Fortiguard#
README
Fortiguard#
Fortiguard is a web filtering service commonly used in organizations.
The analyzer comes in a single flavout that will return websense categorization for provided url or domain.
Requirements#
The analyzer returns just their categorization, you can customize which category must be considerd suspiciour or malicious adding them to suspicious_categories or malicious_categories variables.
Fortiguard_URLCategory#
Author: Eric Capuano
License: AGPL-V3
Version: 2.1
Supported observables types:
- domain
- url
- fqdn
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://www.fortiguard.com/webfilter
Description#
Check the Fortiguard category of a URL, FQDN or a domain. Check the full available list at https://fortiguard.com/webfilter/categories
Configuration#
| malicious_categories | List of FortiGuard categories to be considered as malicious |
|---|---|
| Default value if not configured | ['Malicious Websites', 'Phishing', 'Spam URLs'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| suspicious_categories | List of FortiGuard categories to be considered as suspicious |
|---|---|
| Default value if not configured | ['Newly Observed Domain', 'Newly Registered Domain', 'Dynamic DNS', 'Proxy Avoidance', 'Hacking'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
Templates samples for TheHive#
