Technical Tip: How to configure STIX2.0 external threat feed server in FortiGate

sbabu · ‎12-30-2024

This article explains how to configure the STIX2.0 external threat feed server in FortiGate.

FortiGate, an External Threat feed server.

Log on to any external threat feed server with user credentials.

Step 1:

Select the feed that needs to be configured on the FortiGate firewall and obtain a STIX 2.0 link and a key by navigating to more information on the selected feed. The key will act as a username when configuring an external threat feed server in a FortiGate firewall. Example:https://otx.alienvault.com/otxapi/pulses/668cc34398c8a69a93af9ec2/export/?token=eyJhbGciOiJIUzI1NiIs...

To obtain the actual link, which must be configured on the FortiGate, take out the red-marked token value from the preceding URL: stix://otx.alienvault.com/otxapi/pulses/668cc34398c8a69a93af9ec2/export/?&format=stix2.0

Step 2:

Configure an external Threat feed server in FortiGate by navigating to Security Fabric -> external connectors -> Scroll down to locate threat feeds and select the FortiGuard category.
In connector settings, configure the threat feed server with STIX link and user key as username as shown below.

Alien-3 (1).png

alien-2 (3).png

The logs below can be collected to identify the issue further if it gives the same error.

exec ping <external threat feed server IP>

Putty2:

dia sniffer packet any "host x.x.x.x" 6 0 a

Putty3:

dia de reset
dia de app forticron 0xf00
dia de console timestamp enable
dia de enable

You are leaving our website