
Date
2025-11-01 00:00:00
Modified
None
Id
69ffc84e-8b1a-4024-8351-e018f66b8275
Tags
attack.persistence attack.privilege-escalation
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=69ffc84e-8b1a-4024-8351-e018f66b8275

Rule History

Author
Title
Date
Commit
InTheCyber
Merge PR #5197 from @inthecyber - Add new Fortinet Fortigate rules
2025-11-02
4dfbd6b71
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022