How to Configure and Use External Lookup for FortiSIEM
Description
Scope
FortiSIEM 5.2.1+
Solution
This article will provide instructions on how to configure and use external lookup Entries.
The sites related to this article have no affiliation with Fortinet but can be used publicly.
Scope
FortiSIEM 5.2.1+
Solution
Configuring External Lookup:
1 - Go to Admin > Settings > Lookup
2 - Click on New and a Configuration will pop up
3 - Configure a new name
4 - Select IP (Domain Option is not available on the currently)
5 - Paste the External lookup link
Example: https://talosintelligence.com/reputation_center/lookup?search=<ip>NOTE: <ip> as a tag -- this will denote where the IP value will fill in.
6 - Save the configuration
How to perform an external lookup:
1 - Go to Analytics
2 - Run a query
3 - Find an IP field
4 - Click on the drop down and Select External Lookup
5 - Click on the link with "external"
6 - Remote Site will provide you a result.