FortiSIEM v7.4.2 Health ISAC TAXII 2.1 feed configuration using OPENCTI integration

Forum|Forum|2 months ago
April 10, 2026
1 reply
81 views

I did search in Fortinet documentation, and it pointed to OPENCTI integration which is a generic taxi2.1 implementation python script. Web reference: https://docs.fortinet.com/document/fortisiem/7.4.2/user-guide/628743#FortiSIE

FTNT TAC Ticket is 11729864 created for this.

I need help - How to configure FortiSIEM v7.4.2 Health ISAC TAXII 2.1 feed configuration using OPENCTI integration ?

mpandainfiniteAuthor

New Member

I am able to fetch TAXII feed through below curl command

curl -u user:password -H "Accept: application/taxii+json;version=2.1" "https://health-isac.cyware.com/ctixapi/ctix21/collections/41689cb5-ee8b-484a-8a59-95a683439d4f/objects/?limit=1000"

but when I configure the same in 'Malware IP' and I am using inbuilt stix21_threatfeed.py, I am getting HTTP status 206, which points to stix21_threatfeed.py cannot handle pagination, but anything 206 is a positive sign. refer to attach screenshots.

Could you please share source code of this file stix21_threatfeed.py, I want to review how this file handles pagination. OPENCTI_STIX_TAXII_2_1_ERROR_PYTHON_SCRIPT-HTTP-STATUS-206 - Copy.png

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded