Staff

Troubleshooting Tip: How to fix invalid pattern issue while fetching the feeds using TAXII protocol from FortiSOAR

Forum|Forum|1 year ago
December 11, 2024
0 replies
233 views

Description

This article describes how to fix invalid pattern issues while consuming the Threat Feeds using the TAXII protocol.

Scope

FortiSOAR, Threat Intel Management Solution Pack version <= 1.2.2.

Solution

'Fortinet FortiGuard Threat Intelligence' data ingestion gets configured automatically while installing the 'Threat Intel Management' solution pack on the FortiSOAR system.

As a result, 'Fortinet FortiGuard Threat Intelligence' data ingestions playbooks get created which contain a jinja value '{{vars.item.pattern | toJSON}}' This leads to incorrect characters being added to the pattern field when creating the 'Threat Intel Feeds' record in FortiSOAR.

Follow the below steps to fix this:

Navigate to Automation -> Playbooks -> Enable 'Include System Collection' -> Search for 'Fortinet FortiGuard Threat Intelligence'.
Select the below collection:

Fortinet FortiGuard Threat Intelligence 3.1.0 config2Ingestion(e02562a9-a719-4081-ac83-3dfebbb66422)(2)
Edit '-> FortiGuard Threat Intelligence -> Fetch and Create' playbook.
Edit the 'Create Record' step -> Replace the jinja as below in the pattern field -> Save the playbook.

Pattern: {{vars.item.pattern}}

10.132.255.142_playbooks_collections_e02562a9-a719-4081-ac83-3dfebbb66422.png

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded