Threat Intelligence
FortiSIEM supports these threat detection devices:
External threat intelligence sources provide information about malware actors (Indicators of Compromise or IOCs). FortiSIEM can be configured to download this information periodically, either incrementally or full updates, according to a schedule you define. IOCs can include Malware IP, Domain, URL, and file hashes. You can write rules to look for matches in real time or reports to look for matches in historical data.
The following external threat intelligence sources are supported out of the box:
- Emerging Threat
- FortiGuard
- FortiSandbox
- Malware Domain
- SANS
- ThreatStream
- ThreatConnect
- TruSTAR
- Zeus
In general, any threat source that provides a CSV file or supports STIC/TAXII standards 1.0, 1.1, and 2.0 can be automatically supported by FortiSIEM. FortiSIEM also provides a Java-based API which can be used to support a new website.
Additional information for specific threat intelligence feeds is available here.