Skip to content

Fortiguard#

README

Fortiguard#

Fortiguard is a web filtering service commonly used in organizations.

The analyzer comes in a single flavout that will return websense categorization for provided url or domain.

Requirements#

The analyzer returns just their categorization, you can customize which category must be considerd suspiciour or malicious adding them to suspicious_categories or malicious_categories variables.

Fortiguard_URLCategory#

Author: Eric Capuano
License: AGPL-V3
Version: 2.1
Supported observables types:
- domain
- url
- fqdn
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://www.fortiguard.com/webfilter

Description#

Check the Fortiguard category of a URL, FQDN or a domain. Check the full available list at https://fortiguard.com/webfilter/categories

Configuration#

malicious_categories List of FortiGuard categories to be considered as malicious
Default value if not configured ['Malicious Websites', 'Phishing', 'Spam URLs']
Type of the configuration item string
The configuration item can contain multiple values True
Is required True
suspicious_categories List of FortiGuard categories to be considered as suspicious
Default value if not configured ['Newly Observed Domain', 'Newly Registered Domain', 'Dynamic DNS', 'Proxy Avoidance', 'Hacking']
Type of the configuration item string
The configuration item can contain multiple values True
Is required True

Templates samples for TheHive#

Fortiguard: long report


Last update: November 15, 2021 06:39:12