IOC rescan not running

tama893 · ‎04-28-2020

Hi

I have IOC rescan enabled globally and it doesn't run as scheduled. What is wrong?

tama893 · ‎05-05-2020

help please cuz fortinet support won't help me. I think we'll have to return this if it's not working.

localhost · ‎05-06-2020

If you have a valid support contract, fortinet should be able to help you.

Anyway..

First check if your IOC license is valid:

System Settings->Dashboard->License Information->Fortiguard->Indicator of Compromise Service

Do you have rescan for ADOM Settings configured as well?

CLI Commands:

Maybe these diagnose commands can narrow down your problem:

#diagnose test application scansched 11 current all

#diagnose test application scansched 11 history all

#diagnose test application scansched 2

Debugging IOC:

#diagnose debug application scansched 1000

#diagnose debug enable

Restart the IOC daemon:

#diagnose test application scansched 99

localhost · ‎05-18-2020

Wel.. I'm running into the same problem on three different FAZ running 6.2.3 and 6.2.4 and 6.0.8.

In my case I think it's because the IOC database is not updating.

#diag test application sqllogd 204 stats

#diagnose fmupdate fds-getobject

Last ThreatIntel DB update on the 6.0.8 was on April 15th. The others never received any ThreatIntel DB updates, because were updated recently.

Let's see if TAC can fix it.. to me looks more like a global issue.

Nominate a Forum Post for Knowledge Article Creation