diff --git a/rules-emerging-threats/2022/Exploits/CVE-2022-42475/fortios_sslvpnd_exploit_cve_2022_42475_exploitation_indicators.yml b/rules-emerging-threats/2022/Exploits/CVE-2022-42475/fortios_sslvpnd_exploit_cve_2022_42475_exploitation_indicators.yml
new file mode 100644
index 000000000..37f152df3
--- /dev/null
+++ b/rules-emerging-threats/2022/Exploits/CVE-2022-42475/fortios_sslvpnd_exploit_cve_2022_42475_exploitation_indicators.yml
@@ -0,0 +1,32 @@
+title: Exploitation Indicator Of CVE-2022-42475
+id: 293ccb8c-bed8-4868-8296-bef30e303b7e
+status: experimental
+description: Detects exploitation indicators of CVE-2022-42475 a heap-based buffer overflow in sslvpnd.
+references:
+    - https://www.fortiguard.com/psirt/FG-IR-22-398
+    - https://www.bleepingcomputer.com/news/security/fortinet-says-ssl-vpn-pre-auth-rce-bug-is-exploited-in-attacks/
+    - https://www.deepwatch.com/labs/customer-advisory-fortios-ssl-vpn-vulnerability-cve-2022-42475-exploited-in-the-wild/
+    - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420
+author: Nasreddine Bencherchali (Nextron Systems), Nilaa Maharjan, Douglasrose75
+date: 2024/02/08
+tags:
+    - attack.initial_access
+    - cve.2022.42475
+    - detection.emerging_threats
+logsource:
+    product: fortios
+    service: sslvpnd
+    definition: 'Requirements: file creation events or equivalent must be collected from the FortiOS SSL-VPN appliance in order for this detection to function correctly'
+detection:
+    keywords:
+        - '/data/etc/wxd.conf'
+        - '/data/lib/libgif.so'
+        - '/data/lib/libips.bak'
+        - '/data/lib/libiptcp.so'
+        - '/data/lib/libipudp.so'
+        - '/data/lib/libjepg.so'
+        - '/var/.sslvpnconfigbk'
+    condition: keywords
+falsepositives:
+    - Unknown
+level: high
diff --git a/tests/logsource.json b/tests/logsource.json
index 6c6c10895..150df29f0 100644
--- a/tests/logsource.json
+++ b/tests/logsource.json
@@ -177,6 +177,14 @@
                 "syslog":[]
             }
         },
+        "fortios":{
+            "commun": [],
+            "empty": [],
+            "category":{},
+            "service":{
+                "sslvpnd": []
+            }
+        },
         "django":{
             "commun": [],
             "empty": [],