Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anand_Narayana
New Contributor III

Created on ‎09-20-2023 11:06 PM

External Connector Threat Feeds Logs

Recently I have upgraded FG-81F from v.7.4.0 to v.7.4.1. After upgrading the Automation logs that I have configured to send email alerts displays the UUID instead of the Threet Feed names. Is that a known bug or workaround available to resolve. Pasted below as quick reference for better understanding.

The differences can be noticed in "msg" that on v.7.4.0, it displays the names as FINANCE_URL but UUID in v.7.4.1.

 

On v.7.4.1

date=2023-09-20 time=12:36:20 devid="FGT81FTxxxxxxxxx" devname="FGT-PRIMARY" eventtime=1695193580831034046 tz="+0530" logid="0100022220" type="event" subtype="system" level="information" vd="root" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-273ce776-2493-51ee-de2f-eff2ada4c0b4' updated successfully" desc="threat-feed"

 

On v.7.4.0

The log displays as follows

date=2023-09-20 time=11:30:22 devid="FG101FTxxxxxxxxx" devname="FGT-PRIMARY" eventtime=1695276021981973499 tz="+0530" logid="0100022220" type="event" subtype="system" level="information" vd="root" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-root.FINANCE_URL' updated successfully" desc="threat-feed"

Anand

Labels:
139
0 Kudos
2 REPLIES 2
mark808
New Contributor

Created on ‎09-21-2023 12:15 AM

In my opinion ingesting threat intelligence from multiple sources makes sense. Not to belittle the fine work that the Fortiguard team do every day but it does allow for extending the systems capabilities. Also as I mentioned in the video it can be used to update the fortigate with additional threat feeds, block lists or potentially even allowlist’s that you want to creat internally as part of internal policy or incident response. All that being said, I would continue to subscribe to Fortinets UTM services as well..

https://showbox.bio https://tutuapp.uno/
124
0 Kudos
Anand_Narayana
New Contributor III
In response to mark808

Created on ‎09-21-2023 12:54 AM

UTM services are in place. The Internet access in our organization is based on the whitelisting URLs by blocking all the categories. The external threatfeed is configured to allow ONLY the whitelisted URLs. This is synced to multiple locations instead of manually logging in to all the Fortinet devices and add the URLs manually. This is not an issue as I have being using this for several years now. The only issue that I currently see is the automation emails alerts sent with the UUID instead of the Threatfeeds name  from v.7.4.1 and not earlier. So wanted to know if this is a known bug or a workaround available to resolve.

Anand

119
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.