FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Article Id 286801


This document describes why few IP Addresses are included/excluded in the Fortiguard Threatfeed List.




FortiSiem v6.x+.




To confirm the legitimacy of an IP address or a list, you need to validate in, it is essential to log in with a Fortinet support account. This platform enables users to verify all details of specific IP addresses, assess their malicious potential, and obtain details such as risk score, live rating, and the source/ country associated with each IP address.

For users seeking a comprehensive list of threat feed IP addresses, this information can be obtained from the Fortinet Developer Network (FNDN) with a 'site toolkit' subscription. Details on this subscription can be found in the Fortinet Developer Network PDF.

It is important to note that without this subscription, extracting the list is not possible. However, there is an IOC license, the list can be extracted from the IOC list on the FortiSIEM.


Related document:


For further clarification on the IP address, contact the FortiGuard at