Technical Tip: The default behavior of External re...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 396714

Description

This article describes the default behavior of the External resource for TAXII(STIX).

Scope

FortiGate v7.4

Solution

If it is not set with 'type', it is set as 'category' by default.

At that time, the retrieved content from Taxii can be loaded as a category. e.g., if there is a 'domain' category in the STIX page, FortiGate reflects this category in the External Feeds page.

From CLI:

FGT1801F-TFEED (vdom1) (Interim)# sh fu sys external-resource stix-category

config system external-resource

edit "stix-category"

set uuid af0dfc6e-47d0-51f0-049b-866b39d01808

set status enable

set type category <----- If it is not set with 'type', it is set as 'category' by default.

set update-method feed

set category 192

set client-cert-auth disable

set comments ''

set resource "stix://172.16.200.209:9443/taxii/collections/100/objects/"

set user-agent ''

set server-identity-check none

set refresh-rate 5

set source-ip 0.0.0.0

set interface-select-method auto

set vrf-select 0

end

From GUI:

326

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: The default behavior of External resource for TAXII(STIX)

You are leaving our website