Skip to main content
HafizJasmi
HafizJasmi
New Member
October 15, 2020
Question

Threat Intelligence

  • October 15, 2020
  • 1 reply
  • 1365 views

Hi Guys,

I saw Fortisiem support external threat intelligence source but of the source are not working with my fortisiem. Here is the list :

  • SANS
  • ThreatStream
  • ThreatConnect
  • TruSTAR
This 4 source are not working with in my Resource, any suggestion or new URL update for this? Or you guys have another free THREAT INTELLIGENCE resource that can connect to Fortisiem via API?

    1 reply

    KarnGriffen
    KarnGriffen
    Explorer II
    October 15, 2020
    Muhammad,

    ThreatStream, ThreatConnect, and TruStar are all paid services I believe, so you will need a valid account at those services.  For SANS, you need to run the Update function in the sub-category (for instance the HIGH category), but it appears the original URLs are reaching a site that has been discontinued. Browse to https://isc.sans.edu/feeds/suspiciousdomains_High.txt for example.

    Emerging Threat lists should work.  (http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt).  But you can include any threat feed that allows you to hit a URL that basically presents the information in a clean format like the above list.  Browse to http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt to see what I mean.

    There are also STIX\TAXII options, but it's super simple to pull in a clean list via web if you have them or can find them.  For instance, something like this: https://www.badips.com/get/list/badbots/1?age=7d-------------------------------------------
    Original Message:
    Sent: Oct 15, 2020 04:14 AM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: Threat Intelligence

    Hi Guys,

    I saw Fortisiem support external threat intelligence source but of the source are not working with my fortisiem. Here is the list :

    • SANS
    • ThreatStream
    • ThreatConnect
    • TruSTAR
    This 4 source are not working with in my Resource, any suggestion or new URL update for this? Or you guys have another free THREAT INTELLIGENCE resource that can connect to Fortisiem via API?
    HafizJasmi
    HafizJasmiAuthor
    New Member
    October 16, 2020

    Hi Kam,

    Thanks for the suggestion given, one more question did RiskQ still work in Fortisiem because every time i do external lookup never show any indicator of threat, or is it not reliable like Virustotal
     

    -------------------------------------------
    Original Message:
    Sent: Oct 15, 2020 09:30 AM
    From: Karn Griffen
    Subject: Threat Intelligence

    Muhammad,

    ThreatStream, ThreatConnect, and TruStar are all paid services I believe, so you will need a valid account at those services.  For SANS, you need to run the Update function in the sub-category (for instance the HIGH category), but it appears the original URLs are reaching a site that has been discontinued. Browse to https://isc.sans.edu/feeds/suspiciousdomains_High.txt for example.

    Emerging Threat lists should work.  (http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt).  But you can include any threat feed that allows you to hit a URL that basically presents the information in a clean format like the above list.  Browse to http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt to see what I mean.

    There are also STIX\TAXII options, but it's super simple to pull in a clean list via web if you have them or can find them.  For instance, something like this: https://www.badips.com/get/list/badbots/1?age=7d
    Original Message:
    Sent: Oct 15, 2020 04:14 AM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: Threat Intelligence

    Hi Guys,

    I saw Fortisiem support external threat intelligence source but of the source are not working with my fortisiem. Here is the list :

    • SANS
    • ThreatStream
    • ThreatConnect
    • TruSTAR
    This 4 source are not working with in my Resource, any suggestion or new URL update for this? Or you guys have another free THREAT INTELLIGENCE resource that can connect to Fortisiem via API?
    KarnGriffen
    KarnGriffen
    Explorer II
    October 16, 2020
    Muhammad,

    Sorry, I have not used RiskQ, so I cannot answer.  If it is a paid service, you would obviously need an account at RiskQ.
    -------------------------------------------
    Original Message:
    Sent: Oct 16, 2020 01:03 AM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: Threat Intelligence

    Hi Kam,

    Thanks for the suggestion given, one more question did RiskQ still work in Fortisiem because every time i do external lookup never show any indicator of threat, or is it not reliable like Virustotal
     


    Original Message:
    Sent: Oct 15, 2020 09:30 AM
    From: Karn Griffen
    Subject: Threat Intelligence

    Muhammad,

    ThreatStream, ThreatConnect, and TruStar are all paid services I believe, so you will need a valid account at those services.  For SANS, you need to run the Update function in the sub-category (for instance the HIGH category), but it appears the original URLs are reaching a site that has been discontinued. Browse to https://isc.sans.edu/feeds/suspiciousdomains_High.txt for example.

    Emerging Threat lists should work.  (http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt).  But you can include any threat feed that allows you to hit a URL that basically presents the information in a clean format like the above list.  Browse to http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt to see what I mean.

    There are also STIX\TAXII options, but it's super simple to pull in a clean list via web if you have them or can find them.  For instance, something like this: https://www.badips.com/get/list/badbots/1?age=7d
    Original Message:
    Sent: Oct 15, 2020 04:14 AM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: Threat Intelligence

    Hi Guys,

    I saw Fortisiem support external threat intelligence source but of the source are not working with my fortisiem. Here is the list :

    • SANS
    • ThreatStream
    • ThreatConnect
    • TruSTAR
    This 4 source are not working with in my Resource, any suggestion or new URL update for this? Or you guys have another free THREAT INTELLIGENCE resource that can connect to Fortisiem via API?
    Terms & ConditionsAccessibility statement