integrate FortiSIEM with MISP project

makeel · ‎01-01-2024

Dear support

We have Forti SIEM version 7.1 and we are prepared threat intelligence for MISP project and we need to connect the FortiSIEM with MISP to pull the IoC's

i you can help us to provide us the steps with details

cdurkin_FTNT · ‎01-02-2024

Thank you Christian.

Just a couple of notes on the MISP script .. as it was created a few years ago now as a proof of concept.

1) No need to install "jq" on the Supervisor these days, it is already present.. but see note below

2) The doc was made for a test lab to get the script to create local files to be uploaded by the Supervisor.. for production, you would place the script on a completely separate local box with a web server and get the Supervisor to download the misp files from there.

View solution in original post

Secusaurus · ‎01-01-2024

Hello makeel,

Just have a look at the KB: https://community.fortinet.com/t5/FortiSIEM/HOWTO-Import-MISP-Data/ta-p/231773

Note that I have not checked if it works on v7.1.

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

cdurkin_FTNT · ‎01-02-2024

Thank you Christian.

Just a couple of notes on the MISP script .. as it was created a few years ago now as a proof of concept.

1) No need to install "jq" on the Supervisor these days, it is already present.. but see note below

2) The doc was made for a test lab to get the script to create local files to be uploaded by the Supervisor.. for production, you would place the script on a completely separate local box with a web server and get the Supervisor to download the misp files from there.

makeel · ‎01-02-2024

many thanks colleagues for clarify