Help
FortiSOAR Discussions
AliMaher
New Contributor

Created on ‎05-20-2023 08:50 AM

get Reputation for Indicatos records

hello Experts,

 

i have created a playbook which import IOCs(ip-url-...) in indicator Module.

 

No_Repu.png

 

i want to get theses records its reputation to filter them out and block (Malicious).

 

i have my threat intel management of Fortisoar enabled 

 

Threat_Intel.png

 

How can i let the threat intel get the reputation of the indicator recoed?

344
0 Kudos
1 REPLY 1
anarula
Staff
Staff

Created on ‎05-29-2023 06:56 AM

@AliMaher , based on limited understanding of your question, I am guessing you want to write a playbook that would give you Malicious Indicators, and then you want to Initiate a Block of those.

 

If this is what you are asking for, then all you need to do is following

 

1) Find Records of INdicators whose Reputation is Malicious,

2) Use Connector for Blocking those indicators.

 

 

Please confirm the understanding, so that we could help you further with examples of playbooks to achieve the above steps.

CTO (SOAR Business) | VP of Engineering
293
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.