Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSOAR Discussions
- Fortinet Community
- Community Groups
- FortiSOAR
- Discussions
- Re: Check Multiple IOC Reputation Value
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check Multiple IOC Reputation Value
Hi guys,
When an Indicator is created, it extracts the existing enrich playbook data, but if there is one malicious IOC tool here, the indicator is flagged as malicious. We want to implement a check here to ensure there are at least two. How can we step this process? Has anyone done this before?
Thanks in advance
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @adem_netsys
As discussed, the issue was resolved after updating the playbook IRI value in the global variable "IP_Enrichment_IRI," which determines the playbooks that need to be executed to enrich the IP address.
Labels
-
FortiSoar
73 -
Connector
8 -
FortiSOAR v7.x
6 -
FortiSOAR v7.6
6 -
SOAR
5 -
playbooks
3 -
Jinja
3 -
FortiSIEM
2 -
Schedule
2 -
FortiSOAR 7.5
2 -
Threat Intel Management
2 -
FortiSOAR 7.4.0
2 -
Forcepoint
1 -
FortiSOAR v7.4.x
1 -
alert
1 -
HybridAnalysis
1 -
poonvert
1 -
Queued Workflow
1 -
Data Ingestion
1 -
Update Record Correlations
1 -
CMDB
1 -
crowdstrike
1 -
ution
1 -
indicators
1 -
RegionalSOC
1 -
queue and shift management
1 -
Artificial intelligence
1 -
Microsoft Exchange Connector
1 -
Staging
1 -
External Postgresql DB
1 -
Vault
1 -
secret management
1 -
secrets
1 -
Content-Hub
1 -
FortiSOAR Awards
1 -
fields
1 -
related modules
1 -
templates
1 -
FortiSIEM v7.4.x
1 -
FortiSOAR v7.2.x
1 -
FortiAnalyzer
1 -
FortiGuard
1 -
FortiWeb
1 -
FortiEDR
1 -
upgrade
1 -
Machine Learning
1 -
performance
1 -
API
1 -
Azure
1 -
Admin Access
1 -
License
1 -
Arrow
1 -
Time
1 -
Trial
1 -
ClickHouse
1 -
FortiSOAR 7.3.x
1 -
Upgrading FortiSOAR
1 -
Playbook
1 -
People
1 -
TAXII
1 -
SOC
1 -
secops
1 -
FortiSASE
1 -
C
1 -
Asset
1 -
Threat feed
1 -
FortiGate
1 -
enrichement
1 -
loops
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.