Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.0 User Guide
    7.5.0
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Working with URLhaus Threat Feed

    Working with URLhaus Threat Feed

    The following sections describe how to work with URLhaus malware URLs.

    Download URLHaus Malware URLs

    1. Go to Resources > Malware URLs, select the URLHaus Malware URL folder.
    2. Click Configure (). In the Update Malware dialog box, then select Update via API.
    3. Click Edit () in the URL row.

    4. In the URL field, check if URL is valid. If not, then edit it.

      If your Threat Feed is hosted on a Web Server and it needs a certificate, then the Web Server Certificate must be imported into FortiSIEM key store. Please follow the steps here from the Configuring CA Certificates Guide.

    5. Leave User Name, Password empty.
    6. Plugin Name is provided by default.
    7. Select a Data Update process. Selecting Full means FortiSIEM will download all data. If Incremental is selected, FortiSIEM will download from the latest recorded update date.
    8. Click Save.
    9. Schedule the download. See Specifying a Schedule.
    10. Check the folder 5 minutes after the scheduled time. Downloaded results should be displayed.

    Specifying a Schedule

    1. Click the + icon next to Schedule.

    2. Enter values for the following options:

      • Time Range specifies start time (within the day) and the duration of the scheduling window. Select a UTC time and a corresponding location from the drop-down lists.

      • Recurrence Pattern specifies if and how the window will repeat.

        Recurrence Pattern

        Steps
        Once

        1. Select the specific date in Start From.
        Daily

        1. Select the interval of days or Every weekday.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
        Weekly

        1. Select the interval of weeks or select particular days of the week.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.

        Monthly

        1. Select the days and months from the drop-down lists.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.

    3. Click Save to apply the changes.

    Verifying Scheduled Download is Successful

    To verify that the scheduled download is successful, navigate to the appropriate top Resources > Malware IOC level, i.e. Resources > Malware IPs for Malware IP Threat Feed, Resources > Domain for Malware Domain Threat Feed, ... and check your Feed's row. When the scheduled download has occurred and is successful, the Status column will show Normal, and the Indicators column will show number of Malware IOCs.

    Previous
    Next

    Working with URLhaus Threat Feed

    Working with URLhaus Threat Feed

    The following sections describe how to work with URLhaus malware URLs.

    Download URLHaus Malware URLs

    1. Go to Resources > Malware URLs, select the URLHaus Malware URL folder.
    2. Click Configure (). In the Update Malware dialog box, then select Update via API.
    3. Click Edit () in the URL row.

    4. In the URL field, check if URL is valid. If not, then edit it.

      If your Threat Feed is hosted on a Web Server and it needs a certificate, then the Web Server Certificate must be imported into FortiSIEM key store. Please follow the steps here from the Configuring CA Certificates Guide.

    5. Leave User Name, Password empty.
    6. Plugin Name is provided by default.
    7. Select a Data Update process. Selecting Full means FortiSIEM will download all data. If Incremental is selected, FortiSIEM will download from the latest recorded update date.
    8. Click Save.
    9. Schedule the download. See Specifying a Schedule.
    10. Check the folder 5 minutes after the scheduled time. Downloaded results should be displayed.

    Specifying a Schedule

    1. Click the + icon next to Schedule.

    2. Enter values for the following options:

      • Time Range specifies start time (within the day) and the duration of the scheduling window. Select a UTC time and a corresponding location from the drop-down lists.

      • Recurrence Pattern specifies if and how the window will repeat.

        Recurrence Pattern

        Steps
        Once

        1. Select the specific date in Start From.
        Daily

        1. Select the interval of days or Every weekday.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
        Weekly

        1. Select the interval of weeks or select particular days of the week.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.

        Monthly

        1. Select the days and months from the drop-down lists.

        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.

    3. Click Save to apply the changes.

    Verifying Scheduled Download is Successful

    To verify that the scheduled download is successful, navigate to the appropriate top Resources > Malware IOC level, i.e. Resources > Malware IPs for Malware IP Threat Feed, Resources > Domain for Malware Domain Threat Feed, ... and check your Feed's row. When the scheduled download has occurred and is successful, the Status column will show Normal, and the Indicators column will show number of Malware IOCs.

    Previous
    Next