Fortinet FortiGate

Customers of Fortinet FortiGate who purchase a VulnCheck Initial Access Intelligence license are able to leverage Fortinet's Dynamic Block List (DBL) functionality to block attacker Command & Control (C2) infrastructure detected by VulnCheck.

Working with Dynamic Block Lists in Fortinet FortiGate

Fortinet FortiGate provides an easy to use IP address threat feed feature, which may be used with third-party intelligence providers like VulnCheck.

For more information on these features from Fortinet see: IP address threat feed

Block VulnCheck C2 Detections with Fortinet FortiGate

An IP address threat feed is a dynamic list that contains IPv4 and IPv6 addresses, address ranges, and subnets. Fortinet FortiGate can import this list from an external resource. files).

As an example, to block C2 detections from VulnCheck, simply:

Go to Security Fabric > External Connectors and click Create New.
In the Threat Feeds section, click IP Address.
Set the Name to VulnCheck_Blocklist.
Set the Update method to External Feed.
Set the URL of external resource to https://api.vulncheck.com/v3/tags/vulncheck-c2?token=INSERT_VULNCHECK_TOKEN
Click OK

Cisco ASA

VulnCheck Initial Access Intelligence improves Cisco ASA deployments by providing real-time IP Address data via our Tags API.

Palo Alto Networks NGFW

VulnCheck Initial Access Intelligence improves Palo Alto Networks NGFW deployments by providing real-time IP Address data via our Tags API.