[FORTIGATE] - Threat Feeds

Forum|Forum|4 years ago
September 16, 2021
3 replies
12091 views

Hello all.

Threat feed is one of the great features since FortiOS 6.0. It makes the task of blocking poor reputation IPs/domains, malware hashes and known IOCs very easy.

So, since i could not find it easily, i'd like to share here some ready to use lists and hope the community would share some too.

https://secureupdates.che..int.com/IP-list/TOR.txt [link]https://www.dan.me.uk/torlist/[/link] https://s3.us-east-2.amaz...om/ip-blacklist/ip.txt http://rules.emergingthre...emerging-Block-IPs.txt https://talosintelligence../documents/ip-blacklist https://lists.blocklist.de/lists/all.txt

Regards,

tioeudes

Markus

New Member

Nice idea

Block-List - Team Cymru (team-cymru.com)

tioeudesAuthor

New Member

https://firebog.net/ has some lists too.

tio3udes

Explorer III

Hello Guys!

Trying to revive this old post. I still believe it would be go for the comunity if we had a source of osint like this.

EnterpriseAdmin

New Member

You need to register and pay a few bucks to get a key, otherwise the retrieved list is limited to 10000 entries, but it is fantastic.

https://api.abuseipdb.com/api/v2/blacklist?limit=100000&confidenceMinimum=90&plaintext&key=<yourkeyhere>

Another:

https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt

EnterpriseAdmin

New Member

Don't forget to protect your SSLVPN service as well! These commands assume you don't have any existing entries in your source-address allow list, as we are inverting the action on this list from allow to deny:

config vpn ssl settings set source-address-negate enable set source-address "list or group 1" "list or group 2" "list or group n"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded