Help
FortiSIEM Discussions
harshjoshi
New Contributor II

Created on ‎01-09-2025 02:34 AM Edited on ‎01-09-2025 02:36 AM

How to build an external lookup tool

Hello Team,

 

I was gaining knowledge about incidents and I came to know that we can setup an external lookup tool like Virustotal from which we can repudiate the IOCs. I am curious to know that how we can build a custom external lookup tool which can be used just like Virustotal for enrichment. Questionas are as below: 

 

  • Can that only be created by FortiSIEM platform team or I as developer can develop this and than submit to FortiSIEM by developing on my own?
  • If I can develop, what is the procedure or coding best practice must be followed ?
  • Which languages are used in development ?
  • This looks more kind of manual enrichment of each IOC which I select, Can this be automated for every incident ?

Feel free to reach out in any kind of clarity over this questions.

 

If anyone has sales team or technical team contact details than please send it over here who can answer these questions.

 

TIA.

401
0 Kudos
4 REPLIES 4
PartBhat
Staff
Staff

Created on ‎01-09-2025 08:53 AM

 

Two ways to do it

 

1. Import a Malware IP/Domain/Hash/URL list in FortiSIEM. Then you can use it in rules e.g. destIp IN Malware_IP_Group_1 and ir will be automatically used in Reputation Checks for Incidents (on demand or automated via notification policy)

 

https://help.fortinet.com/fsiem/7-3-0/Online-Help/HTML5_Help/Importing_malware_ip_information.htm

 

2. Define in External integrations - only VirusTotal and FortiGuard is supported. there is no programmatic lookup.

 

https://help.fortinet.com/fsiem/7-3-0/Online-Help/HTML5_Help/External_lookup_RiskIQ_VirusTotal.htm

360
harshjoshi
New Contributor II
In response to PartBhat

Created on ‎01-09-2025 08:20 PM

This current Virustotal present in FortiSIEM is developed by FortiSIEM team themselves or we can build something like that on our own ? Like as I mentioned I want to create a systemwide Lookup tool exact like Virustotal. How can I do that ? I know how to perform lookup or enrichment, I want to know how can I develop or integrate something like that of my own.

335
0 Kudos
adem_netsys
Contributor
In response to PartBhat

Created on ‎01-10-2025 12:57 AM

How do we use the Malware IP/Domain/URL etc. we have created in the rules, is there a use case or query that you have worked with?

296
0 Kudos
harshjoshi
New Contributor II

Created on ‎01-20-2025 03:52 AM

Can anyone help me with development related questions ?

180
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.