Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
yujames
Staff
Staff

Created on ‎10-04-2019 12:40 PM

Article Id 192016

How to Configure and Use External Lookup for FortiSIEM

Description
This article will provide instructions on how to configure and use external lookup Entries.
The sites related to this article have no affiliation with Fortinet but can be used publicly.

Scope
FortiSIEM 5.2.1+

Solution
Configuring External Lookup:

1 - Go to Admin > Settings > Lookup


2 - Click on New and a Configuration will pop up

3 - Configure a new name
4 - Select IP (Domain Option is not available on the currently)
5 - Paste the External lookup link
Example: https://talosintelligence.com/reputation_center/lookup?search=<ip>
NOTE: <ip> as a tag -- this will denote where the IP value will fill in.
6 - Save the configuration



How to perform an external lookup:
1 - Go to Analytics
2 - Run a query
3 - Find an IP field
4 - Click on the drop down and Select External Lookup


5 - Click on the link with "external"
6 - Remote Site will provide you a result.

971
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.