Hi
I have IOC rescan enabled globally and it doesn't run as scheduled. What is wrong?
help please cuz fortinet support won't help me. I think we'll have to return this if it's not working.
If you have a valid support contract, fortinet should be able to help you.
Anyway..
First check if your IOC license is valid:
System Settings->Dashboard->License Information->Fortiguard->Indicator of Compromise Service
Do you have rescan for ADOM Settings configured as well?
CLI Commands:
Maybe these diagnose commands can narrow down your problem:
#diagnose test application scansched 11 current all
#diagnose test application scansched 11 history all
#diagnose test application scansched 2
Debugging IOC:
#diagnose debug application scansched 1000
#diagnose debug enable
Restart the IOC daemon:
#diagnose test application scansched 99
Wel.. I'm running into the same problem on three different FAZ running 6.2.3 and 6.2.4 and 6.0.8.
In my case I think it's because the IOC database is not updating.
#diag test application sqllogd 204 stats
#diagnose fmupdate fds-getobject
Last ThreatIntel DB update on the 6.0.8 was on April 15th. The others never received any ThreatIntel DB updates, because were updated recently.
Let's see if TAC can fix it.. to me looks more like a global issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.