FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
premchanderr
Staff
Staff
Article Id 286801
Description

 

This document describes why few IP Addresses are included/excluded in the Fortiguard Threatfeed List.

 

Scope

 

FortiSiem v6.x+.

 

Solution

 

To confirm the legitimacy of an IP address or a list, you need to validate in https://ioc.fortiguard.com/analyze-ioc, it is essential to log in with a Fortinet support account. This platform enables users to verify all details of specific IP addresses, assess their malicious potential, and obtain details such as risk score, live rating, and the source/ country associated with each IP address.


For users seeking a comprehensive list of threat feed IP addresses, this information can be obtained from the Fortinet Developer Network (FNDN) with a 'site toolkit' subscription. Details on this subscription can be found in the Fortinet Developer Network PDF.

It is important to note that without this subscription, extracting the list is not possible. However, there is an IOC license, the list can be extracted from the IOC list on the FortiSIEM.

 

Related document:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Developer_Network.pdf

 

For further clarification on the IP address, contact the FortiGuard at https://www.fortiguard.com/contactus