Hot!Fortigate support for STIX/TAXII

Author
SmackIT
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 05:52:32
  • Status: offline
2019/01/19 05:59:47 (permalink)
0

Fortigate support for STIX/TAXII

Hello experts,
 
Does Fortigate support STIX/TAXII for receiving / pulling threat intelligence? 
 
If yes, what versions of STIX/TAXII are supported? 
 
Thanks. 
#1
SmackIT
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 05:52:32
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 07:21:21 (permalink)
0
Hi experts,
 
Can anyone help respond to this. 
 
Thanks. 
#2
bommi
Gold Member
  • Total Posts : 143
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 08:26:28 (permalink)
0
Hi,
 
there is no support for STIX / TAXII in fortigate firewalls.
Only the FortiSandbox supports STIX and TAXII.
 
Best Regards
bommi
#3
SmackIT
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 05:52:32
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 08:40:10 (permalink)
0
Thank you for the answer. 
 
Is STIX/TAXII support by any chance in roadmap in order to pull threat intelligence from other sandboxes? 
#4
bommi
Gold Member
  • Total Posts : 143
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 08:44:34 (permalink)
0
Hi,
 
I don't know.
Fortigate firewalls can pull threat intelligence information from webservers.
You can import lists of IP-Addresses, Domains and Filehashes and use this information in the webfilter, dnsfilter and av-filter.
 
Regards
bommi
#5
SmackIT
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 05:52:32
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 09:00:33 (permalink)
0
Hi Bommi,
 
Can you please point me to the related document / KB for doing this? 
 
Thanks. 
#6
bommi
Gold Member
  • Total Posts : 143
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 09:08:35 (permalink)
0
Hi,
 
this feature is called "Fabric Connector":
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-fabric/Connectors/configuring-connectors.htm
You need the "Fabric Connector for threat feeds" part of this documentation.
 
In FortiOS 6.0 only IP- and Domainlists are supported, in FortiOS 6.2 which is currently Beta you can also import Hashlists.
 
Best Regards
bommi
post edited by bommi - 2019/01/20 09:10:20
#7
SmackIT
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/19 05:52:32
  • Status: offline
Re: Fortigate support for STIX/TAXII 2019/01/20 19:30:59 (permalink)
0
Thanks Bommi. 
#8
Jump to:
© 2019 APG vNext Commercial Version 5.5