Skip to main content
AliMaher
AliMaher
Visitor III
May 20, 2023
Question

get Reputation for Indicatos records

  • May 20, 2023
  • 1 reply
  • 933 views

hello Experts,

 

i have created a playbook which import IOCs(ip-url-...) in indicator Module.

 

No_Repu.png

 

i want to get theses records its reputation to filter them out and block (Malicious).

 

i have my threat intel management of Fortisoar enabled 

 

Threat_Intel.png

 

How can i let the threat intel get the reputation of the indicator recoed?

    1 reply

    anarula
    Staff
    anarula
    Staff
    May 29, 2023

    @AliMaher , based on limited understanding of your question, I am guessing you want to write a playbook that would give you Malicious Indicators, and then you want to Initiate a Block of those.

     

    If this is what you are asking for, then all you need to do is following

     

    1) Find Records of INdicators whose Reputation is Malicious,

    2) Use Connector for Blocking those indicators.

     

     

    Please confirm the understanding, so that we could help you further with examples of playbooks to achieve the above steps.

    Terms & ConditionsAccessibility statement