Having trouble getting some on the Threat Feeds working.

Forum|Forum|7 years ago
May 7, 2019
1 reply
2615 views

Hey all,

Wondering if someone could give me a hand with figuring out why FortiSIEM isn't pulling threat feeds from sources like Zeus, Sans and some other STIX/TAXII sources.

For example.

Zeus which FortiSIEM supports.

Resource -> Malware Domains -> Zeus Domains

Update via API

URL: https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist.txt

Username: blank

Password: blank

Plugin Class: com.accelops.service.threatfeed.impl.ZeusBlockedDomainUpdateService

Field Separator: blank

Data Format: Custom

Date Update: Tried both Full and Incremental.

I have set a schedule for once and made it for the next minute and saved.

When I refresh the page, I can see that the time next to the buttons updated but no information was downloaded.

I am doing this right and is there a way to view the logs to see if there is a connection issue somewhere or an error message.

Thanks.

Tezza

FSM_FTNT

Staff

Hi Tezza,

Did you get this sorted?

There are a few places you can check for errors:

grep -i malware | /opt/glassfish/domains/domain1/logs/server.log

and

grep -i malware | /opt/phoenix/log/phoenix.log

If there are any errors, let me know and what version of FortiSIEM you are using.

Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded