To integrate FortiSOAR Threat Intelligence Management (TIM) with FortiSIEM, you can leverage the following approach. While FortiSIEM may not support STIX format, it does support CSV integration.
For successful integration, use the following URL format:
|
https://<FortiSOAR.IP>/api/taxii/1/collections/<DatasetID>/objects?$format=csv&$__selectFields=value&$limit=10000
|
Ensure to filter the CSV using the field "Value" with the following parameter:
$__selectFields=value
It's worth noting that for IP addresses, you may encounter one invalid row, but this is acceptable in the integration process.
