tama893
New Contributor

IOC rescan not running

Hi

I have IOC rescan enabled globally and it doesn't run as scheduled. What is wrong?

3 REPLIES 3
tama893
New Contributor

help please cuz fortinet support won't help me. I think we'll have to return this if it's not working.

localhost

If you have a valid support contract, fortinet should be able to help you.

 

Anyway..

 

First check if your IOC license is valid:

System Settings->Dashboard->License Information->Fortiguard->Indicator of Compromise Service

 

Do you have rescan for ADOM Settings configured as well?

 

 

 

CLI Commands:

 

Maybe these diagnose commands can narrow down your problem:

#diagnose test application scansched 11 current all

#diagnose test application scansched 11 history all

#diagnose test application scansched 2

 

Debugging IOC:

#diagnose debug application scansched 1000

#diagnose debug enable

 

Restart the IOC daemon:

#diagnose test application scansched 99

 

 

 

localhost

Wel.. I'm running into the same problem on three different FAZ running 6.2.3 and 6.2.4 and 6.0.8.

 

In my case I think it's because the IOC database is not updating.

#diag test application sqllogd 204 stats

#diagnose fmupdate fds-getobject

 

Last ThreatIntel DB update on the 6.0.8 was on April 15th. The others never received any ThreatIntel DB updates, because were updated recently.

 

Let's see if TAC can fix it.. to me looks more like a global issue.