Skip to main content

Cyware Threat Intelligence eXchange

FortiRecon

Connector Category: API Feed Source

About FortiRecon

CTIX integrates with FortiRecon to provide easy-to-understand and high-value threat intelligence. This integration allows you to take proactive steps to remediate and take necessary actions to minimize risk.

Use cases

  • Obtain in-depth visibility of domains, hashes, URLs, and more from the received threat intel.

  • Monitor ransomware and identify potential data breaches targetting your organization.

Benefits

  • Minimizes risk by monitoring the digital footprint of the organization for unauthorized changes, credential leaks, brand impersonation on social media, and more.

  • Respond faster to incidents, better understand attackers, and safeguards assets.

Configure FortiRecon as an API Feed Source

FortiRecon is available as an out-of-the-box integration in the CTIX application.

Before you Start

  • You must have the View API Feed, View Feed Source, Create Feed Source, and Update Feed Source permissions.

  • You must have the base URL, API key, and organization ID of your FortiRecon account.

Steps

To configure the FortiRecon app in CTIX, do the following:

  1. Navigate to Administration > Integration Management > FEED SOURCES > APIs.

  2. Click Add API Source.

  3. Search and open the FortiRecon app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, FortiRecon_intel.

  6. Enter the base URL to directly connect to the application's server. For example, https://sitename.com/directoryname/.

  7. Enter the API key to make the necessary API calls between CTIX and FortiRecon servers.

  8. Enter the organization ID of your FortiRecon account to authenticate the account.

  9. Select Verify SSL to verify and secure the connection between the CTIX and FortiRecon servers.

    If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection. It is recommended to select this option..

  10. Click Save.

You can view and configure FortiRecon feed channels to poll feeds. For more information, see API Integrations.

FortiRecon Feed Channels

CTIX provides a channel to poll feeds from FortiRecon. The following table shows the feed channel and the FortiRecon API endpoints used for the feed channel.

Feed Channel

API Endpoint

Fetch Finished Intel Reports

{base_url}/aci/{org_id}/reports

{base_url}/aci/{org_id}/iocs