Working with Dragos IOCs

The following sections describe how to work with Dragos Worldview malware malware domains, IPs, and hashes.

Download Dragos Worldview Malware Domains

  1. Go to RESOURCES > Malware Domains and select the Dragos Worldview Malware Domain folder.
  2. Click More > Update. In the Update Malware dialog box, then select Update via API.
  3. Use your Dragos credentials to complete the URL, API Token, and API Secret fields.
  4. Plugin Class is provided by default.
  5. Select a Data Format. In this release, only Custom is supported.
  6. Select a Data Update process. Selecting Full means FortiSIEM will download all data. If Incremental is selected, FortiSIEM will download from the latest recorded update date.
  7. Click Save.
  8. Schedule the download. See Specifying a Schedule.
  9. Check the folder 5 minutes after the scheduled time. Downloaded results should be displayed.

Download Dragos Worldview Malware IPs

  1. Go to RESOURCES > Malware IPs, select the Dragos Worldview Malware IP folder.
  2. Click More > Update. In the Update Malware dialog box, then select Update via API.
  3. Use your Dragos credentials to complete the URL, API Token, and API Secret fields.
  4. Plugin Class is provided by default.
  5. Select a Data Format. In this release, only Custom is supported.
  6. Select a Data Update process. Selecting Full means FortiSIEM will download all data. If Incremental is selected, FortiSIEM will download from the latest recorded update date.
  7. Click Save.
  8. Schedule the download. See Specifying a Schedule.
  9. Check the folder 5 minutes after the scheduled time. Downloaded results should be displayed.

Download Dragos Worldview Malware Hashes

  1. For Dragos Worldview hash, go to RESOURCES > Malware Hash , select the Dragos Worldview Malware Hash folder.
  2. Click More > Update. In the Update Malware dialog box, then select Update via API.
  3. Use your Dragos credentials to complete the URL, API Token, and API Secret fields.
  4. Plugin Class is provided by default.
  5. Select a Data Format. In this release, only Custom is supported.
  6. Select a Data Update process. Selecting Full means FortiSIEM will download all data. If Incremental is selected, FortiSIEM will download from the latest recorded update date.
  7. Click Save.
  8. Schedule the download. See Specifying a Schedule.
  9. Check the folder 5 minutes after the scheduled time. Downloaded results should be displayed.

Specifying a Schedule

  1. Click the + icon next to Schedule.
  2. Enter values for the following options:
    • Time Range specifies start time (within the day) and the duration of the scheduling window. Select a UTC time and a corresponding location from the drop-down lists.
    • Recurrence Pattern specifies if and how the window will repeat.
      • If you are scheduling for one time only:
        1. Select Once for Recurrence Pattern.
        2. Select the specific date in Start From.
      • If you are scheduling for hourly:
        1. Enter the hourly interval.
        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
      • If you are scheduling for Daily:
        1. Select the interval of days or Every weekday.
        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
      • If you are scheduling for Weekly:
        1. Select the interval of weeks or select particular days of the week.
        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
      • If you are scheduling for Monthly:
        1. Select the days and months from the drop-down lists.
        2. Select the Start From date for Recurrence Range, then either End after the number of occurrences, and End by date, or No end date to continue the recurrence forever.
  3. Click Save to apply the changes.