Fortinet black logo

Administration Guide

IOC Export

Copy Link
Copy Doc ID 94250e1c-2251-11ed-9eba-fa163e15d75b:955490
Download PDF

IOC Export

The IOC Export page allows you to export the IOC file in CSV or STIX format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident ID, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.

To export the IOC as a CSV file:
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. (Optional) Include or exclude the following files and alerts:
    • Include File MD5

    • Include WCF Category

    • Exclude Reconnaissance Alerts

  4. Click Export as CSV
To Push the IOC over STIX/TAXII server
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. Enable STIX/TAXII Integration.
  4. Configure the export settings:
    API Root URLEnter the API Root URL.
    TAXII UsernameEnter the TAXII username.
    TAXII PasswordEnter the TAXII password.
    Collection IDEnter the Collection ID.
    Certificate FileClick Upload a certificate file to upload the certificate file.
    Key FileClick to upload the API key file.
    Certificate/Key VerificationEnable Certificate/Key Verification.
    Include File MD5Enable to include the MD5 file.
    Include WCF CategoryEnable to include the WCF category.
    Include IPS CategoryEnable to include the IPS category.

  5. Click Export as STIX to push the export over the protocol in real time.

IOC Export

The IOC Export page allows you to export the IOC file in CSV or STIX format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident ID, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.

To export the IOC as a CSV file:
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. (Optional) Include or exclude the following files and alerts:
    • Include File MD5

    • Include WCF Category

    • Exclude Reconnaissance Alerts

  4. Click Export as CSV
To Push the IOC over STIX/TAXII server
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. Enable STIX/TAXII Integration.
  4. Configure the export settings:
    API Root URLEnter the API Root URL.
    TAXII UsernameEnter the TAXII username.
    TAXII PasswordEnter the TAXII password.
    Collection IDEnter the Collection ID.
    Certificate FileClick Upload a certificate file to upload the certificate file.
    Key FileClick to upload the API key file.
    Certificate/Key VerificationEnable Certificate/Key Verification.
    Include File MD5Enable to include the MD5 file.
    Include WCF CategoryEnable to include the WCF category.
    Include IPS CategoryEnable to include the IPS category.

  5. Click Export as STIX to push the export over the protocol in real time.