VulnCheck Initial Access Intelligence improves Fortinet FortiGate deployments by providing real-time IP Address data via our Tags API.
Customers of Fortinet FortiGate who purchase a VulnCheck Initial Access Intelligence license are able to leverage Fortinet's Dynamic Block List (DBL) functionality to block attacker Command & Control (C2) infrastructure detected by VulnCheck.
Fortinet FortiGate provides an easy to use IP address threat feed feature, which may be used with third-party intelligence providers like VulnCheck.
For more information on these features from Fortinet see: IP address threat feed
An IP address threat feed is a dynamic list that contains IPv4 and IPv6 addresses, address ranges, and subnets. Fortinet FortiGate can import this list from an external resource. files).
As an example, to block C2 detections from VulnCheck, simply:
- Go to Security Fabric > External Connectors and click Create New.
- In the Threat Feeds section, click IP Address.
- Set the Name to VulnCheck_Blocklist.
- Set the Update method to External Feed.
- Set the URL of external resource to https://api.vulncheck.com/v3/tags/vulncheck-c2?token=INSERT_VULNCHECK_TOKEN
- Click OK