i have created a playbook which import IOCs(ip-url-...) in indicator Module.
i want to get theses records its reputation to filter them out and block (Malicious).
i have my threat intel management of Fortisoar enabled
How can i let the threat intel get the reputation of the indicator recoed?
@AliMaher , based on limited understanding of your question, I am guessing you want to write a playbook that would give you Malicious Indicators, and then you want to Initiate a Block of those.
If this is what you are asking for, then all you need to do is following
1) Find Records of INdicators whose Reputation is Malicious,
2) Use Connector for Blocking those indicators.
Please confirm the understanding, so that we could help you further with examples of playbooks to achieve the above steps.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.