Hello,
I am getting multiple destination IPs under Q-Radar event data payload and I have extracted all of them using regex and stored under key "DestIP" using set variable action.
Below is a sample of IPs output I am extracting and storing (have replaced original IPs with 0.0.0.0, here on community portal)
"
[
"0.0.0.0",
"0.0.0.0",
"0.0.0.0",
"0.0.0.0"
]
"
Now I want to pass all these IPs at once to virus total and get the reputation score as a result. How should I use the for each loop here and achive this requirement .
Shashank.
Hi shashankkumar,
I have moved your thread to the FortiSOAR Community Group's Discussions board, as I think you'll have a better chance of getting an answer here. I hope that helps.
Kind regards,
Hi Experts!
I want to add one point for performing IP Reputation of bulk IPs on multiple threat intel platforms. Like, if i want to get the latest reputation of say, 10 IPs, from Virustotal, Fortiguard Threat intel, Kasperksy Threat Intel. (I have already installed and configured the connectors for these threat intel platforms)
Please note that these Ips have added earlier in the SOAR, lets say a month back, as a result of ingestion from SIEM or manually added as a result of a received threat advisory.
Regards,
MBF
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.