Help
FortiSIEM Discussions
Kunj
New Contributor

Created on ‎01-07-2025 05:08 AM

Choosing action for Automation Policy for IoC enrichment

I have a use case where I want to automatically enrich IoC data from event in FortiSIEM and build Dashboards. An API call should be made to third-party threat intelligence platform to enrich data and store info into Lookup tables.
Can Automation Policy triggered by a rule is feasible in this scenario?

 

I am considering using one of these 2 actions:

1. Run Remediation/ Script

2. Invoke an Integration Policy (Create Custom Integration)

 

I had few questions:

1. Would the events be passed to this actions?

2. Can I do API calls on event fields using any of above actions and store those into Lookup tables? 
3. Can i build Dashboards on this enriched data? If Yes, any example or reference would be helpful.

41
0 Kudos
0 REPLIES 0
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.