Fortinet white logo
Fortinet white logo

Verify Device Added to Watchlist and Threat Feed

Verify Device Added to Watchlist and Threat Feed

To verify that a device has been added to the Watchlist and Threat Feed, take the following steps.

  1. On FortiSIEM, verify an incident has been triggered by navigating to INCIDENTS, and checking for active incidents.

  2. Verify the user’s device IP has been added to the corresponding watchlist by navigating to Resources > Watch Lists > Fabric Threats or Resources > Watch Lists > External Fabric Threats.

  3. On both Enterprise Core and 1st Floor FortiGates, verify that the FSM_Threat_Feed has been populated with the IP of the offending device.


Verify Device Added to Watchlist and Threat Feed

Verify Device Added to Watchlist and Threat Feed

To verify that a device has been added to the Watchlist and Threat Feed, take the following steps.

  1. On FortiSIEM, verify an incident has been triggered by navigating to INCIDENTS, and checking for active incidents.

  2. Verify the user’s device IP has been added to the corresponding watchlist by navigating to Resources > Watch Lists > Fabric Threats or Resources > Watch Lists > External Fabric Threats.

  3. On both Enterprise Core and 1st Floor FortiGates, verify that the FSM_Threat_Feed has been populated with the IP of the offending device.