Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SmackIT
New Contributor II

Created on ‎01-19-2019 05:59 AM

Fortigate support for STIX/TAXII

Hello experts,

 

Does Fortigate support STIX/TAXII for receiving / pulling threat intelligence? 

 

If yes, what versions of STIX/TAXII are supported? 

 

Thanks. 

14854
9 REPLIES 9
SmackIT
New Contributor II

Created on ‎01-20-2019 07:21 AM

Hi experts,

 

Can anyone help respond to this. 

 

Thanks. 

7913
0 Kudos
bommi
Contributor III
In response to SmackIT

Created on ‎01-20-2019 08:26 AM

Hi,

 

there is no support for STIX / TAXII in fortigate firewalls.

Only the FortiSandbox supports STIX and TAXII.

 

Best Regards

bommi

NSE 4/5/7

NSE 4/5/7
7913
0 Kudos
SmackIT
New Contributor II
In response to bommi

Created on ‎01-20-2019 08:40 AM

Thank you for the answer. 

 

Is STIX/TAXII support by any chance in roadmap in order to pull threat intelligence from other sandboxes? 

7913
0 Kudos
bommi
Contributor III
In response to SmackIT

Created on ‎01-20-2019 09:05 AM

Hi SmackIT,

 

the feature is called "Fabric Connectors":

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-fabric/Connectors/configuri...

You need the "Fabric Connector for threat feeds" part of this documentation.

 

In FortiOS 6.0 only IP- and Domainlists are supported, in FortiOS 6.2 which is currently beta you can also import Hashlists.

 

Best Regards

bommi

NSE 4/5/7

NSE 4/5/7
7913
0 Kudos
bommi
Contributor III
In response to SmackIT

Created on ‎01-20-2019 08:44 AM

Hi,

 

I don't know.

Fortigate firewalls can pull threat intelligence information from webservers.

You can import lists of IP-Addresses, Domains and Filehashes and use this information in the webfilter, dnsfilter and av-filter.

 

Regards bommi

NSE 4/5/7

NSE 4/5/7
7913
0 Kudos
SmackIT
New Contributor II
In response to bommi

Created on ‎01-20-2019 09:00 AM

Hi Bommi,

 

Can you please point me to the related document / KB for doing this? 

 

Thanks. 

7913
0 Kudos
bommi
Contributor III
In response to SmackIT

Created on ‎01-20-2019 09:08 AM

Hi,

 

this feature is called "Fabric Connector":

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-fabric/Connectors/configuri...

You need the "Fabric Connector for threat feeds" part of this documentation.

 

In FortiOS 6.0 only IP- and Domainlists are supported, in FortiOS 6.2 which is currently Beta you can also import Hashlists.

 

Best Regards

bommi

NSE 4/5/7

NSE 4/5/7
7912
0 Kudos
SmackIT
New Contributor II
In response to bommi

Created on ‎01-20-2019 07:30 PM

Thanks Bommi. 

7912
0 Kudos
awalker
New Contributor

Created on ‎11-18-2021 10:21 AM

I think they do now - https://docs.fortinet.com/document/fortigate/7.0.0/new-features/400345/stix-format-for-external-thre...

7836
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.