/var/www/html/src_ip.htmlfile hosted by FortiSIEM Supervisor
/var/www/html/dst_ip.htmlfile hosted by FortiSIEM Supervisor
pip2.7 install pathlib
vi src_ip.py(insert the script code in the file and save it)
python src_ip.pycommand. Upon running this command, HTML file lists will be automatically created, and the script will become executable with admin rights (this way the admin user will be able to trigger/run the script from the web GUI). Ignore the console messages after running the “#python src_ip.py” CLI command. If Destination IP Address are needed you have to run the "dst_ip.py" script file.
You can test this new remediation method using inbuild FortiGate demo alerts and FortiSIEM inbuild Rules or (if more control is needed), you can use custom Logs/Alerts, Parsers, Rules and Notification Policies.
1). Ad-hoc remediation test using inbuild FortiGate demo alerts and inbuild FortiSIEM Rules
diagnose log testto generate test events
2). Automatic remediation test based on sample logs and custom Parsers, Rules and Notification Policies
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.