Hi ,
I have a blocklist that i am generating off a workflow and I’d like to connect it to an external IP address threat feed in fortinet/fortigate FW what is the best way to do this is it by API or in Fortinet their asking for a URL of external resource how can i use my blocklist from rapid 7 ?
Here’s a quick way.
- Store your blocklist in a global artifact.
- Create a workflow with api trigger that reads the entires from the global artifact and outputs it in the format required by the external resource.
- Then in Fortinet, enter the URL for the workflow trigger.
There’s also a Fortinet plugin that can add an IP address to block list. We have implemented it this way in our org. Let me know if you need more info on this. Cheers!
I have looked at the plugin it seems to only work with an IPv6 address but the workflow im using has IPv4 addresses I would love to see any documentation on the configurations needed to finish this workflow.
Thanks
Richard