Wondering if someone could give me a hand with figuring out why FortiSIEM isn't pulling threat feeds from sources like Zeus, Sans and some other STIX/TAXII sources.
Zeus which FortiSIEM supports.
Resource -> Malware Domains -> Zeus Domains
Update via API
Plugin Class: com.accelops.service.threatfeed.impl.ZeusBlockedDomainUpdateService
Field Separator: blank
Data Format: Custom
Date Update: Tried both Full and Incremental.
I have set a schedule for once and made it for the next minute and saved.
When I refresh the page, I can see that the time next to the buttons updated but no information was downloaded.
I am doing this right and is there a way to view the logs to see if there is a connection issue somewhere or an error message.
Did you get this sorted?
There are a few places you can check for errors:
grep -i malware | /opt/glassfish/domains/domain1/logs/server.log
grep -i malware | /opt/phoenix/log/phoenix.log
If there are any errors, let me know and what version of FortiSIEM you are using.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.